Imagine trying to find a needle in a haystack, but the haystack is on fire, and there are a million other needles you also need to find. That’s what dealing with security alerts can feel like. The Challenge of Managing Security Alerts SIEM (Security Information and Event Management) was supposed to make managing security alerts…
Understanding Kimsuky Group and New Malware Strains North Korean-linked threat actors have recently introduced two new malware strains, KLogEXE and FPSpy. The group responsible, often referred to as Kimsuky, is also known by various other names such as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet, Sparkling Pisces, Springtail, and Velvet Chollima. This addition to Kimsuky’s arsenal…
Understanding SilentSelfie: Watering Hole Attack on Kurdish Websites Sekoia, a French cybersecurity firm, has shed light on a campaign known as SilentSelfie. The initiative, which has targeted the Kurdish minority, involves compromising as many as 25 websites through a watering hole attack. This stealthy technique collects sensitive information by infecting websites frequently visited by the…
Understanding Vulnerability Assessment Systems Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don’t factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don’t…
Advanced Threat Actor with Indian Nexus: SloppyLemming An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2) operations. This group has gained significant attention due to its sophisticated methods and persistent threats. Cloudflare, a reputable web infrastructure and security company,…
Google’s Transition to Memory-Safe Languages: Enhancing Android Security Google’s transition to memory-safe languages, especially Rust, has significantly improved Android security. Over six years, the percentage of memory-safe vulnerabilities in Android dropped from 76% to 24%. This shift is a key part of Google’s secure-by-design approach. What is a Memory-Safe Language? Memory-safe languages are designed to…
Discovery of Splinter: A New Threat in Cybersecurity Cybersecurity researchers recently discovered a new post-exploitation tool, Splinter. This tool has been flagged for its potential to infiltrate systems. Palo Alto Networks Unit 42 found the program residing on multiple customers' devices. "It has a standard set of features commonly found in penetration testing tools," said…
Firefox's New Feature Raises Privacy Concerns Vienna-based privacy non-profit, noyb (None Of Your Business), has filed a complaint with the Austrian Data Protection Authority (DPA) against Firefox maker Mozilla. The center of the controversy is a new feature called Privacy Preserving Attribution (PPA), which Mozilla introduced without explicitly seeking users' consent. Understanding Privacy Preserving Attribution…
How to Spot Phishing Links: Key Indicators by Security Experts Phishing attacks are becoming more advanced and harder to detect. However, there are still telltale signs that can help you spot them before it’s too late. Here are key indicators that security experts use to identify phishing links: Check Suspicious URLs Phishing URLs are often…
A Now-Patched Security Vulnerability in OpenAI’s ChatGPT App for macOS Introduction A significant security vulnerability in OpenAI’s ChatGPT app for macOS has recently been patched. This flaw could have potentially allowed attackers to insert long-term persistent spyware into the AI tool’s memory. Known as SpAIware, this technique had the potential to facilitate continuous data exfiltration,…