Microsoft is warning of several phishing campaigns that are leveraging tax-related themes to deploy malware and steal credentials. “These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection,” Microsoft said in a report shared […]
Category Archives: Uncategorized
The malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones. Go to Source Author: Kristina Beek, Associate Editor, Dark Reading
Co-founders Michael Sutton and David Endler raised $32 million to invest in early stage cybersecurity startups as well as to provide mentoring support. Go to Source Author: Fahmida Y. Rashid
Polices that forbid employees from divulging company details are worthless if the same information can be obtained from sources employees have no control over. Go to Source Author: Steve Stasiukonis
The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview […]
The rules have changed. Again. Artificial intelligence is bringing powerful new tools to businesses. But it’s also giving cybercriminals smarter ways to attack. They’re moving quicker, targeting more precisely, and slipping past old defenses without being noticed. And here’s the harsh truth: If your security strategy hasn’t evolved with AI in mind, you’re already behind. […]
AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this all-too-familiar scenario: A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of […]
Google addresses patch bypasses for CVE-2024-38272 and CVE-2024-38271, part of the previously announced “QuickShell” silent RCE attack chain against Windows users. Go to Source Author: Tara Seals, Managing Editor, News, Dark Reading
Cybersecurity researchers have disclosed details of a new vulnerability impacting Google’s Quick Share data transfer utility for Windows that could be exploited to achieve a denial-of-service (DoS) or send arbitrary files to a target’s device without their approval. The flaw, tracked as CVE-2024-10668 (CVSS score: 5.9), is a bypass for two of the 10 shortcomings […]
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada. “More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia,” Kaspersky said in a report. The infections were recorded […]