"RustyBuer" is a fresh variant of a malware loader called Buer written in Rust. The malware is said to have affected no fewer than 200 organizations across more than 50 verticals since April. The loader is a modular malware-as-a-service offering that's sold on underground forums. It's the latest in a series of efforts aimed at…

Google announced Tuesday that its Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. The company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months. Google doesn't intend to rewrite all of its existing C and C++…

Apple released updates for iOS, iPadOS, and tvOS with fixes for three security vulnerabilities that it says may have been actively exploited in the wild. The iPhone maker did not disclose how widespread the attack was or reveal the identities of the attackers actively exploiting them. The updates are now available for iPhone 6s and…

A British court has rejected the U.S. government's request to extradite Wikileaks founder Julian Assange to the United States. Assange is accused of illegally obtaining and sharing classified material related to national security. The case centers on WikiLeaks' publication of hundreds of thousands of leaked documents about the Afghanistan and Iraq wars, as well as…

Cybersecurity researchers reveal concerted campaign against India's critical infrastructure from Chinese state-sponsored groups. Attacks targeted a total of 12 organizations, 10 of which are in the power generation and transmission sector. The attacks coincided with the standoff between the two nations in May 2020. Border conflicts have flared up since last year after deadly clashes…

A custom dictionary that filters out certain words that are not allowed as passwords in the environment can significantly improve cybersecurity posture and filter out obvious passwords that provide poor security for user accounts. The custom dictionary works in favor of securing the passwords in your environment. There are out-of-the-box password dictionaries and password files…

The vulnerability affects ForgeRock's OpenAM access management tool. It could be leveraged to execute arbitrary code on an affected system remotely. The issue is a pre-authentication remote code execution (RCE) vulnerability in ForgeRock Access Manager. It stems from an unsafe Java deserialization in the Jato framework used by the software. ForgeRock customers are advised to…

Cybersecurity firm SentinelOne attributed the attacks to a nation-state actor affiliated with Iran it tracks under the moniker "Agrius" The group's modus operandi involves deploying a custom.NET malware called Apostle that has evolved to become a fully functional ransomware, supplanting its prior wiper capabilities. Some of the attacks have been carried out using a second…

Ransomware attacks started picking up in 2012, and since then, it has become the most pervasive cyber-attacks across the world. The first known ransomware attack was carried out in 1989 by an AIDS researcher, Joseph Popp, who distributed malicious 20,000 floppy disks to AIDS researchers spanning more than 90 countries, claiming that the disks contained…

New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software. The spear-phishing attacks take the form of a PowerShell command that's capable of running inside of the email, the researchers said. A second attack vector involves decoy documents sent via email…