Lifeboat Foundation

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.

Cybercriminals are growing ever more relentless and deft with their attacks, with data breaches and system disruptions due to cyberattacks rising every year. Therefore, finding and strengthening cybersecurity weak spots, or vulnerabilities, is key to thwarting these attacks.

A key vulnerability is apps. Many organizations rely on productivity software and apps built in-house or from IT service providers to be competitive in today’s market. However, while these solutions boost productivity and employee and customer experiences, many of them have weak security measures that can expose the organization to cyberattackers.

A new, multi-functional Go-based malware dubbed Chaos has been rapidly growing in volume in recent months to ensnare a wide range of Windows, Linux, small office/home office (SOHO) routers, and enterprise servers into its botnet.

“Chaos functionality includes the ability to enumerate the host environment, run remote shell commands, load additional modules, automatically propagate through stealing and brute-forcing SSH private keys, as well as launch DDoS attacks,” researchers from Lumen’s Black Lotus Labs said in a write-up shared with The Hacker News.

A majority of the bots are located in Europe, specifically Italy, with other infections reported in China and the U.S., collectively representing “hundreds of unique IP addresses” over a one-month time period from mid-June through mid-July 2022.

WhatsApp for Android and iOS patches two critical remote code execution vulnerabilities that could have allowed attackers to remotely hack targeted de.

A California university is refusing to release a cache of grisly photos of monkeys reportedly injured during experiments testing Elon Musk’s Neuralink brain implant technology, in spite of a lawsuit aiming to force the school’s hand.

In a press release, the Physicians Committee for Responsible Medicine (PCRM) advocacy group said that it had learned that the University of California, Davis is in possession of 371 photos of the experimented-upon monkeys that were subjected to Neuralink tests, which took place at the school’s veterinary lab facilities.

Earlier this year, Neuralink admitted that a fifth of the 23 rhesus macaques monkeys it used to test its brain-hacking implants had been euthanized after developing infections and malfunctions. Bolstering PCRM’s credibility, that admission came in the wake of its a complaint it filed against Neuralink.

Security analysts at ASEC have discovered a new wave of attacks targeting vulnerable Microsoft SQL servers, involving the deployment of a ransomware strain named FARGO.

GitHub team has issued a warning about an ongoing phishing campaign impersonating CircleCI notifications to steal targeted users’ credentials and two.

Somebody wormed their way into the tech giant’s systems, though it’s hard to say how bad the damage is yet.

Gamers looking for cheats on YouTube are being targeted with links to rogue password-protected archive files designed to install crypto miners and information-stealing malware such as RedLine Stealer on compromised machines.

“The videos advertise cheats and cracks and provide instructions on hacking popular games and software,” Kaspersky security researcher Oleg Kupreev said in a new report published today.

SparklingGoblin is the name given to a Chinese advanced persistent threat (APT) group with connections to the Winnti umbrella (aka APT41, Barium, Earth Baku, or Wicked Panda). It’s primarily known for its attacks targeting various entities in East and Southeast Asia at least since 2019, with a specific focus on the academic sector.

In August 2021, ESET unearthed a new piece of custom Windows malware codenamed SideWalk (aka ScrambleCross) that was exclusively leveraged by the actor to strike an unnamed computer retail company based in the U.S.

Subsequent findings from Symantec, part of Broadcom software, have linked the use of SideWalk to an espionage attack group it tracks under the moniker Grayfly, while pointing out the malware’s similarities to that of Crosswalk.