Apple Sues Israel's NSO Group for Spying on iPhone Users With Pegasus Spyware

Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court holding it accountable for illegally targeting users with its Pegasus surveillance tool, marking yet another setback for the Israeli spyware vendor. The Cupertino-based tech giant painted NSO Group as...

What Avengers Movies Can Teach Us About Cybersecurity

Marvel has been entertaining us for the last 20 years. We have seen gods, super-soldiers, magicians, and other irradiated heroes fight baddies at galactic scales. The eternal fight of good versus evil. A little bit like in cybersecurity, goods guys fighting cybercriminals. If we choose to go with...

Researchers Detail Privilege Escalation Bugs Reported in Oracle VirtualBox

A now-patched vulnerability affecting Oracle VM VirtualBox could be potentially exploited by an adversary to compromise the hypervisor and cause a denial-of-service DoS condition. "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM...

More Stealthier Version of BrazKing Android Malware Spotted in the Wild

Banking apps from Brazil are being targeted by a more elusive and stealthier version of an Android remote access trojan RAT that's capable of carrying out financial fraud attacks by stealing two-factor authentication 2FA codes and initiating rogue transactions from infected devices to transfer...

The Importance of IT Security in Your Merger Acquisition

In the business world, mergers and acquisitions are commonplace as businesses combine, acquire, and enter various partnerships. Mergers and Acquisitions M&A are filled with often very complicated and complex processes to merge business processes, management, and a whole slew of other aspects of...

GoDaddy Data Breach Exposes Over 1 Million WordPress Customers' Data

Web hosting giant GoDaddy on Monday disclosed a data breach that resulted in the unauthorized access of data belonging to a total of 1.2 million active and inactive customers, making it the third security incident to come to light since 2018. In a filing with the U.S. Securities and Exchange...

New Golang-based Linux Malware Targeting eCommerce Websites

Weaknesses in e-commerce portals are being exploited to deploy a Linux backdoor as well as a credit card skimmer that's capable of stealing payment information from compromised websites. "The attacker started with automated e-commerce attack probes, testing for dozens of weaknesses in common onli...

Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an...

Facebook Postpones Plans for E2E Encryption in Messenger, Instagram Until 2023

Meta, the parent company of Facebook, Instagram, and WhatsApp, disclosed that it doesn't intend to roll out default end-to-end encryption E2EE across all its messaging services until 2023, pushing its original plans by at least a year. "We're taking our time to get this right and we don't plan to...

RedCurl Corporate Espionage Hackers Return With Updated Hacking Tools

A corporate cyber-espionage hacker group has resurfaced after a seven-month hiatus with new intrusions targeting four companies this year, including one of the largest wholesale stores in Russia, while simultaneously making tactical improvements to its toolset in an attempt to thwart analysis. "I...

North Korean Hackers Found Behind a Range of Credential Theft Campaigns

A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterpris...

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index PyPI repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion...

U.S. Charged 2 Iranian Hackers for Threatening Voters During 2020 Presidential Election

The U.S. government on Thursday unsealed an indictment that accused two Iranian nationals of their involvement in cyber-enabled disinformation and threat campaign orchestrated to interfere in the 2020 presidential elections by gaining access to confidential voter information from at least one sta...

FBI Issues Flash Alert on Actively Exploited FatPipe VPN Zero-Day Bug

The U.S. Federal Bureau of Investigation FBI has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks,...

A Simple 5-Step Framework to Minimize the Risk of a Data Breach

Today's businesses run on data. They collect it from customers at every interaction, and they use it to improve efficiency, increase their agility, and provide higher levels of service. But it's becoming painfully obvious that all of that data businesses collect has also made them an enticing...

Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from Victims

The clearnet and dark web payment portals operated by the Conti ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang's inner workings and its members were made public. According to MalwareHunterTeam, "while both the clearweb...

New Side Channel Attacks Re-Enable Serious DNS Cache Poisoning Attacks

Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control. "The attack allows an off-path...

Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models

Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as CVE-2021-34991 CVSS score: 8.8,...

How to Build a Security Awareness Training Program that Yields Measurable Results

Organizations have been worrying about cyber security since the advent of the technological age. Today, digital transformation coupled with the rise of remote work has made the need for security awareness all the more critical. Cyber security professionals are continuously thinking about how to...

Microsoft Warns about 6 Iranian Hacking Groups Turning to Ransomware

Nation-state operators with nexus to Iran are increasingly turning to ransomware as a means of generating revenue and intentionally sabotaging their targets, while also engaging in patient and persistent social engineering campaigns and aggressive brute force attacks. No less than six threat acto...

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities...

Hackers Targeting Myanmar Use Domain Fronting to Hide Malicious Activities

A malicious campaign has been found leveraging a technique called domain fronting to hide command-and-control traffic by leveraging a legitimate domain owned by the Myanmar government to route communications to an attacker-controlled server with the goal of evading detection. The threat, which wa...

Israel's Candiru Spyware Found Linked to Watering Hole Attacks in U.K and Middle East

Israeli spyware vendor Candiru, which was added to an economic blocklist by the U.S. government this month, is said to have reportedly waged "watering hole" attacks against high-profile entities in the U.K. and the Middle East, new findings reveal. "The victimized websites belong to media outlets...

On-Demand Webinar: Into the Cryptoverse

In the span of a few years, cryptocurrencies have gone from laughingstock and novelty to a serious financial instrument, and a major sector in high-tech. The price of Bitcoin and Ethereum has gone from single dollars to thousands, and they're increasingly in the mainstream. This is undoubtedly a...

Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform

Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West...

New Blacksmith Exploit Bypasses Current Rowhammer Attack Defenses

Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM dynamic random-access memory chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. The new technique — dubbed "Blacksmith"...

Researchers Demonstrate New Way to Detect MitM Phishing Kits in the Wild

No fewer than 1,220 Man-in-the-Middle MitM phishing websites have been discovered as targeting popular online services like Instagram, Google, PayPal, Apple, Twitter, and LinkedIn with the goal of hijacking users' credentials and carrying out further follow-on attacks. The findings come from a ne...

Notorious Emotet Botnet Makes a Comeback with the Help of TrickBot Malware

The notorious Emotet malware is staging a comeback of sorts nearly 10 months after a coordinated law enforcement operation dismantled its command-and-control infrastructure in late January 2021. According to a new report from security researcher Luca Ebach, the infamous TrickBot malware is being...

New 'Moses Staff' Hacker Group Targets Israeli Companies With Destructive Attacks

A new politically-motivated hacker group named "Moses Staff" has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or...

SharkBot — A New Android Trojan Stealing Banking and Cryptocurrency Accounts

Cybersecurity researchers on Monday took the wraps off a new Android trojan that takes advantage of accessibility features on mobile devices to siphon credentials from banking and cryptocurrency services in Italy, the U.K., and the U.S. Dubbed "SharkBot" by Cleafy, the malware is designed to stri...

Researchers Demonstrate New Fingerprinting Attack on Tor Encrypted Traffic

A new analysis of website fingerprinting WF attacks aimed at the Tor web browser has revealed that it's possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users. "While...

North Korean Hackers Target Cybersecurity Researchers with Trojanized IDA Pro

Lazarus, the North Korea-affiliated state-sponsored group, is attempting to once again target security researchers with backdoors and remote access trojans using a trojanized pirated version of the popular IDA Pro reverse engineering software. The findings were reported by ESET security researche...

How to Tackle SaaS Security Misconfigurations

Whether it's Office 365, Salesforce, Slack, GitHub or Zoom, all SaaS apps include a host of security features designed to protect the business and its data. The job of ensuring these apps' security settings are properly configured falls on the security team. The challenge lies within how burdenso...

FBI's Email System Hacked to Send Out Fake Cyber Security Alert to Thousands

The U.S. Federal Bureau of Investigation FBI on Saturday confirmed unidentified threat actors have breached one of its email servers to blast hoax messages about a fake "sophisticated chain attack." The incident, which was first publicly disclosed by threat intelligence non-profit SpamHaus,...

Hackers Increasingly Using HTML Smuggling in Malware and Phishing Attacks

Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans RATs, and ransomware payloads. Microsoft 365 Defender Threat Intelligence Team...

Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux

Researchers from Qihoo 360's Netlab security team have released details of a new evolving botnet called "Abcbot" that has been observed in the wild with worm-like propagation features to infect Linux systems and launch distributed denial-of-service DDoS attacks against targets. While the earliest...

Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant

Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-patched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-see...

Researchers Uncover Hacker-for-Hire Group That's Active Since 2015

A new cyber mercenary hacker-for-hire group dubbed "Void Balaur" has been linked to a string of cyberespionage and data theft activities targeting thousands of entities as well as human rights activists, politicians, and government officials around the world at least since 2015 for financial gain...

TrickBot Operators Partner with Shathak Attackers for Conti Ransomware

The operators of TrickBot trojan are collaborating with the Shathak threat group to distribute their wares, ultimately leading to the deployment of Conti ransomware on infected machines. "The implementation of TrickBot has evolved over the years, with recent versions of TrickBot implementing...

Navigating The Threat Landscape 2021 – From Ransomware to Botnets

Though we are recovering from the worst pandemic, cyber threats have shown no sign of downshifting, and cybercriminals are still not short of malicious and advanced ways to achieve their goals. The Global Threat Landscape Report indicates a drastic rise in sophisticated cyberattacks targeting...

Iran's Lyceum Hackers Target Telecoms, ISPs in Israel, Saudi Arabia, and Africa

A state-sponsored threat actor allegedly affiliated with Iran has been linked to a series of targeted attacks aimed at internet service providers ISPs and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia, as well as a ministry of foreign affairs MFA in Africa, new finding...

Palo Alto Warns of Zero-Day Bug in Firewalls Using GlobalProtect Portal VPN

A new zero-day vulnerability has been disclosed in Palo Alto Networks GlobalProtect VPN that could be abused by an unauthenticated network-based attacker to execute arbitrary code on affected devices with root user privileges. Tracked as CVE-2021-3064 CVSS score: 9.8, the security weakness impact...

Researchers Discover PhoneSpy Malware Spying on South Korean Citizens

An ongoing mobile spyware campaign has been uncovered snooping on South Korean residents using a family of 23 malicious Android apps to siphon sensitive information and gain remote control of the devices. "With more than a thousand South Korean victims, the malicious group behind this invasive...

13 New Flaws in Siemens Nucleus TCP/IP Stack Impact Safety-Critical Equipment

As many as 13 security vulnerabilities have been discovered in the Nucleus TCP/IP stack, a software library now maintained by Siemens and used in three billion operational technology and IoT devices that could allow for remote code execution, denial-of-service DoS, and information leak...

14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices

Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service DoS condition and, in select cases, even lead to information leaks and remote code execution. The security weaknesses, tracked from...

Microsoft Issues Patches for Actively Exploited Excel, Exchange Server 0-Day Bugs

Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused t...

Unique Challenges to Cyber-Security in Healthcare and How to Address Them

No business is out of danger of cyberattacks today. However, specific industries are particularly at risk and a favorite of attackers. For years, the healthcare industry has taken the brunt of ransomware attacks, data breaches, and other cyberattacks. Why is the healthcare industry particularly a...

Robinhood Trading App Suffers Data Breach Exposing 7 Million Users' Information

Robinhood on Monday disclosed a security breach affecting approximately 7 million customers, roughly a third of its user base, that resulted in unauthorized access of personal information by an unidentified threat actor. The commission-free stock trading and investing platform said the incident...

U.S. Charges Ukrainian Hacker for Kaseya Attack; Seizes $6 Million from REvil Gang

The U.S. government on Monday charged a Ukrainian suspect, arrested in Poland last month, with deploying REvil ransomware to target multiple businesses and government entities in the country, including perpetrating the attack against software company Kaseya, marking the latest action to crack dow...

Suspected REvil Ransomware Affiliates Arrested in Global Takedown

Romanian law enforcement authorities have announced the arrest of two individuals for their roles as affiliates of the REvil ransomware family, dealing a severe blow to one of the most prolific cybercrime gangs in history. The suspects are believed to have orchestrated more than 5,000 ransomware...