Archives

Ransomware attackers email bemused students as leverage for a payout

The University of Manchester has fallen victim to a ransomware gang, who are currently applying an interesting twist to their attack. Blackmail and pressure are two ways to extract funds from potential victims. We see this in sextortion cases, as well as in social engineering. Here, the fraudsters are directly mailing affected students in an effort […]

DNA testing company failed to protect sensitive genetic and health data, says FTC

DNA testing has long been a hot-button issue for security and privacy. Concerns about everything from law enforcement and data retention to job offers and insurance have all been examined at great length. With millions of people signing up to use these services, it was only a matter of time before something went wrong. Well, […]

New DDoS Botnet ‘Condi’ Targets Vulnerable TP-Link AX21 Routers

By Deeba Ahmed FortiGuard Labs has identified numerous Condi DDoS botnet samples that exploit other known security flaws, putting unpatched software at a higher risk of being exploited by botnet malware. This is a post from HackRead.com Read the original post: New DDoS Botnet ‘Condi’ Targets Vulnerable TP-Link AX21 Routers

Researcher Identifies Popular Swing VPN Android App as DDoS Botnet

By Waqas The Swing VPN app is available on Android and iOS devices; however, only the Android version has been identified as a DDoS botnet by the researcher. This is a post from HackRead.com Read the original post: Researcher Identifies Popular Swing VPN Android App as DDoS Botnet

ScarCruft Hackers Exploit Ably Service for Stealthy Wiretapping Attacks

The North Korean threat actor known as ScarCruft has been observed using an information-stealing malware with previous undocumented wiretapping features as well as a backdoor developed using Golang that exploits the Ably real-time messaging service. “The threat actor sent their commands through the Golang backdoor that is using the Ably service,” the AhnLab Security Emergency […]

New Report Exposes Operation Triangulation’s Spyware Implant Targeting iOS Devices

More details have emerged about the spyware implant that’s delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period […]

Startup Security Tactics: Friction Surveys

When we do quarterly planning, my team categorizes our goals within four evergreen outcomes: Reduce the risk of information security incidents Increase trust in Vanta’s information security program Reduce the friction caused by information security controls Use security expertise to support the business In this article, I’m going to focus on number three: reducing friction. Declaring […]

Critical ‘nOAuth’ Flaw in Microsoft Azure AD Enabled Complete Account Takeover

A security shortcoming in Microsoft Azure Active Directory (AD) Open Authorization (OAuth) process could have been exploited to achieve full account takeover, researchers said. California-based identity and access management service Descope, which discovered and reported the issue in April 2023, dubbed it nOAuth. “nOAuth is an authentication implementation flaw that can affect Microsoft Azure AD