NIST Hands Off Post-Quantum Cryptography Work to Cyber Teams

/in

The release of new NIST quantum-proof cryptography standards signals it’s time for cybersecurity teams to get serious about preparing for the rise of quantum threats.

darkreading – ​Read More

Patch Now: Second SolarWinds Critical Bug in Web Help Desk

/in

The disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds’ less-often-discussed IT help desk software.

darkreading – ​Read More

Constantly Evolving MoonPeak RAT Linked to North Korean Spying

/in

The malware is a customized variant of the powerful open source XenoRAT information stealing malware often deployed by Kimsuky and other DPRK APTs.

darkreading – ​Read More

Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC)

/in

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.

Security | TechRepublic – ​Read More

CrowdStrike 2024 report exposes North Korea’s covert workforce in U.S. tech firms

/in

In April 2024, CrowdStrike Services responded to the first of several incidents in which North Korea’s FAMOUS CHOLLIMA malicious insiders targeted U.S. firmsRead More

Security News | VentureBeat – ​Read More

NGate Android Malware Relays NFC Traffic to Steal Credit Card Data

/in

This malware allows attackers to emulate victims’ cards, enabling them to make unauthorized payments or withdraw cash from ATMs. The campaign has been active since November 2023.

Cyware News – Latest Cyber News – ​Read More

New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads

/in

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders.

“This memory-only dropper decrypts and executes a PowerShell-based downloader,” Google-owned Mandiant said. “This PowerShell-based downloader is being tracked as PEAKLIGHT.”

Some of

The Hacker News – ​Read More

Critical Vulnerabilities Uncovered in Progress WhatsUp Gold

/in

These vulnerabilities pose risks to organizations using outdated versions, allowing unauthorized access to sensitive data and privilege escalation through SQL Injection techniques.

Cyware News – Latest Cyber News – ​Read More

Qilin Ransomware Caught Stealing Credentials Stored in Google Chrome

/in

A recent Qilin ransomware attack targeted several endpoints, stealing VPN credentials and Chrome browser data. This attack, detected in July 2024, involved network access through compromised VPN credentials without multi-factor authentication.

Cyware News – Latest Cyber News – ​Read More