Hackers are leveraging Microsoft OneDrive in a multi-stage espionage campaign that aims to target high-ranking government officials in Western Asia. Researchers at Trellix released a report detailing the campaign. The cybercriminals are using a malware named “Graphite” by researchers because it uses Microsoft’s Graph API to leverage OneDrive as a
McAfee has recently patched two different high-severity bugs in its Agent component that could be used by attackers to escalate privileges, including up to SYSTEM. The bugs could also allow attackers to achieve arbitrary code execution and perform other malicious actions. The bug lies in the McAfee Enterprise product for
More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams, and other cyber threats due to a high-severity cross-site scripting (XSS) bug affecting the WordPress Email Template Designer. The template designer is WP HTML Mail, a plugin that allowed users to design custom emails. Wordfence researcher Chloe
Recently, Ukraine suffered two sets of cyber-attacks in response to the geopolitical situation with Russia. The second round of attacks executed WhisperGate, a destructive wiper malware disguised as ransomware, that impacted dozens of Ukrainian entities associated with government, non-profit, and technology companies. While many first believed Russia to be behind or directing the cyber-attack, Ukrainian authorities stated their belief that a group linked to Belarussian intelligence (using Russian-linked malware) was responsible for the WhisperGate attacks.
A convincing yet illegitimate government procurement portal is advertising the opportunity to submit a bid for government projects. However, the site harvests credentials from unassuming victims instead. The phishing campaign is targeting aspiring government vendors with an invitation to bid on fake federal projects within the US Department of Labor.
Italian luxury brand Moncler has suffered a cyberattack in which cybercriminals stole data and published it on the dark web. The company confirmed the attack on Tuesday, stating that it had suffered from a data breach after being attacked by the AlphV/BlackCat ransomware operation in December. The attack caused a
Kambiz Attar Kashani, a 44 year-old with dual citizenship to the US and Iran, has been charged with violating sanctions by exporting IT goods and services to the latter country. Kashani was arrested last Friday on charges of conspiring to illegal export to the Central Bank of Iran. Kashani reportedly
Project Zero researcher Natalie Silvanovich published a new analysis of security flaws present in the Zoom video chat platform. The vulnerabilities were uncovered as part of an investigation after a zero-click attack was demonstrated at Pwn2Own. Silvanovich, inspired by the demonstration, located two different bugs. The first is a buffer
Every enterprise has a supply chain. They can’t exist without them and effective management of the supply chain is at the heart of any successful business. Controlling the flow of data and funds related to suppliers and partners for components, parts, raw materials, work in progress and finished goods from
Hackers from North Korea stole nearly $400 million worth of cryptocurrency in 2021 through at least seven attacks and most of it was Ether or ETH rather than Bitcoin, according to blockchain analysis firm, Cainalysis. 2021 was a record year for North Korea’s military hackers, the most notorious of which is