Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group “also engages in internal espionage,” Symantec’s Threat Hunter Team, part of Broadcom, said in a new report […]
Author Archives: Onsite Computing, Inc.
As a major update to Chrome’s new cross-site tracking protection policy, Google announced that it is no longer considering dropping support for third-party cookies. Third-party cookies, which refer to the cookies that are set by a website other than the one a user is currently visiting through embedded content like advertisements, social media widgets, or tracking pixels, […]
Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the malware FrostyGoop, describing it as the first malware strain to directly […]
In a surprising turn of events, Israeli cybersecurity startup Wiz has decided to end its acquisition talks with Google-parent Alphabet, which would have resulted in a $23 billion deal, the largest ever for Google. This decision was communicated through an internal memo from Wiz CEO Assaf Rappaport, who emphasized the company’s renewed focus on pursuing […]
The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into either sharing passwords in plain text via email or SMS, or arranging in-person meetings to verbally […]
Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site’s checkout page, allowed the malware to survive multiple cleanup attempts, the company said. The skimmer is designed to capture all the data […]
Non-human identities (NHIs) have been a staple of enterprise IT for decades. Giving digital components credentials to access IT networks and devices, as IT would a human user, is key to ensuring complex IT systems can operate. But as the number of NHIs have soared in the past few years, the threat landscape NHIs present […]
Researchers have linked a previously unattributed Mac backdoor and a new Windows Trojan to a Chinese APT group known as Daggerfly that has been around for over a decade and targets organizations and individuals around the world. The group appears to be using the same modular malware development framework to create threats for Windows, Linux, […]
Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its “pay or consent” advertising model or risk-facing enforcement measures, including sanctions. The European Commission said the Consumer Protection Cooperation (CPC) Network has notified the social media giant of the model adopted on Facebook and Instagram […]
The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive […]