Popular project management and collaboration tool Monday.com was forced to disable one of its features after it was abused by a threat actor to send out phishing emails. The “Share Update” feature allows users to share real-time updates, progress, or important information with team members, or stakeholders. Users can post updates, attach files or images, … Read more
Cybersecurity researchers from JFrog recently discovered three malicious campaigns in Docker Hub – Docker’s cloud-based registry service for storing and sharing container images. These campaigns contained millions of repositories that pushed generic trojan malware to the developers. The conclusion of JFrog’s findings is that with open-source repositories such as Docker Hub, keeping them clean of … Read more
Identity and access management company Okta says it is facing an “unprecedented” scale of credential stuffing attacks, looking to breach user accounts of its online services. Credential stuffing is a type of cyberattack in which threat actors use a previously obtained username/password list and “stuff” them into different services, to see if they can gain … Read more
Multiple North Korean state-sponsored hacking groups have been attacking South Korean defense companies for more than a year, stealing login credentials and sensitive data. A Reuters report, citing South Korea’s law enforcement, claims three major threat actors – Lazarus, Kimsuky, and Andariel, have been going after defense organizations and third-party contractors, planting malicious code in … Read more
Apple on Wednesday sent threat notifications to users in 92 countries warning that they may have been targeted by mercenary spyware attacks, likely because of who they are or what they do. According to TechCrunch, Apple sent the alerts to the individuals at 12 p.m. Pacific Time, delivered via email and iMessage using the contact … Read more
Networking giant Cisco has warned its users of an ongoing attack against its business VPN services. In a security advisory, Cisco said it had been notified of an ongoing password-spraying attack against different third-party VPN concentrators. In this instance, it was Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall that were affected. Russian … Read more
New Zealand has joined the UK in accusing China of sponsoring hacking groups in their attempts to steal sensitive information from western nations. The country’s government has pointed the finger at a group tracked as APT40, which has been linked to a breach of the Parliamentary Counsel Office and the Parliamentary Service in 2021, around … Read more
If someone were to infect your Meta Quest VR headset with malware, they could trick you into seeing things in the virtual world which weren’t real, experts have warned. Academics from Cornell University recently published a paper describing the possibility of hijacking people’s VR sessions and controlling their interactions with internal applications, external servers, and … Read more
Cryptocurrency theft or attack is a serious issue of concern in the digital currency world. In fact, in the latest Statista crypto theft report, $320 million was lost in February 2022 alone and was never recovered. While cryptocurrencies are well known for sophisticated security systems, hackers have always found entryways into these tough security systems … Read more