New Windows Search zero-day Added to Microsoft Protocol Nightmare A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document. The security issue can be leveraged because Windows supports a URI protocol handler called ‘search-ms’ that allows Read more…
Former OpenSea Head of Product Charged with NFT Insider Trading Nathaniel Chastain, a former product manager at OpenSea, the largest online non-fungible token (NFT) marketplace, has been arrested and charged by the U.S. Department of Justice (DOJ) with NFT insider trading. This is the first time someone was charged for Read more…
Hundreds of Elasticsearch Databases Targeted in Ransom Attacks Hackers have targeted poorly secured Elasticsearch databases and replaced 450 indexes with ransom notes asking for $620 to restore contents, amounting to a total demand of $279,000. The threat actors set a seven-day deadline for the payments and threaten to double the Read more…
FBI Seizes Domains Used to Sell Stolen Data, DDoS Services The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and provide DDoS attack services. WeLeakInfo.to was selling subscriptions allowing Read more…
US govt: Paying Karakurt Extortion Ransoms Won’t Stop Data Leaks Several U.S. federal agencies warned organizations today against paying ransom demands made by the Karakurt gang since that will not prevent their stolen data from being sold to others. Karakurt, the data extortion arm of the Conti ransomware gang and cybercrime syndicate, is focused on stealing Read more…
RuneScape Phishing Steals Accounts and In-game Item Bank PINs Cybersecurity researchers have discovered a new RuneScape-themed phishing campaign, and it stands out among the various operations for being exceptionally well-crafted. RuneScape is a free online MMORPG game first released two decades ago but continues to be popular in the gaming Read more…
Windows MSDT zero-day Vulnerability Gets Free Unofficial Patch A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as ‘Follina.’ The bug, now tracked as CVE-2022-30190 and described by Redmond as a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution flaw, impacts all Windows Read more…
FluBot Android Malware Operation Shutdown by Law Enforcement Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence. The malware operation’s takedown resulted from a law enforcement operation involving eleven countries following a complex technical investigation to pinpoint FluBot’s most Read more…
SideWinder Hackers Plant Fake Android VPN App in Google Play Store Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting. SideWinder is an APT group Read more…
Ransomware Attacks Need Less than Four Days to Encrypt Systems The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. This change reflects a Read more…
Let us help you out.
Singapore
7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987
The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand
Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!
Click one of our contacts below to chat on WhatsApp
