Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats – Tempemail

Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post. At least 11 U.S. Embassy officials stationed in Continue Reading

Yet Another Zoho ManageEngine Product Found Under Active Attacks – Tempemail

Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, Continue Reading

Researchers Detail How Pakistani Hackers Targeting Indian and Afghan Governments – Tempemail

A Pakistani threat actor successfully socially engineered a number of ministries in Afghanistan and a shared government computer in India to steal sensitive Google, Twitter, and Facebook credentials from its targets and stealthily obtain access to government portals. Malwarebytes’ latest findings go into detail about the new tactics and tools Continue Reading

New Malvertising Campaigns Spreading Backdoors, Malicious Chrome Extensions – Tempemail

A series of malicious campaigns have been leveraging fake installers of popular apps and games such as Viber, WeChat, NoxPlayer, and Battlefield as a lure to trick users into downloading a new backdoor and an undocumented malicious Google Chrome extension with the goal of stealing credentials and data stored in Continue Reading

Why Everyone Needs to Take the Latest CISA Directive Seriously – Tempemail

Government agencies publish notices and directives all the time. Usually, these are only relevant to government departments, which means that nobody else really pays attention. It’s easy to see why you would assume that a directive from CISA just doesn’t relate to your organization. But, in the instance of the Continue Reading

New Payment Data Sealing Malware Hides in Nginx Process on Linux Servers – Tempemail

E-commerce platforms in the U.S., Germany, and France have come under attack from a new form of malware that targets Nginx servers in an attempt to masquerade its presence and slip past detection by security solutions. “This novel code injects itself into a host Nginx application and is nearly invisible,” Continue Reading

CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability – Tempemail

The U.S. Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are warning of active exploitation of a newly patched flaw in Zoho’s ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities. Tracked as CVE-2021-44077 (CVSS score: 9.8), the Continue Reading

Meta Expands Facebook Protect Program to Activists, Journalists, Government Officials – Tempemail

Meta, the company formerly known as Facebook, on Thursday announced an expansion of its Facebook Protect security program to include human rights defenders, activists, journalists, and government officials who are more likely to be targeted by bad actors across its social media platforms. “These people are at the center of Continue Reading

Ensuring visibility across the entire API lifecycle – Tempemail

The following article is based on a webinar series on enterprise API security by Imvision, featuring expert speakers from IBM, Deloitte, Maersk, and Imvision discussing the importance of centralizing an organization’s visibility of its APIs as a way to accelerate remediation efforts and improve the overall security posture. Centralizing security Continue Reading

Researches Detail 17 Malicious Frameworks Used to Attack Air-Gapped Networks – Tempemail

Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information. “All frameworks are designed to perform some form of espionage, [and] Continue Reading