Cisco Talos unveiled the details of a new RAT dubbed "JhoneRAT, that is dropped to the victims via malicious Microsoft Office documents.
The dropper, along with the Python RAT, attempts to gather information on the victim's machine and then uses multiple cloud services: Google Drive, Twitter, ImgBB and Google Forms.
The RAT attempts to download additional payloads and upload the information gathered during the reconnaissance phase.
Russia's GRU spy agency launched a "phishing" attack in November to access the email of Burisma Holdings employees, California cyber firm Area 1 Security said in a report.
According to the report, the timing of the GRU's campaign in relation to the 2020 US elections raised the specter that this was an early warning of what has been anticipated since the successful cyberattacks undertaken during the 2016 US elections.
DoorDash announced in a blog post that an "unauthorized third party" had accessed user data of approximately 4.9 million "consumers, Dashers, and merchants."
DoorDash said names, email addresses, delivery addresses, order histories, phone numbers, and hashed, salted passwords all “could” have been accessed.
However, it’s not clear what, if anything, might have been done with the data by the third party.
Platform agnostic attack, Simjacker allows hackers to remotely exploit the victims' phone by sending a SMS which contains a malicious code; the code gives instructions to the universal integrated circuit card (UICC)/ SIM card placed inside the targeted device to retrieve and carry out sensitive commands.
The attack is set into motion as soon as the 'attack SMS' sent via another remote handset, is received by the targeted device. The process involves a series of SIM Toolkit (STK) directions particularly configured to be sent on to the SIM Card inside the victim's device.
On September 12, 2019, it became known that the Central Bank has a new punishment for banks for poor cyber defense. The Central Bank launched a new feature for credit institutions, it will be the risk profile on the level of information security.
The risk profile will be formed on the basis of four characteristics, including the share of unauthorised card transactions and the bank's readiness to repel an attack.