The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim’s location. The new findings come from Kaspersky, which detailed the great lengths the adversary behind the campaign, dubbed Operation Triangulation, went
Read More
The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims’ accounts. “Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube,” ESET security researcher Matthieu Faou said in a new report published today. Previously, it was using
Read More
Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered in Booking[.]com and Expo. The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors to obtain access tokens
Read More
Check Point Research reported on a new large-scale phishing campaign targeting more than 40 organizations in Colombia. Meanwhile there was change at the top with Formbook ranked the most prevalent malware following the collapse of Qbot in August Our latest Global Threat Index for September 2023 saw researchers report on a new stealth phishing campaign
Read More
Our mission is to educate our customer base, build capacity in every country we operate in and make cyber security affordable to all