Hackers Tampered With APKPure Store to Distribute Malware Apps

APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In an incident that’s similar to that of German telecommunications equipment manufacturer Gigaset, the APKPure client version 3.17.18 is said to

0 Comments

How to use Docker Bench for Security to audit your container deployments

Docker Bench for Security is a simple way of checking for common best practices around your Docker deployments in production. Jack Wallen shows you how to use this tool. Image: Docker One of the biggest issues surrounding container deployments is security. This is such an issue because there are so

0 Comments

Zero trust: The good, the bad and the ugly

Zero trust is a good cybersecurity platform, but experts suggest care to get it right and not disenfranchise users. Image: iStockphoto/milo827 Thanks to the pandemic, the zero trust cybersecurity model has come into its own. However, like most things concerning cybersecurity, zero trust has a good side, a bad side

0 Comments

Adware Spreads via Fake TikTok App, Laptop Offers

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

0 Comments

Fraudsters Use HTML Legos to Evade Detection in Phishing Attack

Criminals stitch pieces of HTML together and hide them in JavaScript files, researchers report. Researchers with Trustwave SpiderLabs are warning of a phishing campaign that employs what it calls “HTML Lego” to deliver a fake login page. The phishing campaign is aimed at Microsoft 365 users and designed to mimic a Microsoft

0 Comments

(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor

ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa ESET researchers have discovered a previously undocumented Lazarus backdoor, which they have dubbed Vyveva, being used to attack a freight logistics company in South Africa. The backdoor consists of multiple components and communicates with

0 Comments

Zoom Joins Microsoft Teams on List of Enterprise Tools Hacked at Pwn2Own

White-hat hacking event shows yet again why there’s no such thing as foolproof security against modern attacks. A pair of security researchers at the virtual Pwn2Own hacking contest Wednesday exploited a combination of three individual zero-day bugs in the Zoom client to show how attackers could gain complete remote control

0 Comments

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers

Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10, and affects RV110W

0 Comments

2021 Brings new security challenges and regulations for European CISOs

European CISOs are shifting how they spend on security in response to the COVID-19 pandemic and are having to adopt to a raft of new proposed EU cyber regulations. Forrester has recently explored three security topics: that of European cyber regulations, European CISO budgetary trends in 2021, and finally the

0 Comments

How to better combat malware delivered through email

A majority of security pros said they’re most concerned about malicious payloads sent to employees via file attachments, according to a survey from GreatHorn. Image: iStock/Igor Kutyaev Phishing emails are one of the most common and successful ways to infect an organization with malware. Employees who’ve been instructed not to

0 Comments