New RustyAttr Malware Targets macOS Through Extended Attribute Abuse https://firewall.firm.in/wp-content/uploads/2024/11/gib.png Nov 14, 2024Ravie LakshmananCryptojacking / Threat Intelligence Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group, citing ...

TikTok Pixel Privacy Nightmare: A New Case Study https://firewall.firm.in/wp-content/uploads/2024/11/tiktok.png Nov 14, 2024The Hacker NewsData Privacy / Compliance Advertising on TikTok is the obvious choice for any company trying to reach a young market, and especially so if it happens to be a travel company, with 44% of American Gen Zs saying they use the platform to plan their vacations. But ...

5 BCDR Oversights That Leave You Exposed to Ransomware https://firewall.firm.in/wp-content/uploads/2024/11/main.png Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. ...

Experts Uncover 70,000 Hijacked Domains in Widespread ‘Sitting Ducks’ Attack Scheme https://firewall.firm.in/wp-content/uploads/2024/11/domain.png Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past ...

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes https://firewall.firm.in/wp-content/uploads/2024/11/scams.png Nov 14, 2024Ravie LakshmananArtificial Intelligence / Cryptocurrency Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. “Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam ...

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails https://firewall.firm.in/wp-content/uploads/2024/11/attack.png Nov 14, 2024Ravie LakshmananMalware / Vulnerability A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM ...

Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims https://firewall.firm.in/wp-content/uploads/2024/11/ransomware.png Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker’s inner workings, allowing the researchers to discover a “specific window of opportunity for data recovery immediately after the removal of protectors ...

Hamas-Affiliated WIRTE Employs SameCoin Wiper in Disruptive Attacks Against Israel https://firewall.firm.in/wp-content/uploads/2024/11/cyberattacks.png Nov 13, 2024Ravie LakshmananThreat Intelligence / Cyber Espionage A threat actor affiliated with Hamas has expanded its malicious cyber operations beyond espionage to carry out disruptive attacks that exclusively target Israeli entities. The activity, linked to a group called WIRTE, has also targeted the Palestinian Authority, Jordan, Iraq, Saudi ...

Comprehensive Guide to Building a Strong Browser Security Program https://firewall.firm.in/wp-content/uploads/2024/11/browser.png Nov 13, 2024The Hacker NewsBrowser Security / SaaS Security The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, ...

Amazon confirms employee data hacked in the biggest cyberattack of 2023 – ET CISO https://etimg.etb2bimg.com/thumb/msid-115209365,imgsize-39952,width-1200,height=765,overlay-etciso/data-breaches/amazon-confirms-employee-data-hacked-in-the-biggest-cyberattack-of-2023.jpg Amazon has acknowledged a hacking incident involving a third-party vendor that compromised employee data. The breach exposed work email addresses, phone numbers, and building locations of affected employees. While Amazon’s core systems remain secure, the company emphasized that the incident occurred at a vendor responsible ...