CVE-2021-35474 – Alert Detail – Security Database

Cybercrime , Cybercrime as-a-service , Email Security & Protection Attackers Co-Opted Malware for Data Exfiltration and Ransom, Group-IB Finds Akshaya Asokan (asokan_akshaya) • May 8, 2021     Attackers co-opted the Hancitor malware downloader and recently used it to deliver Cuba ransomware as part of an email spam campaign for data exfiltration and ransom extortion,…

Cybersecurity researchers have disclosed details about a new malware family that relies on the Common Log File System (CLFS) to hide a second-stage payload in registry transaction files in an attempt to evade detection mechanisms. FireEye’s Mandiant Advanced Practices team, which made the discovery, dubbed the malware PRIVATELOG, and its installer, STASHLOG. Specifics about the…

Application Security , Endpoint Security , Fraud Management & Cybercrime Citizen Lab Says iMessage Exploit Delivered NSO’s Pegasus Spyware Jeremy Kirk (jeremy_kirk) • September 14, 2021     Photo: Flickr/CC Apple issued an emergency patch a software vulnerability on Monday that researchers say was used to deliver spyware via iMessage to the mobile phones of…

Written by John Hewitt Jones Aug 3, 2021 | FEDSCOOP The Senate Committee on Homeland Security and Governmental Affairs has identified continued major cybersecurity failings across agencies and is calling for the Federal Information Security Modernization Act (FISMA) to be reformed. A new report published Tuesday identifies IT security flaws across almost every major U.S….

After the Babuk ransomware operators have announced that they decided to close the affiliate program and move to data theft extortion, the group seems to have returned to their previous methods of encrypting corporate systems. At this time, the hackers are employing a new version of their file-encrypting malware and have shifted the operation to…

Conti Ransomware Is Now Using ProxyShell Exploits to Compromise Exchange Servers | IT Security News Android App Android App with push notifications Sponsors Endpoint Cybersecurity www.endpoint-cybersecurity.com – Consulting in building your security products– Employee awareness training– Security tests for applications and pentesting… and more. Daily Summary Categories CategoriesSelect Category(ISC)2 Blog  (323)(ISC)2 Blog infosec  (13)(ISC)² Blog  (420)2020-12-08 – Files…