The KeyPlug backdoor has been developed to target both Windows and Linux operative systems and use different protocols to communicate which depend on the configuration of the malware sample itself.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-24 11:09:492024-05-24 11:09:49APT41 Deploys KeyPlug Backdoor Against Italian Industries
Bolster, an AI startup, has raised $14 million in funding led by Microsoft’s M12 to combat malicious phishing emails. Their flagship product, CheckPhish, offers brand and URL verification services to businesses.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-24 11:09:492024-05-24 11:09:49Bolster Raises $14M Led by Microsoft’s M12
Introduction
The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground while maintaining control over cloud security in the accelerating world of DevOps.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-24 11:09:492024-05-24 11:09:49DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?
The cybersecurity business is booming, and cyberattacks are fueling its growth. Global spending on security and risk management is on pace to reach $215 billion this year, up 30% from almost $165 billion in 2022, according to Gartner.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-24 11:09:492024-05-24 11:09:49Cyberattacks are Good for Security Vendors, and Business is Booming
Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild.
Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-24 11:09:492024-05-24 11:09:49Google Detects 4th Chrome Zero-Day in May Actively Under Attack – Update ASAP
Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that’s associated with a known backdoor called RustDoor.
The software supply chain attack, tracked as CVE-2024-4978, impacts JAVS Viewer v8.3.7, a component of the JAVS Suite 8 that allows users to create, manage, publish,
Georgia resident Malachi Mullings received a decade-long sentence for laundering money scored in scams against healthcare providers, private companies, and individuals to the tune of $4.5 million.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-24 10:11:332024-05-24 10:11:33US Man Gets 10 Years for Laundering Cash From Online Fraud
Cybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad.
“The origin of BLOODALCHEMY and Deed RAT is ShadowPad and given the history of ShadowPad being utilized in numerous APT
Exploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-05-24 09:06:302024-05-24 09:06:30Google Patches Fourth Chrome Zero-Day in Two Weeks
A politically motivated hacking group aligned with Pakistani interests is matching the Indian military’s shift away from the Windows operating system with a heavy focus on malware encoded for Linux.
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
APT41 Deploys KeyPlug Backdoor Against Italian Industries
/in General NewsThe KeyPlug backdoor has been developed to target both Windows and Linux operative systems and use different protocols to communicate which depend on the configuration of the malware sample itself.
Cyware News – Latest Cyber News – Read More
Bolster Raises $14M Led by Microsoft’s M12
/in General NewsBolster, an AI startup, has raised $14 million in funding led by Microsoft’s M12 to combat malicious phishing emails. Their flagship product, CheckPhish, offers brand and URL verification services to businesses.
Cyware News – Latest Cyber News – Read More
DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?
/in General NewsIntroduction
The infamous Colonial pipeline ransomware attack (2021) and SolarWinds supply chain attack (2020) were more than data leaks; they were seismic shifts in cybersecurity. These attacks exposed a critical challenge for Chief Information Security Officers (CISOs): holding their ground while maintaining control over cloud security in the accelerating world of DevOps.
The Hacker News – Read More
Cyberattacks are Good for Security Vendors, and Business is Booming
/in General NewsThe cybersecurity business is booming, and cyberattacks are fueling its growth. Global spending on security and risk management is on pace to reach $215 billion this year, up 30% from almost $165 billion in 2022, according to Gartner.
Cyware News – Latest Cyber News – Read More
Google Detects 4th Chrome Zero-Day in May Actively Under Attack – Update ASAP
/in General NewsGoogle on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild.
Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of
The Hacker News – Read More
Courtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack
/in General NewsMalicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that’s associated with a known backdoor called RustDoor.
The software supply chain attack, tracked as CVE-2024-4978, impacts JAVS Viewer v8.3.7, a component of the JAVS Suite 8 that allows users to create, manage, publish,
The Hacker News – Read More
US Man Gets 10 Years for Laundering Cash From Online Fraud
/in General NewsGeorgia resident Malachi Mullings received a decade-long sentence for laundering money scored in scams against healthcare providers, private companies, and individuals to the tune of $4.5 million.
Cyware News – Latest Cyber News – Read More
Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies
/in General NewsCybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad.
“The origin of BLOODALCHEMY and Deed RAT is ShadowPad and given the history of ShadowPad being utilized in numerous APT
The Hacker News – Read More
Google Patches Fourth Chrome Zero-Day in Two Weeks
/in General NewsExploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine.
The post Google Patches Fourth Chrome Zero-Day in Two Weeks appeared first on SecurityWeek.
SecurityWeek – Read More
Pakistani-Aligned APT36 Targets Indian Defense Organizations
/in General NewsA politically motivated hacking group aligned with Pakistani interests is matching the Indian military’s shift away from the Windows operating system with a heavy focus on malware encoded for Linux.
Cyware News – Latest Cyber News – Read More