Stay informed with Security World Trend Now! Discover the latest security trends, technologies, and strategies to protect your data, networks, and digital identity. Get expert insights and practical advice for ensuring your online safety. Explore now!
How Organizations Can Defend Against Ransomware Exploiting EDR/XDR Technologies How Organizations Can Defend Against Ransomware Exploiting EDR/XDR Technologies Introduction In early 2023, a user named “spyboy” promoted a tool called “Terminator” on the Russian-language forum Ramp. This software claims to be able to evade endpoint detection and response (EDR) and extended detection and response (XDR)…
100,000 Industrial Control Systems Exposed to Internet, Posing Significant Cybersecurity Risk Introduction A recent analysis conducted by cyber-risk handicapper Bitsight revealed that there are at least 100,000 industrial control systems (ICS) exposed to the public Internet worldwide. These systems play a critical role in controlling operational technologies (OT) such as power grids, water systems, and…
Cybercrime DNA testing service 23andMe investigating theft of user data Introduction The renowned DNA testing company, 23andMe, is currently investigating a potential theft of customer data after it was discovered that information about the firm’s clients was being offered for sale on a cybercrime forum. While the company claims there is no evidence of a…
The Urgent Plea to Fix Misconfiguration Errors in Network Defenses Cybersecurity Agencies Highlight Top 10 Network Configuration vulnerabilities The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly called on network defenders to prioritize addressing easily exploitable misconfiguration errors that present significant vulnerabilities in organizations’ cybersecurity infrastructure. In a recent…
A Fresh Malware Threat, DinodasRAT, Uncovered in Targeted Cyber-Espionage Campaign Background A new malware threat known as DinodasRAT has recently been discovered being used in a targeted cyber-espionage campaign against a governmental entity in Guyana. Security research firm ESET has named this campaign “Operation Jacana,” after water birds indigenous to the South American country. According…
Nonprofit Service Provider Blackbaud Settles Data Breach Case for $49.5M with States Overview In a recent settlement, fundraising software company Blackbaud has agreed to pay $49.5 million to settle claims brought by the attorneys general of all 50 states related to a data breach that occurred in 2020. This breach exposed sensitive information from 13,000…
Relentless Campaign to Seed Malicious Python Packages Raises Concerns for Internet Security The Threat Actor A threat actor has been conducting a relentless campaign since early April to infiltrate the software supply chain with malicious Python packages. These packages have already been downloaded nearly 75,000 times, according to researchers from Checkmarx. Unlike previous attacks that…
An Android Trojan Targets Financial Organizations in Vietnam Introduction A recent report by cybersecurity firm Group-IB has unveiled a new Android Trojan called GoldDigger that specifically targets financial institutions in Vietnam. The Trojan, active since June, is designed to steal banking credentials from unsuspecting users. Group-IB’s analysis shows that GoldDigger utilizes sophisticated techniques to avoid…
Madagascar Government Accused of Domestic Surveillance Ahead of Presidential Election Introduction The government of Madagascar has allegedly purchased and utilized the Predator spyware to conduct political domestic surveillance in the lead-up to the country’s presidential election in November. Research conducted by cybersecurity company Sekoia indicates that this effort involved a watering hole attack, where links…
Critical Vulnerabilities in TorchServe Pose a Threat to AI Models A recently unearthed set of critical vulnerabilities in TorchServe, a popular machine learning framework, has raised concerns about the security of artificial intelligence (AI) models. The bugs not only highlight the susceptibility of AI applications to open-source vulnerabilities but also expose major machine learning services…