Shop.what.You.Search

Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis. "Iran's Islamic Revolutionary Guard Corps ( IRGC ) was operating a state-sponsored ransomware campaign through an Iranian contracting company called 'Emen Net Pasargard' (ENP)," cybersecurity firm Flashpoint  said  in its findings summarizing three documents leaked by an anonymous entity named Read My Lips or Lab Dookhtegan between March 19 and April 1 via its Telegram channel. Dubbed "Project Signal," the initiative is said to have kickstarted sometime between late July 2020 and early September 2020, with ENP's internal research organization, named the "Studies Center," putting together a list of unspecified target websites. A second spreadsheet validated by Flashpoint explicitly spelled out the project's financial motivations, with plans to launch the ransomware operations in lat

  Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research. Attributing the attacks to a threat actor dubbed " Naikon APT ," cybersecurity firm Bitdefender laid out the ever-changing tactics, techniques, and procedures adopted by the group, including weaving new backdoors named "Nebulae" and "RainyDay" into their data-stealing missions. The malicious activity is said to have been conducted between June 2019 and March 2021. "In the beginning of the operation the threat actors used Aria-Body loader and Nebulae as the first stage of the attack," the researchers  said . "Starting with September 2020, the threat actors included the RainyDay backdoor in their toolkit. The purpose of this operation was cyberespionage and data theft." Naikon  (aka Override Panda, Lotus Panda, or Hellsing) has a track re

  Click Studios, the Australian software firm which confirmed a  supply chain attack  affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company  said  in an updated advisory released on Wednesday. "These emails are not sent by Click Studios." Last week, Click Studios said attackers had employed sophisticated techniques to compromise Passwordstate's update mechanism, using it to drop malware on user computers. Only customers who performed In-Place Upgrades between April 20, 8:33 PM UTC, and April 22, 0:30 AM UTC are said to be affected. While Passwordstate serves about 29,000 customers, the Adelaide-based firm maintained that the total number of impacted customers is very low. It's also urging users to refrain from

Cybersecurity nightmares like the SolarWinds hack highlight how malicious hackers continue to exploit vulnerabilities in software and apps to do their dirty work. Today a startup that’s built a platform to help organizations protect themselves from this by running threat detection and response at the network level is announcing a big round of funding to continue its growth. Vectra AI , which provides a cloud-based service that uses artificial intelligence technology to monitor both on-premise and cloud-based networks for intrusions, has closed a round of $130 million at a post-money valuation of $1.2 billion. The challenge that Vectra is looking to address is that applications — and the people who use them — will continue to be weak links in a company’s security set-up, not least because malicious hackers are continually finding new ways to piece together small movements within them to build, lay and finally use their traps. While there will continue to be an interesting, and mostly

  Two phishing attacks elude Exchange security protections and spoof real-life account scenarios in an attempt to fool victims. Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims — by spoofing real-life customer scenarios. Researchers from Armorblox recently discovered the attacks, one of which claims to contain a credit card statement, while the other informs users that their online account access has been restricted due to unusual login activity, according to  a post  on the Armorblox blog posted Tuesday. The first set of emails went out to 9,000 inboxes in an Armorblox customer’s environment and the other reached 8,000, Preet Kumar, senior manager of customer success at Armorblox, wrote in the post. Both attacks managed to bypass two Microsoft Exchange security protections–Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MSDO)–on their

  Even after heavy protection, there are some dangerous apps that manage to infect the user’s device by hacking it. New  malware  is doing around on Android devices via text messages. The malware is known as “ FLUBOT “, it can steal the user’s personal information like passwords. Flubot Malware is Spreading on Android Devices via SMS in the UK, Spain, Germany, & Poland The Flubot malware is  spreading on Android devices SMS . A few country users have been targeted from  UK, Spain, Germany, and Poland . The malware is showing itself as a delivery tracking app, the user gets a message that contains a delivery tracking link. The users are advised not to click on the given link and should report it by forwarding it to 7726. And it is better to remove the text from the phone. If anyone clicks on the given link, the  malware lets the hacker steal the banking information and password of your device . Once you go to the link, you will be taken to a fake website which is shown as a DH

  The FBI has shared 4.3 million email addresses stolen by the Emotet malware with the  Have I Been Pwned  breach notification site in another effort to remediate the effects of the devastating botnet. The email addresses come from mail servers compromised by Emotet as well as end-user computers on which the malware had scraped credentials out of victims' browsers, says  Troy Hunt , an Australian computer security expert who runs HIBP. It’s the first time the FBI has asked Hunt's service to assist in notifying victims, says Hunt, who wrote a  blog post  about the move. In 2018, the  Estonian Central Criminal Police  supplied HIBP with 655,000 email addresses that came from several breaches to avoid directly sending out its own breach notifications, which could have been mistaken for phishing emails, Hunt says. Hunt says the Emotet data will help victims take prompt action to ensure their online accounts have strong, unique passwords that are not reused across services.

Google and Facebook fail to remove scam adverts Google  and Facebook are failing to remove scam online adverts even after fraud victims report them, a new investigation reveals.   Consumer group Which? found 34 per cent of victims who reported an advert that led to a scam on Google said the advert was not taken down by the search engine. Twenty six per cent of victims who reported an advert on Facebook that resulted in them being scammed said the advert was not removed by the social network.  A 'reactive' rather than proactive approach taken by the tech companies towards fraudulent content taken is 'not fit for purpose', Which? claims.  The firms spend millions on detection technology but are falling short when it comes to taking down dodgy ads before they dupe victims, it claims. Even if fake and fraudulent adverts are successfully taken down they often pop up again under different names, Which? found.  Tech giants like Google and Facebook make significant