Update: Phishing Campaign Impersonating UAE Ministry of Human Resources Grows

CloudSEK discovered an additional cluster of phishing domains registered using similar naming schemes to those reported in July to target contractors in the UAE with vendor registration, contract bidding, and other types of lures.

Cybercriminals are cashing in on FIFA World Cup-themed cyberattacks

The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this, in turn attracts a variety of cybercriminals, who want to exploit the huge fan following and the organizations participating, to make a quick buck.

Link to Google Translate in phishing email

The senders of the email allege that the attachment is some kind of payment document available exclusively to the recipient, which must be studied for a “contract meeting presentation and subsequent payments.”

Update: Twitter Data Breach Bigger Than Initially Reported

It appears that one threat actor exploited a vulnerability to obtain information on 5.4 million Twitter accounts, but others obtained even more records. Researcher Chad Loder said that there appear to be tens of millions of impacted accounts.

Acer fixes UEFI bugs that can be used to disable Secure Boot

Reported by ESET malware researcher Martin Smolar, the security vulnerability (CVE-2022-4020) was discovered in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices.

Bahamut Group Creates Fake VPN Apps For Highly Targeted Attacks

Bahamut Group Creates Fake VPN Apps For Highly Targeted Attacks - Cybersecurity news
Fake VPN apps are being used to distribute Bahamut spyware in a campaign that is active since January. The campaign is conducted by a group of the same name and the main purpose is to extract sensitive user data from devices. So far, eight versions of these malicious apps have been discovered to be ... Read More

Small open source projects pose significant security risks

Open source security initiatives might prevent large-scale vulnerabilities such as Log4j, but smaller projects pose risks without more maintainer support, industry experts say.

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation.

Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

According to Cyble’s research published on November 24, multiple Fortinet products are affected by an alternate path flaw tracked as CVE-2022-40684, including FortiOS, FortiProxy, and FortiSwitchManager.

SharkBot Trojan Returns to Infect Thousands of Users

SharkBot Trojan Returns to Infect Thousands of Users - Cybersecurity news
SharkBot returned in a new attack targeting Android users. The trojan disguised itself as a fake antivirus app on Google Play Store to steal banking information from users. Most of the affected devices belonged to users in Italy and the U.K. Despite the repeated actions taken by Google to remo ... Read More

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags