Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
A novel side-channel attack called GPU.zip renders virtually all modern graphics processing units (GPU) vulnerable to information leakage. « This channel exploits an optimization that is data dependent, software transparent, and present in nearly all modern GPUs: graphical data compression, » a group of academics from the University of Texas at Austin, Carnegie Mellon University, University of
New Survey Uncovers How Companies Are Confronting Data Security Challenges Head-On
Data security is in the headlines often, and it’s almost never for a positive reason. Major breaches, new ways to hack into an organization’s supposedly secure data, and other threats make the news because well, it’s scary — and expensive. Data breaches, ransomware and malware attacks, and other cybercrime might be pricey to prevent, but […]
New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software
A new malware strain called ZenRAT has emerged in the wild that’s distributed via bogus installation packages of the Bitwarden password manager. « The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page, » enterprise security firm Proofpoint said in a technical report. « The malware is a modular remote access […]
Critical libwebp Vulnerability Under Active Exploitation – Gets Maximum CVSS Score
Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an […]
Microsoft is Rolling out Support for Passkeys in Windows 11
Microsoft is officially rolling out support for passkeys in Windows 11 today as part of a major update to the desktop operating system. The feature allows users to login to websites and applications without having to provide a username and password, instead relying on their device PIN or biometric information to complete the step. Based on FIDO standards, […]
ShadowSyndicate: A New Cybercrime Group Linked to 7 Ransomware Families
Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. « ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs, » Group-IB and Bridewell said in a new joint report. The actor, active […]
FIN12, ce groupe cybercriminel qui inonde la France de ransomwares
L’ANSSI consacre un rapport à FIN12, groupe cybercriminel auquel elle attribue de nombreuses attaques par ransomware survenues en France.
Essential Guide to Cybersecurity Compliance
SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your compliance journey, read on to discover the differences between standards, which is best for your business, and how vulnerability management can aid compliance. […]
Xenomorph Banking Trojan: A New Variant Targeting 35+ U.S. Financial Institutions
An updated version of an Android banking trojan called Xenomorph has set its sights on more than 35 financial institutions in the U.S. The campaign, according to Dutch security firm ThreatFabric, leverages phishing web pages that are designed to entice victims into installing malicious Android apps that target a broader list of apps than its predecessors. Some of the […]
Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign
A « multi-year » Chinese state-sponsored cyber espionage campaign has been observed targeting South Korean academic, political, and government organizations. Recorded Future’s Insikt Group, which is tracking the activity under the moniker TAG-74, said the adversary has been linked to « Chinese military intelligence and poses a significant threat to academic, aerospace and defense, government,