Security researchers at CrowdStrike have stumbled upon ransomware actors deploying zero-day exploits against Mitel VOIP appliances sitting on the network perimeter.
CrowdStrike: Ransomware Actor Caught Exploiting Mitel VOIP Zero-Day
Top Cryptographers Flag ‘Devastating’ Flaws in MEGA Cloud Storage
Cryptographers at Swiss university ETH Zurich have found at least five exploitable security flaws in the privacy-themed MEGA cloud storage service and warned that the issues could lead to “devastating attacks on the confidentiality and integrity of user data in the MEGA cloud.”
Chinese APT ‘Bronze Starlight’ Uses Ransomware to Disguise Cyberespionage
A China-linked state-sponsored hacking group named Bronze Starlight was observed deploying various ransomware families to hide the true intent of its attacks.
Aqua Security Ships Open-Source Tool for Auditing Software Supply Chain
Cloud security startup Aqua Security has partnered with the Center for Internet Security (CIS) to create guidelines for software supply chain security and followed up by shipping an open-source auditing tool to ensure compliance with the new benchmark.
New ‘ToddyCat’ APT Targets High-Profile Entities in Europe, Asia
Kaspersky has detailed the activity of ToddyCat, a relatively new advanced persistent threat (ATP) actor that has been targeting high-profile entities in Europe and Asia for more than a year and a half.
RevealSecurity Raises $23M for Application Detection and Response
RevealSecurity, an Israeli data security startup building technology to thwart malicious insider threats, on Tuesday announced the closing of a $23 million funding round led by SYN Ventures.
In addition to SYN Ventures, Hanaco Ventures, SilverTech Ventures and World Trade Ventures also joined as RevealSecurity investors.
QNAP Appliances Targeted in New DeadBolt, eCh0raix Ransomware Campaigns
Network-attached storage (NAS) devices made by QNAP are being targeted in new attack campaigns involving DeadBolt and eCh0raix ransomware.
ALPHV Ransomware Operators Pressure Victim With Dedicated Leak Site
Cybercriminals who are using the ALPHV ransomware created a dedicated leak website in an apparent attempt to pressure one of their victims into paying the ransom.
‘MaliBot’ Android Malware Steals Financial, Personal Information
Researchers at F5 Labs have nabbed a new Android malware family capable of exfiltrating financial and personal information after taking control of infected devices.
Volexity Blames ‘DriftingCloud’ APT For Sophos Firewall Zero-Day
Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors and launch man-in-the-middle attacks.