Compromised Website Images Camouflage ObliqueRAT Malware
.
The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites.
BEIJING — China’s regulator ordered the removal from app stores of 25 apps owned by Didi Global Inc., the country’s largest ride-hailing service, citing severe violations of rules against collecting personal data. The Cyberspace Administration of China had already taken down the main Didi app last Sunday, pending a cybersecurity review, after it debuted on…
Shares of New York City-based IoT device maker Ubiquiti (NYSE: UI) fell significantly this week following a report claiming that the recently disclosed data breach was “catastrophic” and that its impact was downplayed. Ubiquiti informed customers in January that it had detected unauthorized access to some IT systems hosted by an unnamed third-party cloud provider….
John Deere, Researchers Spar Over Impact of Vulnerabilities Jeremy Kirk (jeremy_kirk) • August 9, 2021 Flaws in John Deere systems could have allowed an attacker to remotely take over equipment, such as this row crop tractor. (Photo: John Deere) Numerous vulnerabilities uncovered in tractor manufacturer John Deere’s systems underscore the cyber risks that…
Expert Reaction On FBI’s Internet Crime Complaint Center 2020 Internet Crime Report | IT Security News Sponsors Endpoint Cybersecurity www.endpoint-cybersecurity.com – Consulting in building your security products– Employee awareness training– Security tests for applications and pentesting… and more. Daily Summary Patreon Categories CategoriesSelect Category(ISC)2 Blog (323)(ISC)2 Blog infosec (13)(ISC)² Blog (327)2020-12-08 – Files for an ISC diary (recent…
Operation Dianxun Overview In a recent report the McAfee Advanced Threat Research (ATR) Strategic Intelligence team disclosed an espionage campaign, targeting telecommunication companies, named Operation Diànxùn. The tactics, techniques and procedures (TTPs) used in the attack are like those observed in earlier campaigns publicly attributed to the threat actors RedDelta and Mustang Panda. Most probably…
A North Korean government-backed campaign targeting cybersecurity researchers with malware has re-emerged with new tactics in their arsenal as part of a fresh social engineering attack. In an update shared on Wednesday, Google’s Threat Analysis Group said the attackers behind the operation set up a fake security company called SecuriElite and a slew of social…