Collaborate Disseminate
State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has ou… Continue reading North Korean hackers are targeting software developers and impersonating IT workers
Google is enhancing Google Play Protect’s real-time scanning to include code-level scanning, to keep Android devices safe from malicious and unwanted apps, especially those downloaded (or sideloaded) from outside of the Google Play app store R… Continue reading Google Play Protect takes on malicious apps with code-level scanning
A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security adv… Continue reading Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)
Cryptojackers are targeting exposed Jupyter Notebooks to install cryptominers and steal credential files for popular cloud services, researchers have uncovered. What are Jupyter Notebooks? “Jupyter is a service that allows you to host individual … Continue reading Jupyter Notebooks targeted by cryptojackers
Video game publisher/digital distribution company Valve is forcing developers who publish games on its Steam platform to “validate” new builds with a confirmation code received via SMS. The Steam SMS confirmation requirement Valve sent out … Continue reading Valve introduces SMS-based confirmation to prevent malicious games on Steam
A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned. “Versions of DarkGate have been advertised on Russian language forum eCrime since May 2023. Since the… Continue reading Compromised Skype accounts deliver DarkGate malware to employees
The “contain user” feature select Microsoft Defender for Endpoint customers have been trying out since November 2022 is now available to a wider pool of organizations, Microsoft has announced. The feature aims to help organizations disrupt … Continue reading Microsoft Defender can automatically contain compromised user accounts
Permission Slip, an iPhone and Android app developed by Consumer Reports, helps users ask companies and data brokers to stop sharing their personal data and/or delete it. The Permission Slip app (Source: Consumer Reports) US consumer data privacy laws … Continue reading Sic Permission Slip on data brokers that use your data
A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a c… Continue reading Critical Atlassian Confluence vulnerability exploited by state-backed threat actor
In the wake of Google’s announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication methods. “These Domain Name Service (DNS) email authentication records… Continue reading Microsoft 365 email senders urged to implement SPF, DKIM and DMARC