With the worldwide popularity of Android and its open-source software, hackers have an increased incentive and opportunity to orchestrate attacks. A Google search for “Android malware” brings up headlines like these, all from the past few days or weeks: SecurityScorecard recently analyzed a specific threat known as the AhMyth RAT (remote access trojan), which made headlines for infiltrating a popular screen recording app on the Google Play Store.

Following our research regarding the abuse of Malvertising using Malicious Ads, Cyberint has uncovered a new strain of mobile banking malware. This malware is being distributed on third-party APK sites and is disguised as advertisements for popular messaging applications like KIK and Viber. Our Cyberint team has conducted an analysis of the malware’s source code. Based on our findings, it appears that the campaign is primarily targeting Asia.

Security teams use tools like Microsoft Sentinel to aggregate their security events, alert on threat detection, and most importantly, orchestrate threat responses through a variety of automated playbooks. By providing both Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) functionality, Sentinel enables teams to respond to threats quickly and efficiently.

Malicious npm packages and their dangers have been a frequent topic of discussion — whether it’s hundreds of command-and-control Cobalt Strike malware packages, typosquatting, or general malware published to the npm registry (including PyPI and others). To help developers and maintainers defend against these security risks, Snyk published a guide to npm security best practices.

Ransomware is still present and growing across the threat landscape, to the extent that some organizations now include the cost of a ransomware attack in their annual budgets. Data from our Internet Security Report - Q4 2022 reveals that ransomware detections on endpoints rose by an alarming 627% in 2022 compared to the previous year. While ransomware does not discriminate by industry type, the report clearly shows the manufacturing sector was the most affected during 2022.

Ransomware accounts for one in every four breaches, and increasingly, it’s going after enterprise macOS users.

In recent months, a cybercrime group known as Blacktail has begun to make headlines as they continue to target organizations around the globe. The group was first spotted by the Unit 42 Team at Palo Alto Networks earlier this year. Since February, the group has launched multiple attacks based on their latest ransomware campaign labeled Buhti.

Unstructured data is a prime target for ransomware attacks, making it crucial for organizations to protect and manage it effectively. Currently, it is estimated that 80-90% of all data generated falls into the unstructured category, consisting of files and objects. Organizations rely on unstructured data to store sensitive information, intellectual property, and other invaluable corporate assets.

GraphQL has become a popular choice for building APIs in recent years. In projects using Typescript and Apollo Client, such as Rubrik’s, it is very helpful to map GraphQL schema to types and interfaces and one of the most popular tools for generating these types and interfaces based on a GraphQL schema is Apollo Codegen.

The NSA has published a guide about how to mitigate against attacks involving the BlackLotus bootkit malware, amid fears that system administrators may not be adequately protected against the threat. The BlackLotus UEFI bootkit made a name for itself in October 2022, when it was seen being sold on cybercrime underground forums for $5,000.