INTERPOL’s Global Stop-Payment Mechanism Thwarts BEC Scam INTERPOL has recently introduced a groundbreaking “global stop-payment mechanism” that played a pivotal role in the retrieval of funds in what is now known as the largest-ever recovery from a business email compromise (BEC) scam. The innovative mechanism came into play following an unfortunate incident where an undisclosed…
High-Severity Security Bypass Vulnerability Discovered in Rockwell Automation ControlLogix 1756 Devices A recent disclosure has shed light on a high-severity security bypass vulnerability present in Rockwell Automation ControlLogix 1756 devices. This vulnerability opens the door for potential exploitation, enabling threat actors to execute common industrial protocol (CIP) programming and configuration commands undetected. Vulnerability Details: CVE-2024-6242…
Cybersecurity Threat Alert: BlankBot Android Banking Trojan In the vast and intricate world of cybersecurity, a new threat has emerged that has caught the attention of researchers. Named BlankBot, this Android banking trojan has been specifically crafted to target users in Turkey, aiming to covertly steal sensitive financial information for nefarious purposes. The Modus Operandi…
Evasive Panda Strikes Again: Compromising ISP for Malicious Updates In a bold move showcasing their evolving sophistication, the China-linked threat actor, Evasive Panda, recently breached an undisclosed internet service provider (ISP) to distribute malicious software updates to target companies around mid-2023. This unsettling development sheds light on the group’s increasingly advanced tactics and highlights the…
U.S. Department of Justice and Federal Trade Commission Sue TikTok Over Children’s Privacy Violations In a monumental move, the U.S. Department of Justice (DoJ) and the Federal Trade Commission (FTC) have jointly filed a lawsuit against TikTok, the widely-used video-sharing platform. The lawsuit contends that TikTok has been blatantly disregarding children’s privacy laws within the…
Cybersecurity Researchers Unveil New DDoS Attack Targeting Misconfigured Jupyter Notebooks Cybersecurity researchers have unveiled the details of a new distributed denial-of-service (DDoS) attack campaign that focuses on misconfigured Jupyter Notebooks. This campaign, known as Panamorfi, has been identified by the cloud security company Aqua. The attackers are using a Java-based tool named mineping to carry…
Taiwanese Research Institute Breached by Nation-State Threat Actors Linked to China In recent news, a Taiwanese government-affiliated research institute focusing on computing and related technologies fell victim to a cyber breach orchestrated by nation-state threat actors associated with China. Cisco Talos, a renowned cybersecurity firm, uncovered this concerning attack through their recent findings. The breach…
Russia-Linked APT28’s New Phishing Campaign Using Car Sale as Lure In a recent development, a Russia-linked threat actor known as APT28 has surfaced with a new phishing campaign. The attackers cleverly used a car for sale as a bait to deliver a sophisticated Windows backdoor named HeadLace. This devious tactic was unraveled by Palo Alto…
The Rise of Cyber Threats Against Small and Medium Businesses In the ever-evolving digital landscape, small and medium businesses (SMBs) find themselves on the front lines of the cyber battlefield, facing the same threats as their larger counterparts but with significantly fewer resources at their disposal. With cybercriminals constantly honing their tactics and targeting organizations…
The Importance of Enterprise Resource Planning (ERP) Software Security Enterprise Resource Planning (ERP) Software is a crucial component for businesses as it supports functions like human resources, accounting, shipping, and manufacturing. However, these systems can become intricate and challenging to sustain due to their complexity. Often, ERP systems are highly tailored to meet specific business…