The tech giant has uncovered more than 400 malicious Android and iOS apps this year which steal usernames and passwords. 45 out of the 400 apps it found were on iOS, while the rest were on Android. They masquerade themselves as popular services like photo editors, games and VPNs to trick people into downloading them. How do these malicious apps work? Apart from displaying fun...
Read More
Microsoft confirmed it is investigating two zero days affecting its Exchange Server software late Thursday following a report from Vietnamese cybersecurity firm GTSC that the vulnerabilities are being exploited in the wild. GTSC said it discovered the issues in August while doing security incident monitoring and response, then reported the issue to Microsoft’s Zero Day Initiative, which confirmed the bugs. The attacks GTSC reported chain together the two vulnerabilities. ...
Read More
INTRODUCTION Cisco Talos observed North Korean state-sponsored APT Lazarus Group conducting malicious activity between February and July 2022. Lazarus has been previously attributed to the North Korean government by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The entry vectors involve the successful exploitation of vulnerabilities in VMWare products to establish initial footholds into enterprise networks, followed by the deployment of the group’s custom malware implants, VSingle and YamaBot. In...
Read More
What is Vice Society? Vice Society is a little-known double extortion group that joined the cybercrime ecosystem a year ago. Since then, it showed a steady activity, encrypting and exfiltrating its victim’s data and threatening their victims to leak their information to pressure them into paying a ransom. Unlike other RaaS (Ransomware-as-a-Service) double extortion groups, Vice Society focuses on getting into the victim system to deploy ransomware binaries...
Read More
BGD e-GOV CIRT গত বছরের মত এবারও সকল আর্থিক প্রতিষ্ঠানে কর্মরত সাইবার পেশাজীবিদের অংশগ্রহণের মাধ্যমে তাদের সাইবার নিরাপত্তায় ইন্সিডেন্ট হ্যান্ডলিং বিষয়ে দক্ষতা বৃদ্ধি ও সাইবার নিরাপত্তার ধারণা দেওয়ার জন্য আগামী ২২ অক্টোবর ২০২২ তারিখে Financial Institution Cyber Drill 2022 এর আয়োজন করতে যাচ্ছে। Registration এর জন্য প্রতিটি দলের জন্য ১০,০০০ (দশ হাজার) টাকা নিবন্ধন ফি ধার্য্য করা হয়েছে যা CIRT এর e-shop এর মাধ্যমে পেমেন্ট...
Read More
