Cyooda

Increase your cybersecurity effectiveness

The very best knowledge of all aspects of cybersecurity.

Get our blog and 'The Cybersecurity Loop' newsletter delivered to your inbox:

To be or not to be a ciso

To be or not to be a CISO

Do you aspire to be a CISO? As a former CISO, I felt compelled to write this article after seeing many articles about the role of a CISO and opinions on how hard it is becoming. I’m uncertain whether many people today would actually aspire to be a CISO given the pressures, the demands of…
Read More

Attackers Using Obfuscation Tools to Deliver Multi-Stage Malware via Invoice Phishing

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets. The email messages come with Scalable Vector Graphics (SVG) file attachments that, when clicked, activate the infection sequence, Fortinet
Read More

Vietnamese Cybercrime Group CoralRaider Nets Financial Data

With a complex attack chain and using Telegram for its command and control, CoralRaider targets victims in Asian countries — and appears to have accidentally infected itself as well.
Read More

Targus discloses cyberattack after hackers detected on file servers

Laptop and tablet accessories maker Targus disclosed that it suffered a cyberattack disrupting operations after a threat actor gained access to the company's file servers. [...]
Read More

Hackers deploy crypto drainers on thousands of WordPress sites

Almost 2,000 hacked WordPress sites now display fake NFT and discount pop-ups to trick visitors into connecting their wallets to crypto drainers that automatically steal funds. [...]
Read More

Cyberattack on UK’s CVS Group disrupts veterinary operations

UK veterinary services provider CVS Group has announced that it suffered a cyberattack that disrupted IT services at its practices across the country. [...]
Read More

Solar Spider Spins Up New Malware to Entrap Saudi Arabian Financial Firms

An ongoing cyberattack campaign with apparent ties to China uses a new version of sophisticated JavaScript remote access Trojan JSOutProx and is now targeting banks in the Middle East.
Read More

Over 92,000 exposed D-Link NAS devices have a backdoor account

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models. [...]
Read More

Google to Delete Billions of Browsing Records in ‘Incognito Mode’ Privacy Lawsuit Settlement

Google has agreed to purge billions of data records reflecting users' browsing activities to settle a class action lawsuit that claimed the search giant tracked them without their knowledge or consent in its Chrome browser. The class action, filed in 2020, alleged the company misled users by tracking their internet browsing activity who thought that it remained private when using the "
Read More

Microsoft Beefs Up Defenses in Azure AI

Microsoft adds tools to protect Azure AI from threats such as prompt injection, as well as give developers the capabilities to ensure generative AI apps are more resilient to model and content manipulation attacks.
Read More

Sprawling Sellafield Nuclear Waste Site Prosecuted for Cybersecurity Failings

UK regulator said that one of the world's most toxic sites accumulated cybersecurity "offenses" from 2019 to 2023.
Read More

AT&T Confirms 73M Customers Affected in Data Leak

AT&T denies any evidence of unauthorized access but admits that a data set released on the Dark Web including Social Security numbers and other sensitive information on tens of millions of customers is genuine.
Read More

OWASP discloses data breach caused by wiki misconfiguration

The OWASP Foundation has disclosed a data breach after some members' resumes were exposed online due to a misconfiguration of its old Wiki web server. [...]
Read More

Yacht retailer MarineMax discloses data breach after cyberattack

MarineMax, self-described as one of the world's largest recreational boat and yacht retailers, says attackers stole employee and customer data after breaching its systems in a March cyberattack. [...]
Read More

FTC: Americans lost $1.1 billion to impersonation scams in 2023

Impersonation scams in the U.S. exceeded $1.1 billion in losses last year, according to statistics collected by the Federal Trade Commission (FTC), a figure that is three times higher than in 2020. [...]
Read More

Red Hat warns of backdoor in XZ tools used by most Linux distros

Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. [...]
Read More

Narwhal Spider Threat Group Behind New Phishing Campaign Impersonating Reputable Law Firms

Using little more than a well-known business name and a invoice-related PDF, the “NaurLegal” phishing campaign aims at installing malware trojans.
Read More

U.S. Charges 7 Chinese Nationals in Major 14-Year Cyber Espionage Operation

The U.S. Department of Justice (DoJ) on Monday unsealed indictments against seven Chinese nationals for their involvement in a hacking group that targeted U.S. and foreign critics, journalists, businesses, and political officials for about 14 years. The defendants include Ni Gaobin (倪高彬), Weng Ming (翁明), Cheng Feng (程锋), Peng Yaowen (彭耀文), Sun Xiaohui (孙小辉), Xiong Wang (熊旺), and Zhao Guangzong (
Read More

US fines man $9.9 million for thousands of disturbing robocalls

A U.S. federal court has issued a $9,918,000 penalty and an injunction against an individual named Scott Rhodes for making thousands of "spoofed" robocalls to consumers across the country. [...]
Read More

US sanctions crypto exchanges used by Russian darknet market, banks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned three cryptocurrency exchanges for working with OFAC-designated Russian dark web markets and banks. [...]
Read More
The Cyber Security Loop Newsletter

SUBSCRIBE TO OUR BLOG AND 'THE CYBERSECURITY LOOP' : WEEKLY NEWSLETTER

A blog and newsletter about cybersecurity for anyone who wants to keep up-to-date with what is going on.

GDPR

Terms and Conditions checkbox is required.
Something went wrong. Please check your entries and try again.