Google is rolling out a new banner to highlight the “Independent security review” badge in the Play Store’s Data safety section for Android VPN apps that have undergone a Mobile Application Security Assessment (MASA) audit. “We’ve launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle,” Nataliya
Read More
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a reverse shell on compromised systems. “These packages, deceptively named to appear legitimate, contained obfuscated JavaScript designed to initiate a reverse shell on package install,” software supply chain security firm Phylum said. All the counterfeit packages have
Read More
The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from N-able called Advanced Monitoring Agent. Cybersecurity firm Deep Instinct, which disclosed details of the attacks, said the campaign “exhibits updated TTPs to previously reported MuddyWater activity,” which has, in the past, used
Read More
A relatively new threat actor known as YoroTrooper is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani entities, barring the government’s Anti-Corruption Agency. “YoroTrooper attempts to obfuscate
Read More
Our mission is to educate our customer base, build capacity in every country we operate in and make cyber security affordable to all