Hackers Tampered With APKPure Store to Distribute Malware Apps

APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices.
In an incident that’s similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to have been tampered with in an attempt to trick unsuspecting users

Read more

Alert — There’s A New Malware Out There Snatching Users’ Passwords

A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads.
Dubbed “Saint Bot,” the malware is said to have first appeared on the scene in January 2021, with indications that it’s under active development. “Saint Bot is a downloader that appeared quite recently, and slowly is getting momentum. It was

Read more

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword.
Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure that all its vendors and contractors follow established best cybersecurity practices.
For organizations that work along the DoD supply chain, this

Read more

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers

Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices.
The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers, allowing an unauthenticated,

Read more

Gigaset Android Update Server Hacked to Install Malware on Users’ Devices

Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider.
Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 (plus), and GS370 (plus) series — the malware took the form of multiple unwanted apps that were downloaded and installed through a pre-installed system update

Read more

Researchers uncover a new Iranian malware used in recent cyberattacks

An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems.
Cybersecurity firm Check Point attributed the operation to APT34, citing similarities with previous techniques used by the threat actor as well as based on its pattern of victimology.
APT34 (aka OilRig) is

Read more

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets

Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called “Cring” inside corporate networks.
At least one of the hacking incidents led to the temporary shutdown of a production site, said cybersecurity firm Kaspersky in a report published on Wednesday, without publicly naming the victim.
The

Read more

NIST and HIPAA: Is There a Password Connection?

When dealing with user data, it’s essential that we design our password policies around compliance. These policies are defined both internally and externally.
While companies uphold their own password standards, outside forces like HIPAA and NIST have a heavy influence. Impacts are defined by industry and one’s unique infrastructure. How do IT departments maintain compliance with NIST and HIPAA?

Read more

PHP Site’s User Database Was Hacked In Recent Source Code Backdoor Attack

The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized changes to the repository. “We no longer believe the git.php.net server has been compromised. However, it is possible that the master.php.net user

Read more

Android to Support Rust Programming Language to Prevent Memory Flaws

Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs.
To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in the pipeline to scale this initiative to cover more aspects of the operating system

Read more