Apple Zero-Day Vulnerabilities
Apple Zero-Day Vulnerabilities
  • Alert & Advisory
  • May 18, 2021

Apple has reported a zero-day vulnerability affecting its iOS, macOS and watchOS operating system being exploited by attackers in the wild to craft malicious web content, which may lead to remote code execution. Apple has therefore, released security patches for the zero-day bugs under active attacks.

Best Practices for Preventing Business Disruption from Ransomware Attacks
Best Practices for Preventing Business Disruption from Ransomware Attacks
  • Alert & Advisory
  • May 15, 2021

Malicious cyber actors has consistently deployed ransomware against government and private companies with recently trending attack on the US pipeline company’s information technology (IT) network, and the Japanese Conglomerate Toshiba unit by the DarkSide ransomware group. Critical Information asset owners and operators in Nigeria are therefore advised to adopt a heightened state of awareness and implement the recommendations listed in the Mitigations section of this Advisory, including implementing robust network segmentation between IT (Information technology) and OT (Operational Technology) networks; regularly testing manual controls; and ensuring that backups are implemented, regularly tested, and isolated from network connections. These mitigations will help CI owners and operators improve their entity's functional resilience by reducing their vulnerability to ransomware and the risk of severe business degradation if impacted by ransomware.

Cybercriminals Using Telegram messaging service to Distribute ToxicEye Malware
Cybercriminals Using Telegram messaging service to Distribute ToxicEye Malware
  • Alert & Advisory
  • April 28, 2021

Researchers discovered that Telegram instant messaging service is being used by malicious actors to manage a remote access trojan (RAT) called ToxicEye. These cyber criminals are increasingly abusing Telegram as a "command-and-control" system to distribute malware into organizations that could then be used to capture sensitive information from targeted systems. More than 130 attacks involving the ToxicEye RAT has been discovered recently, and warning that even when Telegram is not installed or being used, the system allows hackers to send malicious commands and operations remotely via the instant messaging app.

Cellebrite Forensic Software Security Vulnerabilities
Cellebrite Forensic Software Security Vulnerabilities
  • Alert & Advisory
  • April 28, 2021

Signal CEO in a successful hacking of the Cellebrite cellphone hacking and cracking tool revealed that the software lacks industry-standard exploit mitigation defenses, thereby making the software vulnerable to exploitations. This is coming after Cellebrite claimed in 2019 that its new tool unlocks almost any iOS and Android device, and in December 2020, that it could easily crack Signal’s encryption. Marlinspike accused Cellebrite of making a living from undisclosed vulnerabilities hence the decision to play it smart with the company by publicly publishing the vulnerability.

Fake LinkedIn Job Offer Malware
Fake LinkedIn Job Offer Malware
  • Alert & Advisory
  • April 12, 2021

A new spear-phishing campaign has been discovered to be targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated and dangerous backdoor trojan called "more_eggs." According to researchers, the threat actors are using zip files to trick LinkedIn users into executing the More_eggs backdoor.

Related Articles