Device Security, Malware, Application security, Threat intelligence
SC StaffOctober 22, 2022
Iranian state-sponsored menace radical Domestic Kitten, besides known arsenic APT-C-50, has deployed the updated FurBall Android spyware successful mobile surveillance campaigns targeted astatine Iranian citizens, BleepingComputer reports. Despite having galore similarities with anterior versions, the caller FurBall malware includes obfuscation and command-and-control updates, according to an ESET report. Fraudulent sites impersonating morganatic ones person been leveraged by Domestic Kitten to dispersed the updated spyware, which has the capableness to bargain instrumentality location, SMS messages, clipboard contents, interaction list, telephone logs, notification contents, instrumentality info, and installed and moving apps. While the malware illustration obtained by ESET lone required contacts and retention media access, it could straight retrieve executable commands from its C2 server. The study besides showed that people names, logs, strings, and server URI paths person been added to FurBall's caller obfuscation layer. Such an obfuscation furniture has made the updated spyware detectable by lone 4 antivirus engines connected VirusTotal, compared with the older mentation being identified by 28 AV engines.
Device Paradox: Why Security & Criticality Don’t Overlap successful Embedded Systems – Ang Cui – PSW #758
October 5, 2022
Red Balloon Security CEO Ang Cui has spent implicit a decennary looking into the astir captious devices supporting our infrastructure. He explains wherefore the penetration that launched his institution inactive holds true, and what it volition instrumentality for information experts, manufacturers and extremity users to resoluteness our insecure stasis. Segment Resources: https://redballoonsecu...
Gen Z, millennials instrumentality cybersecurity little earnestly connected enactment devices than idiosyncratic ones
Stephen WeigandOctober 19, 2022
Millennial and Gen Z employees are much relaxed erstwhile it comes to cybersecurity connected their enactment devices than their idiosyncratic devices, according to a caller survey from Ernst & Young Consulting.
Actively exploited Fortinet vulnerability present has PoC exploit
SC StaffOctober 18, 2022
Immediate patching of a precocious reported and actively exploited captious vulnerability successful Fortinet FortiOS, FortiSwitchManager, and FortiProxy, has been further urged pursuing the merchandise of a proof-of-concept exploit code, according to The Hacker News.