Google: Russia's ColdRiver APT Unleashes Custom 'Spica' Malware
Just in time for the US election season, one of the Kremlin's favorite hack-and-leak spy groups — Star Blizzard — has developed its very first custom backdoor.
https://www.darkreading.com/ics-ot-security/russia-coldriver-apt-unleashes-custom-spica-malware
Citrix Discovers 2 Vulnerabilities, Both Exploited in the Wild
These vulnerabilities are the second and third for Citrix but are not expected to be as detrimental as "CitrixBleed."
Threat Actors Team Up for Post-Holiday Phishing Email Surge
Just like you and me, cyberattackers returned from winter break and immediately started sending thousands of emails.
https://www.darkreading.com/threat-intelligence/threat-actors-post-holiday-phishing-email-surge
Cybercrooks Target Docker Containers With Novel Pageview Generator
Cyberattackers are exploiting Docker instances to drop the bot-tastic 9hits Web traffic generator and "earn" valuable credits that can be turned into cash.
https://www.darkreading.com/cloud-security/cybercrooks-target-docker-containers-pageview-generator-
Weaponized AWS SES Accounts Anchor Massive Stealth Attack
In today's cloud, it seems, every convenience for customers is equally convenient to those who'd abuse these services for malicious purposes.
Bangladeshi Elections Come into DDoS Crosshairs
A government app experiencing slowdowns on election day could be just the tip of the vote-meddling iceberg for the Asian country. But who's behind it?
https://www.darkreading.com/ics-ot-security/bangladeshi-elections-ddos-crosshairs
With Attacks on the Upswing, Cyber-Insurance Premiums Poised to Rise Too
Insurers doubled premiums in late 2021 to offset losses from ransomware claims. With attacks rising again, organizations can anticipate a new round of increases.
https://www.darkreading.com/cyber-risk/cyberattacks-rise-likely-ending-insurance-rate-declines
Stealthy New macOS Backdoor Hides on Chinese Websites
Modified malware from the Khepri open source project that shares similarities with the ZuRu data stealer harvests data and drops additional payloads.
Building AI That Respects Our Privacy
Until laws can move at the speed of innovation, we'll see a discrepancy between the protections offered and the risks associated with technology.
https://www.darkreading.com/cyber-risk/building-ai-that-respects-our-privacy
'Chaes' Infostealer Code Contains Hidden Threat Hunter Love Notes
Analysis of the infostealer malware version 4.1 includes hidden ASCII art and a shout-out thanking cybersecurity researchers.
https://www.darkreading.com/threat-intelligence/chaes-infostealer-code-threat-hunter-love-notes
InfoSec 101: Why Data Loss Prevention is Important to Enterprise Defense
Data is the most valuable asset for any organization, and protecting it is crucial to maintaining business continuity.
Lock Down the Software Supply Chain With 'Secure by Design'
As zero days and complex networks create gaps for cyberattacks, software developers and agencies such as CISA look to secure by design for building in defenses.
ESET Launches New Managed Detection and Response (MDR) Service for Small and Midsize Businesses
Salt Security Delivers API Posture Governance Engine
Mimecast Announces New CEO
https://www.darkreading.com/cloud-security/mimecast-announces-new-ceo
Intel 471 Appoints Technology Veteran, Sonja Tsiridis, Chief Technology Officer
$80M in Crypto Disappears into Drainer-as-a-Service Malware Hell
"Infernal Drainer" campaign represents a dangerous evolution in crypto-drainers, credibly spoofing Coinbase and maintaining a vast infrastructure-for-rent biz.
https://www.darkreading.com/cloud-security/80m-crypto-disappears-drainer-malware-hell
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection
The first Chrome zero-day bug of 2024 adds to a growing list of actively exploited vulnerabilities found in Chromium and other browser technologies.
https://www.darkreading.com/cloud-security/google-chrome-zero-day-bug-attack-code-injection
'Punchmade Dev' Cybercrime Rapper Launches Cash-Scamming Web Shop
For a small sum, users can reportedly buy Cash App credentials already loaded with thousands of dollars.
Experts Ponder Effectiveness of Official Warnings of Cyber Scams
Dubai Police and Ghana's Cyber Security Authority issue public warnings, but they're battling human nature and users' inattention.