Improving your bottom line with cybersecurity top of mind
In times of economic downturn, companies may become reactive in their approach to cybersecurity management, prioritizing staying afloat over investing in proactive cybersecurity measures. However, it’s essential to recognize that cybersecurity is a valuable investment in your company’s security and stability. Taking necessary precautions against cybercrime can help prevent massive losses and protect your business’s […]
Google Authenticator App Gets Cloud Backup Feature for TOTP Codes
Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) codes to the cloud. “This change means users are better protected from lockout and that services can rely on users retaining access, increasing […]
Removing the human: When should AI be used in emotional crisis? Lock and Code S03E09
In January, a mental health nonprofit admitted that it had used Artificial Intelligence to help talk to people in distress. Prompted first by a user’s longing for personal improvement—and the difficulties involved in that journey—the AI tool generated a reply, which, with human intervention, could be sent verbatim in a chat box, or edited and fine-tuned to better […]
Adult content malvertising scheme leads to clickjacking
Malwarebytes’ researchers have found a malvertising scheme that leads to clickjacking. Clickjacking is a form of ad fraud which is also referred to as click fraud or click spam. It is a practice performed by certain dubious advertising networks, where they sometimes use automated programs—from simple to sophisticated bots and botnets—to interact with advertisements online. […]
Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack
Threat actors are employing a previously undocumented “defense evasion tool” dubbed AuKill that’s designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. “The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before […]
Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering
The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. “Tomiris’s endgame consistently appears to be the regular theft of internal documents,” security researchers Pierre Delcher and Ivan Kwiatkowski said in an analysis published today. “The threat actor targets government and
Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites
Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users to insert PHP code pages and posts of WordPress sites that’s […]
Study: 84% of Companies Use Breached SaaS Applications – Here’s How to Fix it for Free!
A recent review by Wing Security, a SaaS security company that analyzed the data of over 500 companies, revealed some worrisome information. According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that were breached in the previous 3 months. While this is concerning, it isn’t much of a […]
Securing the Edge Ecosystem Global Research released – Complimentary report available
AT&T Cybersecurity is committed to providing thought leadership to help you strategically plan for an evolving cybersecurity landscape. Our 2023 AT&T Cybersecurity InsightsTM Report: Edge Ecosystem is now available. It describes the common characteristics of an edge computing environment, the top use cases and security trends, and key recommendations for strategic planning. Get your free […]
New All-in-One “EvilExtractor” Stealer for Windows Systems Surfaces on the Dark Web
A new “all-in-one” stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems. “It includes several modules that all work via an FTP service,” Fortinet FortiGuard Labs researcher Cara Lin said. “It also contains environment checking and Anti-VM functions. Its primary purpose seems […]