The Lazarus Group, a cybercriminal organization with ties to North Korea, has been stealing billions of dollars from cryptocurrency projects since 2016 by using trojanized versions of Virtual Network Computing (VNC) applications and posing as recruiters on platforms like LinkedIn, Telegram, and WhatsApp to deceive individuals and install malware.
The FIDO Alliance reports an increase in scams and phishing threats, attributed to the accessibility of generative AI tools and the use of deepfake technology, and recommends stronger security measures such as passkeys and on-device biometrics.
Amazon has introduced passkeys as a passwordless authentication method, enhancing security by allowing users to log in using biometric authentication on their devices.
Two critical security vulnerabilities in CasaOS could potentially allow attackers to execute arbitrary code and take control of vulnerable systems.
APT groups have started using Discord for exfiltration purposes, posing a new threat to critical infrastructure and raising concerns about the adaptability of cybercriminals.
Milesight industrial cellular routers have a vulnerability allowing unauthorized access to sensitive information, while South River Technologies’ servers have vulnerabilities potentially granting remote superuser access.
