-
September 23rd: New rapidly evolving Chromeload Malware campaign +++ EU Cyber Resilience Act
Chromeload Malware Microsoft and VMware are warning of a new rapidly evolving malware campaign. The campaign formally known as ChromeLoader was first spotted in January 2022. At that time the malware was only used for hijacking the browser of victims and steal information. Overtime the malware evolved and fulfills now different purposes with different versions. […]
-
The world of cyber insurance: potential, opportunities, and obstacles
Philipp Seebohm Philipp Seebohm is the Head of Sales Cyber-Solutions DACH for Aon Germany. In the following interview, he shares thoughts on his career and discusses the potential of cyber insurance and the opportunities and challenges it poses. He also provides tips for what to keep in mind when buying cyber policies and looks ahead […]
-
September 9th: Emerge of a new more user-friendly Phishing-as-a-Service platform +++ New stealthy Linux malware
Emerge of a new more user-friendly Phishing-as-a-Service platform A new reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged from the darknet with the promise to grant access to mainstream accounts like Apple, Google, Facebook, Microsoft and many more, even with MFA (Multi-factor authentication). In comparison to the other used methods before, EvilProxy is more user-friendly. […]
-
September 2nd: GO#WEBBFUSCATOR +++ Patches of the week
GO#WEBBFUSCATOR Threat analysts form Securonix have spotted a new malware campaign dubbed GO#WEBBFUSCATOR which relies on phishing e-mails, malicious documents and most curiously on an image of the James Webb telescope. The malware is written in Golang, a programing language which is becoming increasingly popularfor cybercrime thanks to its cross-platform and its resistance to reverse […]
-
August 26th: Microsoft Cyber Signals +++ Two new air-gap attacks +++ Cybercrime 2021 Threat Landscape Report
Microsoft Cyber Signals: Defend against the new ransomware landscape Microsoft published Cyber Signals, spotlighting security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts. In this edition, they pull back the curtain on the evolving cybercrime economy and the rise of Ransomware-as-a-service (RaaS). Instead of relying on what cybercriminals say […]
-
August 19th: Apple security updates +++ Google Chrome zero-day +++ BugDrop malware
Apple security updates to patch new zero-day vulnerabilites Apple released on Wednesday security updates for iOS, iPadOS, and macOS platforms to remediate two zero-day vulnerabilities previously exploited by threat actors to compromise its devices: CVE-2022-32893 – An out-of-bounds issue in WebKit which could lead to the execution of arbitrary code by processing a specially crafted web […]
-
August 12th: Processors contain vulnerabilities +++ Open Cybersecurity Schema Framework +++ Vulnerabilities and updates of the week
After Spectre and Meltdown, it is now Æpicleak’s and SQUIP’s turn Processors from AMD and Intel contain vulnerabilities that attackers can use to leak data. They were found by researchers of Sapienza University of Rome, the Graz University of Technology, the CISPA Helmholtz Center for Information Security, and Amazon Web Services. The first vulnerability – […]
-
IT security from firsthand experience – learning from cyber attacks
Stefan Würtemberger Stefan Würtemberger is Vice President Information Technology at Marabu Inks and a member of the CyberCompare Advisory Board. He has experienced many different situations in his more than 20-year career in IT of industrial companies and their protection. He talks openly about the cyber attacks on Marabu and how the company was able […]
-
August 8th: Nozomi Networks OT/IoT Security Report +++ Data exfiltration via bookmark syncing +++ Malware campaign in GitHub repos +++ Patch priority index July 2022
Nozomi Networks OT/IoT Security Report Nozomi Networks has released their semi-annual OT/IoT Security Report, covering the threat and vulnerability landscape for the first half of 2022. In this report, they break down the threat landscape, including: A review of the current state of OT/IoT cybersecurity Trends in the threat landscape (plus timeline), and solutions for […]
-
July 29th: Attack from charging socket via “Ghost Touch” +++ 2022 Unit 42 Incident Response Report +++ Security updates Samba
Touchscreens: Attack from the charging socket via “Ghost Touch” Researchers from Technical University Darmstadt and Zhejiang University in Hangzhou carried out attacks on capacitive touchscreens via charging cables and power supply units and thus uncovered a new attack possibility on mobile devices. In the experimental setup, a compromised public charging station was assumed to be […]
