Risk
-
European Insurance Authority Proposes Strict Capital Requirements for Crypto Holdings
The European Union’s insurance authority has proposed a requirement for firms to maintain capital equal to their full crypto holdings to mitigate risks for policyholders, setting a new standard for the insurance industry.
-
New Phishing-as-a-Service Operation Utilizes Advanced Evasion Techniques
The Morphing Meerkat phishing operation employs advanced techniques including DNS over HTTPS to evade detection and deliver dynamic spoofed login pages for over 114 brands.
-
Security Bypasses Detected in Ubuntu Linux’s User Namespace Restrictions
A new report from Qualys reveals that three security bypasses have been found in Ubuntu Linux’s user namespace restrictions, potentially allowing local attackers to exploit kernel vulnerabilities. Canonical is working on enhancing AppArmor protections in response.
-
New Cybercrime Platform Automates Credential Stuffing Attacks on 140 Online Services
The newly discovered Atlantis AIO platform automates credential stuffing attacks against 140 online services, providing cybercriminals with tools to exploit vulnerabilities in systems lacking adequate security measures.
-
FamousSparrow Hackers Enhance Cyber Attacks with Modular Backdoor
A China-linked cyberespionage group known as FamousSparrow has intensified its operations by deploying an upgraded version of its backdoor malware, SparrowDoor, against several organizations, including a US-based trade group. ESET researchers have identified significant improvements in the malware’s structure and capabilities, raising concerns about the group’s access to advanced cyber tools.
-
Malaysian PM Declines $10 Million Ransom Following Cyber Attack on Kuala Lumpur Airport
Malaysian Prime Minister Anwar Ibrahim has firmly rejected a $10 million ransom demand from hackers following a cyber attack that disrupted operations at Kuala Lumpur International Airport, emphasizing the importance of national cybersecurity.
-
New Phishing Kit Targets Users by Impersonating 114 Brands Using DNS
Cybersecurity researchers have identified a new phishing-as-a-service platform dubbed Morphing Meerkat, which utilizes DNS records to execute targeted phishing attacks against 114 brands, employing sophisticated techniques to manage and disseminate stolen credentials.
-
RansomHub Affiliates Exploit EDR Tools in Ransomware Attacks
ESET’s recent analysis highlights the alarming tactics employed by RansomHub affiliates, who utilize a custom tool to disable security measures in a coordinated effort with other ransomware groups.
-
Cybersecurity Breach: 150,000 Websites Compromised by Malicious JavaScript
A cybersecurity campaign has compromised approximately 150,000 legitimate websites through malicious JavaScript injections to promote illegal gambling platforms. Analysts highlight the evolving tactics of threat actors, raising concerns over the integrity and security of online spaces.
-
OpenAI Expands Bug Bounty Program and Cybersecurity Initiatives
OpenAI has announced expansions to its bug bounty and cybersecurity grant programs, including a significant increase in the maximum bug bounty payout from $20,000 to $100,000 and new microgrants for innovative cybersecurity research proposals.
