BleepingComputer reports that five Android apps cumulatively downloaded more than 32,000 times from the Google Play Store have been leveraged to facilitate the distribution of a stealthier iteration of the Mandrake Android spyware since 2022.
Millions of phishing emails impersonating IBM, Nike, Coca-Cola, and other major organizations have been deployed through the abuse of a Proofpoint email routing vulnerability as part of the EchoSpoofing attack campaign that began in January, reports The Hacker News.
This week, on Enterprise Security Weekly, we've got: Identity Security gets more funding, Wiz walks away, BlackHat Announces Startup Spotlight Finalists, Crowdstrike post mortem, Simple Security Tricks are the Best Security Tricks, Splitting the CISO role, Web scraping for AI is out of control, SEC vs Solarwinds, Vaping the Internet.
Within 25 minutes of having received his Mac workstation, the North Korean operative — who used VPN to conceal the location of the IT mule farm where the workstation was sent — leveraged Raspberry Pi to facilitate malware downloads, session history file alterations, file transfers, and unauthorized software execution.