Webinar: How to See More, But Respond Less with Enhanced Threat Visibility

The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond...

Google Drops FLoC and Introduces Topics API to Replace Tracking Cookies for Ads

Google on Tuesday announced that it is abandoning its controversial plans for replacing third-party cookies in favor of a new Privacy Sandbox proposal called Topics, which categorizes users' browsing habits into approximately 350 topics. The new mechanism, which takes the place of FLoC short for...

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept PoC exploit has emerged in the wild merely hours after technical details of the bug became public. Dubbed "PwnKit" by...

Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets

Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a...

Hackers Infect macOS with New DazzleSpy Backdoor in Watering-Hole Attacks

A previously undocumented cyber-espionage malware aimed at Apple's macOS operating system leveraged a Safari web browser exploit as part of a watering hole attack targeting politically active, pro-democracy individuals in Hong Kong. Slovak cybersecurity firm ESET attributed the intrusion to an...

TrickBot Malware Using New Techniques to Evade Web Injection Attacks

The cybercrime operators behind the notorious TrickBot malware have once again upped the ante by fine-tuning its techniques by adding multiple layers of defense to slip past antimalware products. "As part of that escalation, malware injections have been fitted with added protection to keep...

Mobile Banking Trojan BRATA Gains New, Dangerous Capabilities

The Android malware tracked as BRATA has been updated with new features that grants it the ability to record keystrokes, track device locations, and even perform a factory reset in an apparent bid to cover up fraudulent wire transfers. The latest variants, detected late last year, are said to be...

Hackers Using New Malware Packer DTPacker to Avoid Analysis, Detection

A previously undocumented malware packer named DTPacker has been observed distributing multiple remote access trojans RATs and information stealers such as Agent Tesla, Ave Maria, AsyncRAT, and FormBook to plunder information and facilitate follow-on attacks. "The malware uses multiple obfuscatio...

ZTNAs Address Requirements VPNs Cannot. Here's Why.

I recently hopped on the Lookout podcast to talk about virtual private networks VPNs and how they've been extended beyond their original use case of connecting remote laptops to your corporate network. Even in this new world where people are using personal devices and cloud apps, VPN continues to...

Hackers Creating Fraudulent Crypto Tokens as Part of 'Rug Pull' Scams

Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. The instances of token fraud in the wild include hiding 99% fee functions and concealing backdoor routines, researchers from Chec...

Emotet Now Using Unconventional IP Address Formats to Evade Detection

Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions. This involves the use of hexadecimal and octal representations of the IP address...

High-Severity Rust Programming Bug Could Lead to File, Directory Deletion

The maintainers of the Rust programming language have released a security update for a high-severity vulnerability that could be abused by a malicious party to purge files and directories from a vulnerable system in an unauthorized manner. "An attacker could use this security issue to trick a...

Experts Find Strategic Similarities b/w NotPetya and WhisperGate Attacks on Ukraine

Latest analysis into the wiper malware that targeted dozens of Ukrainian agencies earlier this month has revealed "strategic similarities" to NotPetya malware that was unleashed against the country's infrastructure and elsewhere in 2017. The malware, dubbed WhisperGate, was discovered by Microsof...

Molerats Hackers Hiding New Espionage Attacks Behind Public Cloud Infrastructure

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East. The cyber offensive is...

Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative...

Critical Bugs in Control Web Panel Expose Linux Servers to RCE Attacks

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion...

Chinese Hackers Spotted Using New UEFI Firmware Implant in Targeted Attacks

A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group APT41. Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the...

U.S. Sanctions 4 Ukrainians for Working with Russia to Destabilize Ukraine

The U.S. Treasury Department on Thursday announced sanctions against four current and former Ukrainian government officials for engaging in "Russian government-directed influence activities" in the country, including gathering sensitive information about its critical infrastructure. The agency sa...

Cisco Issues Patch for Critical RCE Vulnerability in RCM for StarOS Software

Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager RCM for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 CVSS scor...

Google Details Two Zero-Day Bugs Reported in Zoom Clients and MMR Servers

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could have been exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovic...

Interpol Busted 11 Members of Nigerian BEC Cybercrime Gang

A coordinated law enforcement operation has resulted in the arrest of 11 members allegedly belonging to a Nigerian cybercrime gang notorious for perpetrating business email compromise BEC attacks targeting more than 50,000 victims in recent years. The disruption of the BEC network is the result o...

A Trip to the Dark Site — Leak Sites Analyzed

Gone are the days when ransomware operators were happy with encrypting files on-site and more or less discretely charged their victims money for a decryption key. What we commonly find now is encryption with the additional threat of leaking stolen data, generally called Double-Extortion or, as we...

New BHUNT Password Stealer Malware Targeting Cryptocurrency Wallets

A new evasive crypto wallet stealer named BHUNT has been spotted in the wild with the goal of financial gain, adding to a list of digital currency stealing malware such as CryptBot, Redline Stealer, and WeSteal. "BHUNT is a modular stealer written in .NET, capable of exfiltrating wallet Exodus,...

Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 CVSS score: 5.3, the issue is an "input...

Russian Hackers Heavily Using Malicious Traffic Direction System to Distribute Malware

Potential connections between a subscription-based crimeware-as-a-service CaaS solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus, as the service is calle...

Cyber Threat Protection — It All Starts with Visibility

Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger. This,...

FIN8 Hackers Spotted Using New 'White Rabbit' Ransomware in Recent Attacks

The financially motivated FIN8 actor, in all likelihood, has resurfaced with a never-before-seen ransomware strain called "White Rabbit" that was recently deployed against a local bank in the U.S. in December 2021. That's according to new findings published by Trend Micro, calling out the malware...

DDoS IRC Bot Malware Spreading Through Korean WebHard Platforms

An IRC Internet Relay Chat bot strain programmed in GoLang is being used to launch distributed denial-of-service DDoS attacks targeting users in Korea. "The malware is being distributed under the guise of adult games," researchers from AhnLab's Security Emergency-response Center ASEC said in a ne...

Ukraine: Recent Cyber Attacks Part of Wider Plot to Sabotage Critical Infrastructure

The coordinated cyberattacks targeting Ukrainian government websites and the deployment of a data-wiper malware called WhisperGate on select government systems are part of a broader wave of malicious activities aimed at sabotaging critical infrastructure in the country. The Secret Service of...

Researchers Bypass SMS-based Multi-Factor Authentication Protecting Box Accounts

Cybersecurity researchers have disclosed details of a now-patched bug in Box's multi-factor authentication MFA mechanism that could be abused to completely sidestep SMS-based login verification. "Using this technique, an attacker could use stolen credentials to compromise an organization's Box...

Europol Shuts Down VPNLab, Cybercriminals' Favourite VPN Service

VPNLab.net, a VPN provider that was used by malicious actors to deploy ransomware and facilitate other cybercrimes, was taken offline following a coordinated law enforcement operation. Europol said it took action against the misuse of the VPN service by grounding 15 of its servers on January 17 a...

Don't Use Public Wi-Fi Without DNS Filtering

Providing public Wi-Fi is a great service to offer your customers as it becomes more and more standard in today's society. I like the fact that I do not have to worry about accessing the Internet while I am away, or spending a lot of money on an international connection, or just staying offline...

Earth Lusca Hackers Aimed at High-Value Targets in Government and Private Sectors

An elusive threat actor called Earth Lusca has been observed striking organizations across the world as part of what appears to be simultaneously an espionage campaign and an attempt to reap monetary profits. "The list of its victims includes high-value targets such as government and educational...

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of...

Chrome Limits Websites' Direct Access to Private Networks for Security Reasons

Google Chrome has announced plans to prohibit public websites from directly accessing endpoints located within private networks as part of an upcoming major security shakeup to prevent intrusions via the browser. The proposed change is set to be rolled out in two phases consisting of releases...

Dark Web's Largest Marketplace for Stolen Credit Cards is Shutting Down

UniCC, the biggest dark web marketplace for stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. "Don't build any conspiracy theories about us leaving,...

High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websites

Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. "This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site,...

Ukrainian Government Officially Accuses Russia of Recent Cyberattacks

The government of Ukraine on Sunday formally accused Russia of masterminding the attacks that targeted websites of public institutions and government agencies this past week. "All the evidence points to the fact that Russia is behind the cyber attack," the Ministry of Digital Transformation said ...

New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking

A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software...

A New Destructive Malware Targeting Ukrainian Government and Business Entities

Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation dubbed "WhisperGate" targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. "The...

Russia Arrests REvil Ransomware Gang Responsible for High-Profile Cyber Attacks

In an unprecedented move, Russia's Federal Security Service FSB, the country's principal security agency, on Friday disclosed that it arrested several members belonging to the notorious REvil ransomware gang and neutralized its operations. The surprise takedown, which it said was carried out at t...

Get Lifetime Access to Cybersecurity Certification Prep Courses

You can't go far in professional IT without being asked for some key certifications. In particular, most large companies today require new hires to be well versed in the fundamentals of cybersecurity. Adding the likes of CISSP, CISM, and CompTIA CASP+ to your résumé can open the door to many...

Massive Cyber Attack Knocks Down Ukrainian Government Websites

No fewer than 70 websites operated by the Ukrainian government went offline on Friday for hours in what appears to be a coordinated cyber attack amid heightened tensions with Russia. "As a result of a massive cyber attack, the websites of the Ministry of Foreign Affairs and a number of other...

North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide

Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean...

U.K. Hacker Jailed for Spying on Children and Downloading Indecent Images

A man from the U.K. city of Nottingham has been sentenced to more than two years in prison for illegally breaking into the phones and computers of a number of victims, including women and children, to spy on them and amass a collection of indecent images. Robert Davies, 32, is said to have...

Husband-Wife Arrested in Ukraine for Ransomware Attacks on Foreign Companies

Ukrainian police authorities have nabbed five members of a gang that's believed to have helped orchestrate attacks against more than 50 companies across Europe and the U.S and caused losses to the tune of more than $1 million. The special operation, which was carried out in assistance with law...

Cisco Releases Patch for Critical Bug Affecting Unified CCMP and Unified CCDM

Cisco Systems has rolled out security updates for a critical security vulnerability affecting Unified Contact Center Management Portal Unified CCMP and Unified Contact Center Domain Manager Unified CCDM that could be exploited by a remote attacker to take control of an affected system. Tracked as...

GootLoader Hackers Targeting Employees of Law and Accounting Firms

Operators of the GootLoader campaign are setting their sights on employees of accounting and law firms as part of a fresh onslaught of widespread cyberattacks to deploy malware on infected systems, an indication that the adversary is expanding its focus to other high-value targets. "GootLoader is...

Researchers Decrypted Qakbot Banking Trojan's Encrypted Registry Keys

Cybersecurity researchers have decoded the mechanism by which the versatile Qakbot banking trojan handles the insertion of encrypted configuration data into the Windows Registry. Qakbot, also known as QBot, QuackBot and Pinkslipbot, has been observed in the wild since 2007. Although mainly...

Iranian Hackers Exploit Log4j Vulnerability to Deploy PowerShell Backdoor

An Iranian state-sponsored actor has been observed scanning and attempting to abuse the Log4Shell flaw in publicly-exposed Java applications to deploy a hitherto undocumented PowerShell-based modular backdoor dubbed "CharmPower" for follow-on post-exploitation. "The actor's attack setup was...