fbpx

Richard Giddey

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

Threat Actors Increasingly Abusing GitHub for Malicious Purposes

The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as dead drop resolvers, command-and-control, and data exfiltration points. “Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network traffic, often bypassing traditional security defenses […]

Threat Actors Increasingly Abusing GitHub for Malicious Purposes Read More »

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms

A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio. “Key features include credential harvesting for spamming attacks, AWS account hijacking tools, and functions to enable attacks against PayPal and various

New Python-based FBot Hacking Toolkit Aims at Cloud and SaaS Platforms Read More »

Microsoft Disables App Installer After Feature is Abused for Malware

Microsoft Disables App Installer After Feature is Abused for Malware

Microsoft has disabled the App Installer feature to protect users and prevent threat actors from maliciously exploiting its products and features. The ms-appinstaller URI scheme, which allows users to download and install apps directly from websites using the MSIX package installer, is being abused in malicious activities, reports Microsoft Threat Intelligence. Researchers found that ‘financially

Microsoft Disables App Installer After Feature is Abused for Malware Read More »

China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

The individuals confessed to creating variations of ransomware, enhancing the software through the utilization of OpenAI’s ChatGPT, carrying out vulnerability scans, infiltrating networks to secure access, deploying ransomware, and engaging in extortion. Chinese media has reported the country’s first major step towards countering the use of ChatGPT as four Chinese individuals have been arrested for

China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks Read More »

Cyber-hackers target UK nuclear waste company RWM

Cyber-hackers target UK nuclear waste company RWM

Cyber-hackers have targeted the company behind a £50bn project to build a vast underground nuclear waste store in Britain, its developer has said. Radioactive Waste Management, the company behind the Geological Disposal Facility (GDF) project, has said that hackers unsuccessfully attempted to breach the business using LinkedIn. RWM is the government-owned entity behind a trio

Cyber-hackers target UK nuclear waste company RWM Read More »

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

Among others, developers of the infamous Lumma, an infostealer malware, are already using the exploit by employing advanced tactics like token manipulation and encryption in targeted attacks. CloudSEK’s threat research team has reported a critical exploit affecting Google services, allowing threat actors to generate Google cookies continuously while ensuring continuous access to Google services even

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality Read More »

5 pivotal cybersecurity trends for 2024 - Help Net Security

5 pivotal cybersecurity trends for 2024 – Help Net Security

5 pivotal cybersecurity trends for 2024 In 2023, cyberattacks surged both in terms of frequency and sophistication. The proliferation of cutting-edge hacking tools and technologies – now more accessible than ever thanks to advances in generative AI – created an environment conducive for cyber threats to flourish, forcing organizations to adopt proactive measures to keep

5 pivotal cybersecurity trends for 2024 – Help Net Security Read More »

Unveiling the true cost of healthcare cybersecurity incidents - Help Net Security

Unveiling the true cost of healthcare cybersecurity incidents – Help Net Security

Unveiling the true cost of healthcare cybersecurity incidents As healthcare organizations increasingly rely on interconnected systems, electronic health records, and telemedicine, the industry becomes a prime target for malicious actors seeking to exploit vulnerabilities. The consequences of a cybersecurity breach in healthcare are not only measured in compromised data but also in jeopardized patient safety

Unveiling the true cost of healthcare cybersecurity incidents – Help Net Security Read More »

Techscape: The biggest tech stories of 2023 – from cyber warfare to AI’s ‘existential risk’

Techscape: The biggest tech stories of 2023 – from cyber warfare to AI’s ‘existential risk’

Merry Christmas! We have made it – almost – through another year without being churned into paste by a super-intelligent AI, conscripted into a Martian work camp by an insane billionaire or forced offline by a Carrington event. Even in the absence of civilisation-altering events it’s been a busy year. But the advantage of a

Techscape: The biggest tech stories of 2023 – from cyber warfare to AI’s ‘existential risk’ Read More »

UAC-0099 Hackers Using Old WinRAR Flaw in New Cyberattack on Ukraine

UAC-0099 Hackers Using Old WinRAR Flaw in New Cyberattack on Ukraine

The exploited WinRAR vulnerability was a zero-day flaw identified in August 2023 – Despite subsequent patching efforts, unpatched systems remain at risk and continue to be targeted. Cybersecurity researchers at Deep Instinct Lab have revealed a new series of cyberattacks carried out by ‘UAC-0099,’ specifically targeting Ukrainians. These attacks employ common tactics such as using

UAC-0099 Hackers Using Old WinRAR Flaw in New Cyberattack on Ukraine Read More »

Scroll to Top