Tag: security
China-related threat actors deployed a new fileless malware against the Philippines military
EggStreme is a stealthy, fileless malware framework used by a Chinese threat actor to target a Philippine military company It includes six modular components, enabling reverse shell access, payload injection, keylogging, and persistent espionage Attribution remains uncertain, but the attack’s objectives align with known Chinese APT tactics across APAC and…
Read More
US Department of Defense issues strict new cyber rules for potential contractors
New cybersecurity framework will soon come into effect The CMMC will see more complicated rules for potential vendors This is the second iteration of these regulations A new set of requirements has just been published for potential Department of Defense vendors. The new Cybersecurity Maturity Model Certification 2.0 (CMMC) standards…
Read More
Hackers are abusing hotel booking notifications to steal credentials in a new phishing campaign
Phishing campaign targets hotel staff using fake Expedia and Cloudbeds login pages Attackers show deep knowledge of hospitality workflows to boost credibility Hospitality businesses are prime targets due to constant handling of sensitive guest data Hotels, and other similar businesses in the hospitality industry, are being targeted by an advanced,…
Read More
This creepy spyware watches you through your webcam and snaps incriminating photos
Two low-level cybercrime groups use Stealerium to extort victims watching porn The malware takes screenshots and webcam photos, then demands payment It spreads via phishing and mostly targets individuals and small industries Cybercriminals have begun using spyware to take screenshots and webcam snapshots of people watching pornography on their computers,…
Read More
Wealthsimple reveals data breach – users of financial firm warned to be on alert
Wealthsimple had a data breach via third-party software Under 1% of users lost personal info, not passwords or funds Affected users got alerts, protection, and security tips One of Canada’s most popular fintech platforms has confirmed suffering a cyberattack which caused it to lose sensitive data on a small portion…
Read More
Worrying TP-Link router flaws could let botnets attack your Microsoft 365 accounts – so update now
TP-Link patches two vulnerabilities in older SOHO routers Chinese threat actor Quad7 used the botnet for broad password-spraying attacks The flaws were severe enough to warrant firmware updates, despite the routers being end-of-life TP-Link has patched two vulnerabilities affecting some of its small office/home office (SOHO) routers, which were apparently…
Read More