New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam

A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures.
"This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin said. "MrAnon Stealer steals its victims' credentials, system

https://thehackernews.com/2023/12/new-mr...an-it.html

Non-Human Access is the Path of Least Resistance: A 2023 Recap

2023 has seen its fair share of cyber attacks, however there’s one attack vector that proves to be more prominent than others - non-human access. With 11 high-profile attacks in 13 months and an ever-growing ungoverned attack surface, non-human identities are the new perimeter, and 2023 is only the beginning. 
Why non-human access is a cybercriminal’s paradise 
People always

https://thehackernews.com/2023/12/non-hu...least.html

Russian APT28 Hackers Targeting 13 Nations in Ongoing Cyber Espionage Campaign

The Russian nation-state threat actor known as APT28 has been observed making use of lures related to the ongoing Israel-Hamas war to facilitate the delivery of a custom backdoor called HeadLace.
IBM X-Force is tracking the adversary under the name ITG05, which is also known as BlueDelta, Fancy Bear, Forest Blizzard (formerly Strontium), FROZENLAKE, Iron Twilight, Sednit, Sofacy, and

https://thehackernews.com/2023/12/russia...ng-13.html

Researchers Unveil GuLoader Malware's Latest Anti-Analysis Techniques

Threat hunters have unmasked the latest tricks adopted by a malware strain called GuLoader in an effort to make analysis more challenging.
"While GuLoader's core functionality hasn't changed drastically over the past few years, these constant updates in their obfuscation techniques make analyzing GuLoader a time-consuming and resource-intensive process," Elastic Security Labs

https://thehackernews.com/2023/12/resear...wares.html

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems.
SafeBreach researcher Alon Leviev said the methods are "capable of working across all processes without any limitations, making them more flexible than existing process

https://thehackernews.com/2023/12/new-po...ction.html

Celebrating International Human Rights Day, Every Day

Ford’s focus on human rights begins within our company and extends to our suppliers.


https://media.ford.com/content/fordmedia...-day0.html

Column: UAW's big organizing play is familiar, but not the way you think

<p>The UAW has launched an effort to potentially organize workers at up to 13 nonunion automakers with plants in the U.S. The union's work will be easier if the automakers overreact.</p>

https://www.autonews.com/commentary/uaws...-overreact

Can tax credit rules drive EV adoption and spur U.S. battery supply chain?

<p>Strict eligibility requirements in the Inflation Reduction Act's tax credit for new-EV purchases seek to encourage a transition to EVs and build up a domestic battery supply chain. But achieving one goal could hinder the other.</p>

https://www.autonews.com/regulation-safe...ctric-push

Russian Espionage Group Hammers Zero-Click Microsoft Outlook Bug

State-sponsored actors continue to exploit CVE-2023-23397, a dangerous no-interaction vulnerability in Microsoft's Outlook email client that was patched in March, in a widespread global campaign.


https://www.darkreading.com/ics-ot-secur...utlook-bug

Increased Cyber Regulation in the Offing as Attacks Mount

Cybersecurity could be heading for a Sarbanes Oxley-type of regulation in light of escalating attacks, but the devil is in the details.


https://www.darkreading.com/ics-ot-secur...regulation