The U.S. Federal Communications Commission (FCC) is taking decisive action to counteract the rising threat of SIM-swapping attacks and port-out fraud within cell phone account scams. These fraudulent activities expose consumers to risks such as unauthorized access to personal data and the compromise of sensitive information.

The new rules, initially proposed in July 2023, mandate wireless...

A faction within the well-known Lazarus Group, identified as Sapphire Sleet (also known as APT38, BlueNoroff, CageyChameleon, and CryptoCore), has recently established deceptive infrastructure mimicking skills assessment portals. Microsoft, which detected this activity, notes it as a notable shift in the persistent actor's tactics. 

Sapphire Sleet has a history of orchestrating...

Google has issued a warning regarding a potential threat wherein multiple actors are sharing a public proof-of-concept (PoC) exploit, known as the Google Calendar RAT (GCR). This tool utilizes Google Calendar Events within a Gmail account for command-and-control (C2) purposes. While it was first made public on GitHub in June 2023, it has not been observed in real-world usage as of yet. Nevertheless, Google's Mandiant threat intelligence unit has...

Google is expanding its Vulnerability Rewards Program (VRP) to reward researchers who uncover potential threats specific to generative artificial intelligence (AI) systems. This initiative aims to enhance AI safety and security by addressing concerns like unfair bias, model manipulation, and data misinterpretations associated with generative AI. The program covers various categories, including prompt injections, data leakage from training datasets,...

New information has surfaced regarding a malicious advertising campaign that exploits Google Ads to direct users searching for popular software to fake landing pages and distribute subsequent-stage malware.

Malwarebytes, the organization that uncovered this activity, noted its uniqueness in user fingerprinting and the distribution of time-sensitive payloads. This attack targets individuals...

The Android banking trojan, SpyNote, has been thoroughly examined to uncover its multifaceted data-gathering capabilities. Typically distributed through SMS phishing campaigns, this spyware tricks potential victims into installing it by luring them to click on embedded links. Once installed, SpyNote seeks invasive permissions to access call logs, the camera, SMS messages, and external storage. It excels at concealing its presence on the Android...

Google has made a significant stride in user security by implementing default passkeys for all its users. This move comes five months after the company initially rolled out support for the passwordless standard for Google Accounts, as advocated by the FIDO Alliance, across all platforms.

What this means is that the next time users log into their Google accounts, they will encounter prompts to...

There have been reports of dual ransomware attacks on US companies since July 2023. These attacks involve the use of two different ransomware strains, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal, in various combinations. It is unclear how widespread these attacks are, but they are believed to occur within a short timeframe, ranging from 48 hours to 10 days apart. It's important to be vigilant and take necessary...

Apple has taken swift action by releasing security patches to counter three zero-day vulnerabilities that were actively exploited across iOS, iPadOS, macOS, watchOS, and Safari. These patches bring the tally of zero-day vulnerabilities discovered in Apple's software this year to a staggering 16. 

The vulnerabilities include issues with certificate validation, a kernel security flaw, and a...

Microsoft has issued a warning about a new phishing campaign called Storm-0324 (also known as TA543 and Sagrid) orchestrated by an initial access broker. This campaign diverges from traditional email-based methods by using Microsoft Teams messages as bait to infiltrate corporate networks.

Storm-0324 operates as a payload distributor in the cybercriminal realm, facilitating the spread of various...