Cybersecurity researchers have recently brought to light a newly discovered threat to Apple macOS, identified as SpectralBlur. This backdoor shares a connection with a known malware family attributed to North Korean threat actors. SpectralBlur, described as a moderately capable backdoor, exhibits functionalities such as file uploads and downloads, shell execution, configuration updates, file deletion, hibernation, and sleep, all of which are...

Google has agreed to settle a class-action lawsuit, filed in June 2020, accusing the company of deceiving users who believed their internet activity remained private while using the "incognito" or "private" mode on web browsers. The lawsuit sought a minimum of $5 billion in damages, and the settlement terms have not been disclosed.

The plaintiffs claimed that Google violated federal wiretap...

On December 13, 2023, MongoDB detected unauthorized access to certain corporate systems, leading to the exposure of customer account metadata and contact information. The company initiated an immediate investigation and activated incident response efforts. The unauthorized access had been ongoing for some time before discovery, but MongoDB stated it was not aware of any exposure to data stored in MongoDB Atlas.

December 20, 2023 08:00 (on 12/20/23) |  0 | 2 minutes read

A critical Bluetooth security vulnerability, identified and tracked as CVE-2023-45866, has emerged as a significant threat, potentially giving malicious actors the ability to exploit an authentication bypass and take control of a broad spectrum of devices, including Android, Linux, macOS, and iOS systems. Discovered by security researcher Marc Newlin in August 2023, this flaw exposes a concerning case of authentication bypass that allows attackers...

Authorities apprehended four members of a fraudulent syndicate engaging in "Frankenstein" fraud, synthetic identity fraud. The suspects utilized valid IDs with authentic photos but filled with false information, deceiving banks into granting loans. The arrest occurred during an entrapment operation conducted by the NBI-Anti-Organized and Transnational Crime Division. The seized IDs displayed varying details such as names, birthdates, and addresses, shedding light on the elaborate nature of...

In recent revelations, a cybersecurity analysis has brought to light the nefarious activities of a Telegram bot known as Telekopye, utilized by threat actors, codenamed Neanderthals, to orchestrate large-scale phishing scams. ESET security researcher Radek Jizba delves into the functionality of Telekopye, explaining its capability to craft phishing websites, emails, SMS messages, and more. What adds an additional layer of sophistication to this...

The U.S. Federal Communications Commission (FCC) is taking decisive action to counteract the rising threat of SIM-swapping attacks and port-out fraud within cell phone account scams. These fraudulent activities expose consumers to risks such as unauthorized access to personal data and the compromise of sensitive information.

The new rules, initially proposed in July 2023, mandate wireless...

A faction within the well-known Lazarus Group, identified as Sapphire Sleet (also known as APT38, BlueNoroff, CageyChameleon, and CryptoCore), has recently established deceptive infrastructure mimicking skills assessment portals. Microsoft, which detected this activity, notes it as a notable shift in the persistent actor's tactics. 

Sapphire Sleet has a history of orchestrating...

Google has issued a warning regarding a potential threat wherein multiple actors are sharing a public proof-of-concept (PoC) exploit, known as the Google Calendar RAT (GCR). This tool utilizes Google Calendar Events within a Gmail account for command-and-control (C2) purposes. While it was first made public on GitHub in June 2023, it has not been observed in real-world usage as of yet. Nevertheless, Google's Mandiant threat intelligence unit has...

Google is expanding its Vulnerability Rewards Program (VRP) to reward researchers who uncover potential threats specific to generative artificial intelligence (AI) systems. This initiative aims to enhance AI safety and security by addressing concerns like unfair bias, model manipulation, and data misinterpretations associated with generative AI. The program covers various categories, including prompt injections, data leakage from training datasets,...