Student Loan Breach Exposes 2.5M Records

EdFinancial and the Oklahoma Student Loan Authority OSLA are notifying over 2.5 million loanees that their personal data was exposed in a data breach. The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, accordin...

Watering Hole Attacks Push ScanBox Keylogger

A China-based threat actor has ramped up efforts to distribute the ScanBox reconnaissance framework to victims that include domestic Australian organizations and offshore energy firms in the South China Sea. The bait used by the advanced threat group APT is targeted messages that supposedly link...

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus...

Ransomware Attacks are on the Rise

After a recent dip, ransomware attacks are back on the rise. According to data released by NCC Group, the resurgence is being led by old ransomware-as-a-service RaaS groups. With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they...

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw. Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment. Their customers...

Twitter Whistleblower Complaint: The TL;DR Version

A recently surfaced 84-page whistleblower report filed with the US government by Twitter’s former head of security Peiter “Mudge” Zatko last month blasts his former employer for its alleged shoddy security practices and being out of compliance with an FTC order to protect user data. Twitter has...

Firewall Bug Under Active Attack Triggers CISA Warning

Software running Palo Alto Networks’ firewalls is under attack, prompting U.S. Cybersecurity and Infrastructure Security Agency CISA to issue a warning to public and federal IT security teams to apply available fixes. Federal agencies urged to patch the bug by September 9. Earlier this month, Pal...

Fake Reservation Links Prey on Weary Travelers

A longtime threat group identified as TA558 has ramped up efforts to target the travel and hospitality industries. After a lull in activity, believed tied to COVID-related travel restrictions, the threat group has ramped up campaigns to exploit an uptick in travel and related airline and hotel...

iPhone Users Urged to Update to Patch 2 Zero-Days

Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over devices. Patches are available fo...

Google Patches Chrome’s Fifth Zero-Day of the Year

Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System CVSS, is...

APT Lazarus Targets Engineers with macOS Malware

North Korean APT Lazarus is up to its old tricks with a cyberespionage campaign targeting engineers with a fake job posting that attempt to spread macOS malware. The malicious Mac executable used in the campaign targets both Apple and Intel chip-based systems. The campaign, identified by...

U.K. Water Supplier Hit with Clop Ransomware Attack

A U.K. water supplier suffered a disruption in its corporate IT systems Monday as a result of a cyber-attack but claims that its water supply was not affected. Meanwhile, the alleged attack perpetrator—the Clop ransomware group—claimed the attack was on another, larger water utility, which for it...

Xiaomi Phone Bug Allowed Payment Forgery

Smartphone maker Xiaomi, the world’s number three phone maker behind Apple and Samsung, reported it has patched a high-severity flaw in its “trusted environment” used to store payment data that opened some of its handsets to attack. Researchers at Check Point Research revealed last week in a repo...

Black Hat and DEF CON Roundup

There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known collectively as Hacker Summer Camp. The weeklong collection of cybersecurity conferences featured an eclectic mix of attendees to learn, network, hack and have fun. The week even included a rare Las Vegas fla...

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

Zeppelin ransomware is back and employing new compromise and encryption tactics in its recent campaigns against various vertical industries—particularly healthcare—as well as critical infrastructure organizations, the feds are warning. Threat actors deploying the ransomware as a service RaaS are...

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

Users of Apple’s Instagram and Facebook iOS apps are being warned that both use an in-app browser that allows parent company Meta to track ‘every single tap’ users make with external websites accessed via the software. Researcher Felix Krause, who outlined how Meta tracks users in a blog posted...

Starlink Successfully Hacked Using $25 Modchip

A Belgian security researcher has successfully hacked the SpaceX operated Starlink satellite-based internet system using a homemade circuit board that cost around $25 to develop, he revealed at Black Hat. Lennert Wouters revealed a voltage fault injection attack on a Starlink User Terminal UT—or...

New Hacker Forum Takes Pro-Ukraine Stance

A new hacker forum is taking a unique political stance to support Ukraine in its war with Russia, entertaining only topics and threat activity focused against Russia and Belarus, researchers have found. The Russian-language site, DUMPS Forum, has been around since late May, and at first glance...

Cisco Confirms Network Breach Via Hacked Employee Google Account

Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee’s Google account. The networking giant is calling the attack a “potential compromise” in a Wednesday post by the company’s own Cisco Talos threat research arm. “During the...

Podcast: Inside the Hackers’ Toolkit

There is no question that companies are in the sights of would-be criminals looking to exploit them. While companies look at solutions and training to help keep the perimeter secure, the biggest fail point is often the employees, AKA the human element. In this Threatpost podcast, sponsored by...

Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws

Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being exploited in the wild. The bug CVE-2022-34713 is tied to a Microsoft Windows Support Diagnostic Tool and allows a remote attacker to execute code on a vulnerable system. “The volume of fixes released...

Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs

The U.S. government has slapped sanctions on virtual currency mixer Tornado Cash for laundering more than $7 billion in crypto cash derived from cybercriminal activity. At least $455 million of that was moved for state-sponsored Lazarus Group in part to help fund North Korea’s missile program,...

Phishers Swim Around 2FA in Coinbase Account Heists

Threat actors are making their way around two-factor authentication 2FA and using other clever evasion tactics in a recently observed phishing campaign aimed at taking over Coinbase accounts to defraud users of their crypto balances. Attackers are using emails that spoofed the popular...

Open Redirect Flaw Snags Amex, Snapchat User Data

Attackers are exploiting a well-known open redirect flaw to phish people’s credentials and personally identifiable information PII using American Express and Snapchat domains, researchers have found. “Since the first domain name in the manipulated link is in fact the original site’s, the link may...

VMWare Urges Users to Patch Critical Authentication Bypass Bug

VMware and experts alike are urging users to patch multiple products affected by a critical authentication bypass vulnerability that can allow an attacker to gain administrative access to a system as well as exploit other flaws. The bug—tracked as CVE-2022-31656—earned a rating of 9.8 on the CVSS...

Universities Put Email Users at Cyber Risk

Top U.S. universities are among the worst in the world at protecting users from email fraud, lacking security measures to prevent common threat tactics such as domain spoofing or other types of fraudulent emails, researchers have found. Ninety-seven percent of the top 10 universities in the Unite...

Securing Your Move to the Hybrid Cloud

Infosec Insider contributor Rani Osnat is SVP Strategy at Aqua Security The combination of private and public cloud infrastructure, which most organizations are already using, poses unique security challenges. There are many reasons why organizations adopt the public cloud — from enabling rapid...

Malicious Npm Packages Tapped Again to Target Discord Users

Threat actors once again are using the node package manager npm repository to hide malware that can steal Discord tokens to monitor user sessions and steal data on the popular chat and collaboration platform, researchers have found. A campaign discovered this week by Kaspersky researchers is hidi...

Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office

Threat actors are finding their way around Microsoft’s default blocking of macros in its Office suite, using alternative files to host malicious payloads now that a primary channel for threat delivery is being cut off, researchers have found. The use of macros-enabled attachments by threat actors...

Vulnerabilities are Beyond What You Think

A software vulnerability is a weakness in an operating system or application that can be exploited by an attacker to invade an IT network. When publicly disclosed, these software vulnerabilities are usually assigned a CVE identifier. CVE is a popular term when referring to a vulnerability, and 50...

Messaging Apps Tapped as Platform for Cybercriminal Activity

Cybercriminals are tapping the built-in services of popular messaging apps like Telegram and Discord as ready-made platforms to help them perform their nefarious activity in persistent campaigns that threaten users, researchers have found. Threat actors are tapping the multi-feature nature of...

Novel Malware Hijacks Facebook Business Accounts

A new malware is hijacking high-profile Meta Facebook Business and advertising platform accounts through a phishing campaign that targets LinkedIn accounts. The malware, dubbed Ducktail, uses browser cookies from authenticated user sessions to take over accounts and steal data, researchers said...

Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands

The bloom is back on phishing attacks with criminals doubling down on fake messages abusing popular brands compared to the year prior. Microsoft, Facebook and French bank Crédit Agricole are the top abused brands in attacks, according to study on phishing released Tuesday. The study by Vade...

IoT Botnets Fuel DDoS Attacks – Are You Prepared?

While data breaches and ransomware are still considered among the more significant concern for businesses, the threats sometimes come from a direction we weren’t expecting. Cybercriminals use botnets for various malicious purposes, most significantly for DDoS attacks against targets. The most...

Why Physical Security Maintenance Should Never Be an Afterthought

Infosec Insiders author Roy Dagan, CEO, SecuriThings A crime occurs, police go to access video of the scene and then discover that crucial views are not available due to an outage or malfunction. This is precisely what the NYPD encountered in the recent subway shooting in New York City this past...

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks that are part of larger criminal campaigns. Dubbed Atlas Intelligence Group A.I.G., the cybergang...

Conti’s Reign of Chaos: Costa Rica in the Crosshairs

Any time conflict erupts, people tend to take sides, even when it comes to cybercrime. Since the beginning of the ongoing Russian-Ukrainian war, some bad actors have made their alliances known publicly. The Conti Ransomware-as-a-Service RaaS group is one of the most notable – declaring in Februar...

Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems

Magecart campaigns have been skimming payment-card credentials of unsuspecting customers using three online restaurant-ordering systems, affecting about 300 restaurants that use the services and compromising tens of thousands of cards so far, researchers have found. Two separate ongoing Magecart...

Authentication Risks Discovered in Okta Platform

Researchers at Authomize have discovered four “high impact” security risks in the identity and access management IAM platform Okta, according to a Tuesday report. The risks include cleartext password leakage via SCIM – the System for Cross-domain Identity Management – sharing of passwords and oth...

FBI Warns Fake Crypto Apps are Bilking Investors of Millions

Threat actors have defrauded 244 U.S. investors of about $42 million through fake cryptocurrency apps that exploit people’s legitimate investments in digital currency, the FBI has revealed. The agency observed a number of cybercriminal campaigns that duped people into downloading malicious apps...

Google Boots Multiple Malware-laced Android Apps from Marketplace

Google has removed eight apps from its Google Play store that were propagating a new variant of the Joker spyware, but not before they already had garnered more than 3 million downloads. French security researcher Maxime Ingrao of cybersecurity firm Evina discovered a malware that he dubbed...

CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2

A Windows 11 vulnerability, part of Microsoft’s Patch Tuesday roundup of fixes, is being exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency CISA to advise patching of the elevation of privileges flaw by August 2. The recommendation is directed at federal...

Emerging H0lyGh0st Ransomware Tied to North Korea

Microsoft researchers have linked an emerging ransomware threat that already has compromised a number of small-to-mid-sized businesses to financially motivated North Korean state-sponsored actors that have been active since last year. The group has successfully compromised small-to-mid-sized...

Journalists Emerge as Favored Attack Target for APTs

Targeted phishing attacks are traced to multiple threat actors who have each independently focused on stealing credentials and sensitive data and tracking the geolocation of journalists. In a Thursday report by Proofpoint, researchers outline individual efforts by advance persistent threat APT...

Large-Scale Phishing Campaign Bypasses MFA

Microsoft researchers have uncovered a massive phishing campaign that can steal credentials even if a user has multi-factor authentication MFA enabled and has so far attempted to compromise more than 10,000 organizations. The campaign, which has been active since September 2021, depends upon the...

Hybrid-Work Drives Hardware Security Strategies

Remote workforce, hybrid-cloud and Zero-Trust trends are pushing security teams to focus on hardware-assisted security strategies to better secure an evolving attack surface changed significantly by COVID. To address new challenges, hardware-assisted security is viewed as an effective and...

How War Impacts Cyber Insurance

Author Chris Hallenbeck is CISO for the Americas at Tanium In the words of former FBI director, Robert Mueller, “There are only two types of companies: those that have been hacked and those that will be.” This unavoidable truth, coupled with growing mainstream awareness and the ever-increasing...

‘Callback’ Phishing Campaign Impersonates Security Firms

A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download malware. Researchers at CrowdStrike Intelligence discovered the campaign because CrowdStrike is actually one of the...

Rethinking Vulnerability Management in a Heightened Threat Landscape

Mariano Nunez, CEO, Onapsis Repeated warnings from CISA and the Biden Administration on the Russian cyber threat over the last several months have heightened the state of alertness for U.S. agencies and businesses across industries, which are expecting ‘tit-for-tat’ cyberattacks from Russia in...

Popular NFT Marketplace Phished for $540M

Axie Infinity, a popular destination for 3 million traders of in-game collectible non-fungible tokens, reportedly lost $540M in cryptocurrency in a recruiting-themed spear phishing attack. The perpetrators of the crime are believed to be an advanced persistent threat group with ties to North...