GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others https://firewall.firm.in/wp-content/uploads/2024/07/gitlab.jpg Jun 28, 2024NewsroomSoftware Security / DevOps GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition (EE), ...

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data https://firewall.firm.in/wp-content/uploads/2024/06/north.png Jun 28, 2024NewsroomCyber Espionage / Cyber Attack The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that’s designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early ...

Banks told to stay vigilant amid intel on cyberattack threat – ET CISO https://etimg.etb2bimg.com/thumb/msid-111356132,imgsize-28516,width-1200,height=765,overlay-etciso/cybercrime-fraud/banks-told-to-stay-vigilant-amid-intel-on-cyberattack-threat.jpg Banks across the country have been put on alert amid tip-offs received by the regulator on possible cyberattacks. They have been told to proactively monitor their systems for threat detection on a 24/7 basis. “In the light of credible threat intelligence received regarding potential cyberattacks, regulated ...

Google to Block Entrust Certificates in Chrome Starting November 2024 https://firewall.firm.in/wp-content/uploads/2024/06/dv.png Jun 29, 2024NewsroomCybersecurity / Website Security Google has announced that it’s going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority’s inability to address security issues in a timely manner. “Over the past ...

Rust-Based P2PInfect Botnet Evolves with Miner and Ransomware Payloads https://firewall.firm.in/wp-content/uploads/2024/06/botnet.png The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat’s transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. “With its latest updates to the crypto miner, ransomware ...

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor https://firewall.firm.in/wp-content/uploads/2024/06/russia.png Jun 22, 2024NewsroomCyber Espionage / Threat Intelligence Russian organizations have been targeted by a cybercrime gang called ExCobalt using a previously unknown Golang-based backdoor known as GoRed. “ExCobalt focuses on cyber espionage and includes several members active since at least 2016 and presumably once part of the notorious Cobalt ...

New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration https://firewall.firm.in/wp-content/uploads/2024/06/malware.png Jun 20, 2024NewsroomThreat Intelligence / Cybercrime A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it’s aware of four different distribution methods — namely ...

Cybercrooks use AI, launch bot-based attacks – ET CISO https://etimg.etb2bimg.com/thumb/msid-111049538,imgsize-561945,width-1200,height=765,overlay-etciso/cybercrime-fraud/cybercrooks-use-ai-launch-bot-based-attacks.jpg A Pune-based real estate firm was recently duped out of ₹4 crore when cybercriminals, masquerading as its chairman, tricked an accounts officer into transferring company funds into fraudulent bank accounts. At the local unit of a multinational company, the finance controller fell prey to a similar scam running into crores ...

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw https://firewall.firm.in/wp-content/uploads/2024/06/crypto.png Jun 19, 2024NewsroomCybercrime / Crypto Security Crypto exchange Kraken revealed that an unnamed security researcher exploited an “extremely critical” zero-day flaw in its platform to steal $3 million in digital assets and refused to return them. Details of the incident were shared by Kraken’s Chief Security Officer, Nick ...

Vipin Surelia, VISA on mitigating cyber frauds this tax filing season – ET CISO https://etimg.etb2bimg.com/thumb/msid-111000270,imgsize-68548,width-1200,height=765,overlay-etciso/cybercrime-fraud/vipin-surelia-visa-on-mitigating-cyber-frauds-this-tax-filing-season.jpg Vipin Surelia, Head, Risk Services, Visa The Reserve Bank of India’s annual report last year highlighted the severity of digital fraud. With 6,659 reported cases amounting to Rs 276 crore, it’s evident that such frauds pose a substantial threat. Tactics used by cybercriminals have evolved, ...