CyberSecure Specialist

01 Sep

Elon Musk Says X, Formerly Twitter, Will Have Voice and Video Calls, Updates Privacy Policy

Elon Musk said Thursday that his social network X, formerly known as Twitter, will give users the ability to make voice and video calls on the platform. Musk, who has a history of making proclamations about coming features and policies that have not always come to fruition, did not say when the features would be available to users. The company also updated its privacy policies that will allow for the collection of biometric data and…

31 Aug

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

Information

ESET researchers have discovered active campaigns linked to the China-aligned APT group known as GREF, distributing espionage code that has previously targeted Uyghurs

31 Aug

ESET Research Podcast: Unmasking MoustachedBouncer

Information

Listen as ESET’s Director of Threat Research Jean-Ian Boutin unravels the tactics, techniques and procedures of MoustachedBouncer, an APT group taking aim at foreign embassies in Belarus

31 Aug

Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities

Information, News

The US Department of Energy on Wednesday announced a competition that can help smaller electric utilities obtain funding and technical assistance for improving their cybersecurity posture. The competition, named the Advanced Cybersecurity Technology (ACT) 1 Prize Competition, is part of the Biden administration’s Rural and Municipal Utility Cybersecurity (RMUC) Program, which has set aside $250 million over a five-year period for enhancing cybersecurity at cooperative, municipal and small investor-owned electric utilities. For the ACT 1…

31 Aug

CISA Warns of Hurricane-Related Scams

Attacks, Insights, Malware

CISA urges users to remain on alert for malicious cyber activity following natural disasters, such as hurricanes, as attackers target disaster victims and concerned citizens by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing, in which threat actors pose as trustworthy persons/organizations—such as disaster-relief charities—to solicit personal information via email or malicious websites. CISA recommends exercising caution in handling emails with disaster-related subject lines, attachments, or hyperlinks. In addition, be…

31 Aug

CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware

Attacks, Insights, Malware

Today, the United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), the Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD) published a joint Malware Analysis Report (MAR), on Infamous Chisel, a new mobile malware targeting Android devices that has capabilities to enable unauthorized access to compromised devices,…

30 Aug

‘Earth Estries’ Cyberespionage Group Targets Government, Tech Sectors

Information, News

A cyberespionage group possibly linked to China has targeted government-related organizations and technology companies in various parts of the world. Trend Micro, which tracks it as Earth Estries, says the group has been around since at least 2020. While the cybersecurity firm has not directly attributed Earth Estries to any particular country, it did point out that there are some overlaps in tactics, techniques and procedures (TTPs) with an APT named FamousSparrow. FamousSparrow, which in…

30 Aug

VMware Releases Security Updates for Aria Operations for Networks

Attacks, Insights, Malware

VMware has released security updates to address multiple vulnerabilities in Aria Operations for Networks. A cyber threat actor can exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0018 and apply the necessary updates.

30 Aug

CISA and FBI Publish Joint Advisory on QakBot Infrastructure

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally. Originally used as a banking trojan to steal banking credentials for account compromise, QakBot—in most cases—was delivered via phishing campaigns containing…

29 Aug

Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?

Information

The campaign started with a trojanized version of unsupported financial software

Elon Musk Says X, Formerly Twitter, Will Have Voice and Video Calls, Updates Privacy Policy

BadBazaar espionage tool targets Android users via trojanized Signal and Telegram apps

ESET Research Podcast: Unmasking MoustachedBouncer

Energy Department Offering $9M in Cybersecurity Competition for Small Electric Utilities

CISA Warns of Hurricane-Related Scams

CISA and International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware

‘Earth Estries’ Cyberespionage Group Targets Government, Tech Sectors

VMware Releases Security Updates for Aria Operations for Networks

CISA and FBI Publish Joint Advisory on QakBot Infrastructure

Recovering from a supply-chain attack: What are the lessons to learn from the 3CX hack?

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources