Lazarus Groups DeathNote Cluster Pivots to Defense Sector
Usually focused on going after cryptocurrency organizations, the threat actor has begun targeting defense companies around the world.
Microsoft NSO GroupLike QuaDream Actor Selling Mobile Spyware to Governments
Researchers at Microsoft have discovered links between a threat group tracked as DEV-0196 and an Israeli private-sector company, QuaDream, that sells a platform for exfiltrating data from mobile devices.
Data on 400K Kodi Forum Members Stolen and Put Up for Sale
Open source media player Kodi still hasnt recovered its forum and plans to redeploy it on a new server with software update.
Gartner HumanCentric Design Is Top Cybersecurity Trend for 2023
In order to reduce cybersecurity risks and failures, organizations will need to focus on employees, management, and new operating models.
1M WordPress Sites Hacked via ZeroDay Plugin Bugs
A wide-ranging campaign to inject malicious code into WordPress-run websites has been ongoing for at least five years.
LastPass Breach Reveals Important Lessons
Devastating cyberattacks often can be prevented with basic cybersecurity measures.
Microsoft Patches 97 CVEs Including ZeroDay Wormable Bugs
The April 2023 Patch Tuesday security update also included a reissue of a fix for a 10-year-old bug that a threat actor recently exploited in the supply chain attack on 3CX.
Microsoft Azure Shared Key Misconfiguration Could Lead to RCE
Azure admins are urged to disable shared key access and implement Azure Active Directory authentication.
Blatantly Obvious Spyware Offered to Cyberattackers via PyPI Python Repository
Malware-as-a-service hackers from Spain decided to use a public code repository to openly advertise their wares.
Attackers Hide RedLine Stealer Behind ChatGPT Google Bard Facebook Ads
The campaign shrouds the commodity infostealer in OpenAI files in a play that aims to take advantage of the growing public interest in AI-based chatbots.