CloudSEK discovered an additional cluster of phishing domains registered using similar naming schemes to those reported in July to target contractors in the UAE with vendor registration, contract bidding, and other types of lures.

The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this, in turn attracts a variety of cybercriminals, who want to exploit the huge fan following and the organizations participating, to make a quick buck.

The senders of the email allege that the attachment is some kind of payment document available exclusively to the recipient, which must be studied for a “contract meeting presentation and subsequent payments.”

It appears that one threat actor exploited a vulnerability to obtain information on 5.4 million Twitter accounts, but others obtained even more records. Researcher Chad Loder said that there appear to be tens of millions of impacted accounts.

Reported by ESET malware researcher Martin Smolar, the security vulnerability (CVE-2022-4020) was discovered in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices.

Fake VPN apps are being used to distribute Bahamut spyware in a campaign that is active since January. The campaign is conducted by a group of the same name and the main purpose is to extract sensitive user data from devices. So far, eight versions of these malicious apps have been discovered to be ... Read More

Open source security initiatives might prevent large-scale vulnerabilities such as Log4j, but smaller projects pose risks without more maintainer support, industry experts say.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation.

According to Cyble’s research published on November 24, multiple Fortinet products are affected by an alternate path flaw tracked as CVE-2022-40684, including FortiOS, FortiProxy, and FortiSwitchManager.

SharkBot returned in a new attack targeting Android users. The trojan disguised itself as a fake antivirus app on Google Play Store to steal banking information from users. Most of the affected devices belonged to users in Italy and the U.K. Despite the repeated actions taken by Google to remo ... Read More