Israeli firm Candiru exploited Windows zero-days to deploy spyware

Candiru, an Israeli surveillance company also known as Sourgum, used Windows zero-day exploits to release DevilsTongue, a new Windows malware.   According to Microsoft and Citizen Lab researchers, Candiru’s spyware…

Trickbot makes a comeback with its VNC module for high-value targets

Despite law enforcement actions intended at eliminating the Trickbot botnet, it continues to evolve. The creators recently released an upgrade for the VNC module, which is used to control infected…

Amazon rolls out Ring end-to-end encryption globally

Amazon-owned Ring to roll out End-to-End Encryption based videos in compatible devices worldwide.   On 13th Jan 2021, Ring announced the launch of End-to-End Encryption in technical preview for US…

REvil ransomware gang’s websites shut down: Report

The REvil ransomware operation’s infrastructure and websites have unexpectedly vanished from the dark web, leading to speculation that the criminal operation has been shut down.   REvil, or Sodinokibi, is…

American fashion brand Guess suffers data breach

Guess, an American fashion brand, was hit by a ransomware attack in February, and the company has now announced a data breach and notified affected customers.   The attack was…

Magecart hackers hide stolen credit card data into images and fake CSS files

Magecart hackers have devised a new strategy for altering malware within comment blocks and disguising stolen credit card data in pictures in order to avoid detection.   Magecart is an…

Kaseya issued fixes for flaws exploited in REvil ransomware attack

The VSA zero-day vulnerabilities were used by the REvil ransomware gang to attack MSPs and their clients, and Kaseya has published security patches for them.   Kaseya VSA is a…

Mint Mobile data breach: Hackers accessed personal data

Mint Mobile has announced a data breach that exposed members’ account information and moved phone numbers to another carrier, according to BleepingComputer’s report.   A threat actor moved the phone…

Hackers use new tricks to disable Macro security warnings in malicious Office files

Researchers discovered that hackers are using a sophisticated phishing attack strategy in which non-malicious documents are used to disable Macro security alerts before executing macro code on targeted machines.  …

Tech giants threaten to leave Hong Kong over data-protection laws

Facebook Inc., Twitter Inc., and Alphabet Inc.’s Google have threatened the Hong Kong government that if authorities proceed with new data-protection laws that may hold them accountable for the harmful…