Social Engineering

A cyberattack on crypto wallet Atomic Wallet has resulted in at least $35 million worth of crypto assets being stolen since June 2, according to ZachXBT, an independent  on-chain investigator known for tracing stolen crypto funds and assisting with hacked projects. The five most significant losses account for $17 million.  “Think it could surpass $50m. Keep finding more and more victims sadly,” said  ZachXBT, in a tweet. The biggest victim of the Atomic Wallet was…

Read More

AI-based cyber risk management SaaS vendor SAFE Security has announced the release Cyber Risk Cloud of Cloud – a new offering it claims uses generative AI to help businesses predict and prevent cyber breaches. It does so by answering questions about a customer’s cybersecurity posture and generating likelihoods for different risk scenarios. These include the likelihood of a business suffering a ransomware attack in the next 12 months and the dollar impact of an attack,…

Read More

IT security teams lack confidence in their executives’ ability to prevent attacks on their personal hardware, systems, and network. This is according to a study sponsored by BlackCloak, a provider of digital privacy protection for high-profile executives, Ponemon Institute surveyed 553 US IT and IT security practitioners. Asked to rate from 1 to 10 how confident they were in CEOs and executives’ abilities to know how to recognize a phishing email, only 28% of respondents…

Read More

The Russian federal security agency, the FSB, has put out a security alert claiming that US intelligence services are behind an attack campaign that exploits vulnerabilities in iOS and compromised thousands of iPhones devices in Russia, including those of foreign diplomats. In a separate report, Russian antivirus vendor Kaspersky Lab said that several dozen of its senior employees and upper management were targeted as part of the operation, although unlike the FSB, the company did…

Read More

Attackers who are targeting open-source package repositories like PyPI (Python Package Index) have devised a new technique for hiding their malicious code from security scanners, manual reviews, and other forms of security analysis. In one incident, researchers have found malware code hidden inside a Python bytecode (PYC) file that can be directly executed as opposed to source code files that get interpreted by the Python runtime. “It may be the first supply chain attack to…

Read More

Progress has discovered a vulnerability in file transfer software MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment, the company said in a security advisory.  “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database,” the company said in the post, adding that depending on the database engine being used (MySQL, Microsoft…

Read More

Progress Software has discovered a vulnerability in its file transfer software MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment, the company said in a security advisory.  “A SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer’s database,” the company said in the post, adding that depending on the database engine being used…

Read More

Global professional association ISACA has announced a pledge to the European Commission to grow and empower the cybersecurity workforce in Europe. The pledge will see ISACA provide 20,000 free memberships to students across Europe to acquire crucial cybersecurity skills and support the identification of qualified cybersecurity candidates for organizations, supporting the European Union’s (EU) cybersecurity agenda, it said. Closing the cybersecurity workforce gap and promoting diversity within the field will be key focus areas, helping…

Read More

BigID is adding a feature that lets end users of its data intelligence platform manually adjust classification models, in an effort to make those more precise without the need for advanced coding knowledge. The company announced today that the new feature, called classifier tuning, would allow users to adjust machine learning models in real time, leading to improved accuracy in the classification of machine-discovered data. BigID said that the idea is to help businesses, which…

Read More

Announced in June 2022, the Cybercrime Atlas is an initiative from the World Economic Forum (WEF) to map activities of cybercriminals and create a database that can be used by law enforcement across the world to disrupt the cyber-criminal ecosystem. Cybercrime Atlas officially launched in February 2023 in a partnership between WEF and Banco Santander, Fortinet, Microsoft, and PayPal. Cybercrime Atlas was conceptualized by WEF’s Partnership against Cybercrime, which includes more than 40 public and…

Read More