Автор: Elizabeth Montalbano, Contributing Writer

A new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.

A collaboration with the FBI and law-enforcement agencies in Europe, the UK, and Australia, Operation Magnus has seized servers and source code related to the two malware families, which have stolen data from millions of victims worldwide.

Popular titles on both Google Play and Apple’s App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.

GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.

The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.

The long-active, India-sponsored cyber-threat group targeted multiple entities across Asia, Africa, the Middle East, and even Europe in a recent attack wave that demonstrated the use of a previously unknown post-exploit tool called StealerBot.

Organizations should be on high alert until next month’s US presidential election to ensure the integrity of the voting process, researchers warn.

Attackers can introduce a malicious document in systems such as Microsoft 365 Copilot to confuse the system, potentially leading to widespread misinformation and compromised decision-making processes.

Since April, attackers have increased their use of Dropbox, OneDrive, and SharePoint to steal the credentials of business users and conduct further malicious activity.

The largest publicly traded water utility in the US was forced to disconnect some of its online systems, and its website and telecommunications system remained unavailable as of Tuesday morning, Oct. 8.