Author: Kirsten Doyle

As Black Friday approaches, shoppers eagerly hunt for bargains online, but so do malicious actors. Cyber criminals are like pick-pockets, they go where the crowds are, so this high-traffic shopping season presents a smorgasbord of opportunities for malefactors to exploit vulnerabilities, from phishing scams to fake retail websites. With digital transactions expected to skyrocket, staying vigilant is essential to protect your personal information and hard-earned money. This article will look at practical tips to help you navigate the online shopping frenzy securely, avoid common traps, and protect your data during one of the busiest retail events of the year. Don’t…

Check Point Research has discovered that cybercriminals are exploiting the popular Godot Engine to spread malware, bypassing detection by nearly all antivirus solutions. The new technique uses Godot’s scripting language, GDScript, to deliver malicious payloads through a loader dubbed “GodLoader,” which has infected over 17,000 devices since June 2024. New Threat Vector in Gaming Development Godot Engine, an open-source platform for developing 2D and 3D games, is known for its flexibility and multi-platform capabilities. Its scripting language, GDScript, has become a tool for threat actors to execute malicious commands. Check Point says this method remains undetected by most antivirus engines,…

The Matrix botnet is expanding at an alarming rate, with nearly 35 million devices currently vulnerable to compromise. Researchers from Aqua Nautilus who uncovered the threat, warn that even a fraction of these devices falling into the botnet’s control could result in a massive surge in scale, posing significant risks to global cybersecurity infrastructure. If only 1% of these devices are breached, Matrix could control 350,000 endpoints. A compromise rate of 5% could result in 1.7 million devices—a figure comparable to some of history’s largest distributed denial-of-service (DDoS) campaigns. This would position Matrix as a formidable threat capable of orchestrating…

In a concerning trend that has emerged in recent months, Perception Point has observed threat actors exploiting URL rewriting, a security feature designed to protect users from malicious links in emails. By manipulating the rewritten URLs, malefactors are able to hide phishing links behind trusted domains, evading detection and making it increasingly difficult for security measures to protect users. URL rewriting, which is implemented by email security vendors to replace original URLs with modified ones that are first scanned for threats, has been a key tool in the fight against phishing. However, cybercriminals have now found a way to weaponize…

As the digital landscape evolves, so do the threats and challenges defining cybersecurity. With 2025 around the corner, ISB reached out to several experts to forecast transformative shifts in how businesses, governments, and individuals protect themselves against increasingly sophisticated cyberattacks. Information Security Buzz reached out to leading experts across the technology and cybersecurity spectrum to gain insight into what lies ahead. Regulatory pressures, the rise of Zero Trust as a cornerstone of AI-driven enterprises, and the looming complexities of autonomous hacking, the perspectives shared a glimpse into a future brimming with both opportunity and risk. We had such an overwhelming…

In a chilling discovery, Trellix Advanced Research Center has uncovered a malicious campaign that turns trusted security tools into instruments of attack. The malware manipulates Avast’s Anti-Rootkit driver (aswArPot.sys) to gain deep system access, disable protective measures, and take full control of compromised systems. This sophisticated campaign is an example of a growing threat: the exploitation of kernel-mode drivers, usually designed to protect critical system components. When compromised, these drivers become potent weapons for malicious actors. “What makes this even more alarming is the level of trust associated with kernel-mode drivers—designed to protect the system at its core—which, in this…

More than 2,000 Palo Alto Networks PAN-OS firewalls have been targeted following the disclosure and patching of two security vulnerabilities earlier this month—one of which is classified as critical. This was reported by the Shadowserver Foundation on 20 November. Warnings Unheeded Palo Alto Networks and its threat intelligence team, Unit 42, issued a security advisory regarding the active exploitation of the vulnerabilities, calling them a significant threat, as attackers could leverage them to compromise administrative privileges and deploy malicious payloads. CVE-2024-0012, an authentication bypass flaw, allows an unauthenticated attacker with network access to the management interface to gain administrative control…

The Australian Government has unveiled world-first legislation setting a minimum age of 16 for social media use, aiming to bolster online safety for young Australians. The Online Safety Amendment (Social Media Minimum Age) Bill 2024, introduced today, seeks to protect children during critical developmental years by requiring social media platforms to prevent underage users from creating accounts. Under the new law, social media platforms such as Snapchat, TikTok, Instagram, and X will be categorized as “age-restricted social media platforms” and will be required to implement robust measures to verify users’ ages. This responsibility shifts accountability away from parents or children…

ESET researchers have uncovered WolfsBane, a Linux cyberespionage backdoor attributed with high confidence to the Gelsemium advanced persistent threat (APT) group. This discovery is a major development, as it is the first public report of Gelsemium deploying Linux malware. The newly identified backdoors and tools are designed for cyberespionage, targeting sensitive data, including system information, user credentials, and specific files or directories. They also enable persistent access and stealthy command execution, allowing prolonged intelligence gathering while evading detection. Origins and Links to Gelsemium The researchers discovered WolfsBane and related tools on VirusTotal, with samples uploaded from Taiwan, the Philippines, and…

In a surprising discovery, Aqua Nautilus researchers have identified an emerging attack vector that leverages misconfigured servers to hijack resources for streaming sports events. Using honeypots designed to mimic real-world development environments, researchers uncovered how attackers exploited JupyterLab and Jupyter Notebook applications to conduct illegal live streaming operations, exposing a new facet of cybercrime. A Novel Attack Strategy The investigation uncovered how attackers have exploited publicly exposed Jupyter servers, using weak or absent authentication to gain remote code execution capabilities. Once inside, they deployed the open-source tool ffmpeg to capture live sports broadcasts, redirecting the streams to their illegal platforms…