Third Party Risk Assessment

Third Party Risk Assessment Page 1

Kimsuky Browser Extension Steal Email Content North Korea Threat Group

Kimsuky launches a new browser extension to steal email content

An alleged North Korean malicious threat group called Kimsuky was seen spreading a malicious browser extension for Microsoft Edge and Google Chrome. This newly discovered campaign aims to steal email content from open AOL and Gmail sessions and substitute browser preference files. According to the researcher, the malicious extension is named SHARPEXT. The Kimsuky threat...
Continue Reading
Outdated GPS Flaws Vulnerability Hackers Service Disruption Vehicles

Outdated GPS flaws could allow hackers to disrupt vehicles from afar

CISA published a new advisory regarding the outdated security flaws in MiCODUS MV720 Global Positioning System (GPS) trackers included in more than one and a half million vehicles. This bug could potentially result in a remote disruption of vehicle operation that could result in accidents. According to the researchers, successfully abusing these critical vulnerabilities could enable...
Continue Reading
Sality Botnet Industrial Control Systems ICS Cyber Threat PLC

An upgraded Sality botnet can now target Industrial Control Systems

The Sality botnet is one of the oldest botnets in the cybercriminal landscape. However, despite its age, Sality has stood the test of time and continued to upgrade its capabilities to conduct more malicious activities. In its most recent version, the Sality botnet has been discovered targeting Industrial Control Systems (ICS), which the botnet has...
Continue Reading
User Anonymity Web Browsers Incognito Bypassed New Research Study

User anonymity in web browsers could be bypassed based on a new study

In a recent study, researchers have found a new technique that could allow anyone, such as hackers, to bypass a web browser’s user anonymity protections to know a website visitor’s unique identity. For instance, once a hacker has gained control of a website, they would be able to identify a user’s identity and unique online...
Continue Reading
Fake Malicious Apps WhatsApp App Stores Mobile Apps

Fake and malicious WhatsApp versions circulate on multiple app stores

WhatsApp’s CEO published an advisory on Twitter after fake versions of the messaging application were spotted circulating in numerous app stores. According to the messaging platform, WhatsApp users should be careful of downloading from unknown sources since they are being impersonated by a malicious application that poses as legitimate. The incident happened after the company’s...
Continue Reading
New York US DMV Department of Motor Vehicles Threat Warning Phishing SMS Scams Fraud Prevention

New York’s DMV warns its customers regarding phishing scams

The New York State Department of Motor Vehicles (DMV) has published a threat advisory to warn its customers about a phishing scam that can steal sums by exfiltrating credentials. Based on reports, the phishing scam attempts to steal its targeted victims’ credentials and other essential information. The phishing attack includes spam messages containing malicious links...
Continue Reading
CuteBoi Cyberattack Campaign Crypto Mining Malware NPM JavaScript Exploit

CuteBoi campaign launched for a massive crypto mining campaign

An unidentified threat group has launched a newly spotted crypto mining campaign called CuteBoi to conduct a malicious attack that targets the NPM JavaScript package repository. Based on the analysis, the threat actors used the term “cute” as a username and was hardcoded in numerous packages and a non-random NPM username. The researchers also noticed...
Continue Reading
OAuth Exploited Single Click Account Hijacking Open Authentication Hacking

OAuth gets exploited to launch single-click account hijacking

Researchers detailed how OAuth, or Open Authentication framework, could be abused by hackers to perform a single-click account hijacking through its process flow. OAuth is a platform that manages identities and secures online areas of third-party services across the online landscape. Service providers use OAuth for temporary and secure access tokens instead of the usual...
Continue Reading
Microsoft Threat Warning 8220 Crypto Mining Threat Group Linux

Microsoft warns users regarding the 8220 mining group

The Microsoft company has released a threat advisory regarding a mining gang called 8220 that targets the Linux operating system. Moreover, this newly discovered threat group has been seen installing crypto-mining malware. According to the researchers, the adversary was spotted with an updated malware campaign that included a new strain of IRC bot and a...
Continue Reading
Hackers Missouri Eyecare Clinic US 92K Patients Data Breach Mattax Neu Prater Eye Center myCare Integrity Third Party Risk

Hackers hit a Missouri-based eyecare clinic, affecting 92K patients

A Missouri-based eyecare clinic, Mattax Neu Prater Eye Center, had recently reported a data breach incident that impacted exactly 92,361 individuals. According to the security researchers, the actual hacking incident happened last December, but the eyecare clinic only announced it in the last week of June this year. From the statement released by Mattax Neu...
Continue Reading
1 2 3 12