The Federal Bureau of Investigation (FBI) this week published indicators of compromise (IOCs) associated with the BlackCat Ransomware-as-a-Service (RaaS).
FBI Shares Information on BlackCat Ransomware Attacks
New BotenaGo Variant Infects Lilin Security Cameras With Mirai
A newly identified variant of the BotenaGo malware is specifically targeting security cameras manufactured by Taiwan-based Lilin, warns OT and IoT security firm Nozomi Networks.
Okta Closes Lapsus$ Breach Probe, Adds New Security Controls
Identity and access management tech firm Okta says it has concluded an investigation into the embarrassing Lapsus$ hacking incident and has severed ties with a third-party company at the center of the breach.
SeeMetrics Raises $6M for Portfolio Management Platform
An Israeli startup has raised early-stage funding to build technology to help cybersecurity teams measure, track and simplify security program operations.
Firmware Flaws Allow Disabling Secure Boot on Lenovo Laptops
Computer maker Lenovo has started pushing security patches to address three vulnerabilities impacting the UEFI firmware of more than 110 laptop models.
Citizen Lab Documents Israeli Surveillance Spyware Infections in Spain
Security researchers have found fresh evidence linking a pair of mercenary Israeli hacking companies to mobile malware attacks on members of Catalan civil society.
Webex Monitors Microphone Even When Muted, Researchers Say
Cisco’s enterprise-facing Webex video conferencing and messaging utility monitors the microphone at all times, even when the user’s microphone is muted in the software, according to warning from a group of academic researchers.
FBI Warns of ‘Reverse’ Instant Payments Phishing Schemes
The Federal Bureau of Investigation (FBI) has issued an alert on a new phishing scheme aimed at tricking victims into making money transfers to accounts controlled by cybercriminals.
GitHub Warns of Private Repositories Downloaded Using Stolen OAuth Tokens
GitHub has sounded the alarm on a cyberattack that resulted in the private repositories of dozens of organizations being downloaded by an unauthorized party abusing stolen OAuth user tokens.
The incident was identified on April 12, when the code hosting platform observed suspicious activity on its npm production infrastructure.
North Korea APT Lazarus Targeting Chemical Sector
Threat hunters at Symantec have spotted signs that North Korea’s Lazarus APT group is targeting companies in the chemical sector in an ongoing cyberespionage campaign that includes fake job lures and clever social engineering.
