15946 matches found
Emerging Ransomware Targets Photos, Videos on Android Devices
A new strain of ransomware has arisen in Canada, targeting Android users and locking up personal photos and videos. Called CryCryptor, it has initially been spotted pretending to be the official COVID-19 tracing app provided by Health Canada. It’s propagating via two different bogus websites that...
LinkedIn 'Job Offers' Targeted Aerospace, Military Firms With Malware
Attackers are impersonating human resource employees from Collins Aerospace and General Dynamics in a spear-phishing campaign leveraging LinkedIn’s messaging service. Targets are sent phony job offers that include malicious documents designed to fetch data-exfiltrating malware. The spear-phishing...
Octopus Scanner Sinks Tentacles into GitHub Repositories
The Octopus Scanner malware, which targets the Apache NetBeans Java integrated development environment IDE, has been nesting in at least 26 GitHub source-code repositories, according to researchers – waiting to take over developer machines. A team from GitHub Security Labs, acting on a tip from a...
‘Hack-For-Hire’ Firms Spoof WHO To Target Google Credentials
“Hack-for-hire” organizations are the latest group of cybercriminals to take advantage of the ongoing coronavirus pandemic, using COVID-19 as a lure in phishing emails bent on stealing victims’ Google credentials. Researchers with Google’s Threat Analysis Group TAG warned that they’ve spotted a...
Lazarus Group Hides macOS Spyware in 2FA Application
The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan RAT to its arsenal of spy gear, designed specifically for the Mac operating system. Dacls was first discovered last December targeting Windows and Linux platforms. The new...
Enterprise Security Woes Explode with Home Networks in the Mix
The work-from-home WFH paradigm that has become the new normal in the age of coronavirus comes with exacerbated network security risk – as evidenced by growing a number of botnets and automated attacks that are taking advantage of known vulnerabilities in both consumer and corporate IT gear. The...
Nintendo Confirms Breach of 160,000 Accounts
Nintendo said over 160,000 accounts have been hacked, due to attackers abusing a legacy login system. Over the past few weeks, Nintendo gamers have been reporting suspicious activities on their accounts. According to the complaints, aired out on Twitter and Reddit, unauthorized actors were loggin...
WHO, CDC and Bill and Melinda Gates Foundation Victims of Credential Dump, Report
Unknown threat actors have allegedly dumped nearly 25,000 email addresses and passwords from notable organizations involved in the fight against the COVID-19 pandemic, including credentials from prominent health organizations. Hackers have been using information belonging to groups such as World...
As Zoom Booms, Incidents of ‘ZoomBombing’ Become a Growing Nuisance
Officials at Zoom have released tips for users of their video-conferencing platform to help avoid getting “Zoom-bombed” by trolls and even more serious threat actors during online meetings. The developers of the online video-conferencing service cautioned users to avoid sharing Zoom meeting links...
Coronavirus-Themed APT Attack Spreads Malware
An advanced persistent threat APT group is leveraging the coronavirus pandemic to infect victims with a previously unknown malware, in a recently discovered campaign that researchers call “Vicious Panda.” Researchers identified two suspicious Rich Text Format files RTF — a text file format used b...
Researchers Warn of Novel PXJ Ransomware Strain
Researchers have discovered a new strain of ransomware, dubbed “PXJ,” which emerged in the wild in early 2020. While PXJ performs functions similar to other ransomware variants, it does not appear to share the same underlying code with most known ransomware families, researchers said. They first...
U.S. Gov Agency Targeted With Malware-Laced Emails
A U.S. government agency was targeted with spear phishing emails harboring several malware strains – including a never-before-seen malware downloader that researchers call “Carrotball.” The campaign, which researchers observed occurring from July to October and code-named “Fractured Statue,”...
16Shop Phishing Gang Goes After PayPal Users
A prolific phishing gang known as 16Shop has added PayPal customers to its target set. According to researchers at the ZeroFOX Alpha Team, the latest version of the group’s phishing kit is designed with a number of features that are aimed to steal as much personally identifiable information PII a...
Drake Lyrics Used as Calling Card in Malware Attack
A hacker with the handle “Master X” leverages a PowerShell script that contains a reference to singer-songwriter Drake lyric’s “Kiki Do You Love Me” and ultimately delivers a malicious payload to its victims. The campaign is email based; with missives containing a malicious PowerPoint attachment...
Cash App Twitter Giveaway a Haven for Stealing Money
Scammers looking to piggyback on the CashAppFriday trending topic on Twitter are stealing between $10 to $1,000 from each victim that falls for their efforts. According to researchers at Tenable, the scams include phishing with some links garnering up to 500 clicks each, a hoax called...
Phorpiex Botnet Shifts Gears From Ransomware to Sextortion
A recent wide-scale campaign indicates that a decade-old botnet is shifting gears from distributing ransomware to delivering millions of sextortion threats to innocent recipients. Worse, researchers say that the botnet’s spam campaign can affect up to 27 million potential victims. The botnet,...
Major Groupon, TicketMaster Fraud Scheme Exposed By Insecure Database
UPDATE After discovering a cache of 17 million emails exposed on an unsecured database, researchers with vpnMentor began to hunt for its owner — but to their surprise, they found that the database belonged not to a company, but to a sophisticated criminal network. Cybercriminals had been both...
IRS Impersonation Attacks Spread Malware Nationwide
The Internal Revenue Service IRS is warning taxpayers about a snowballing email attack that uses messages pretending to be legitimate IRS communications. The end game for the effort is malware being installed on unsuspecting users’ machines; imposters may gain control of the taxpayer’s computer o...
Google and ARM Tackle Android Bugs with Memory-Tagging
Aiming at improving the security of the Android ecosystem, Google has partnered up with mobile silicon-maker ARM to implement a hardware-based bug detection tool specifically for memory-safety vulnerabilities. Dubbed the memory-tagging extension MTE, the feature helps mitigate these kinds of bugs...
Google Titan Security Key Recalled After Bluetooth Pairing Bug
Google is recalling Bluetooth versions of its Titan Security Key after finding a vulnerability that allows attackers in close proximity to take control of the device. Google’s Titan Security Key, launched in the U.S. market last August, is a USB dongle that offers an added layer of security...
High-Severity PrinterLogic Flaws Enable Remote Code Execution
A slew of high-severity flaws have been disclosed in the PrinterLogic printer management service, which could enable a remote attacker to execute code on workstations running the PrinterLogic agent. PrinterLogic’s Print Management software allows businesses to deploy and use remote printers...
Coinhive to Mine Its Last Monero in March
Coinhive, the company behind an eponymous browser-based cryptocurrency miner, is closing its doors. As of March 8, the 18-month-old company will discontinue its service, because, it announced, the model “isn’t economically viable anymore.” Coinhive bills itself as a legitimate service for website...
Password Manager Firms Blast Back at ‘Leaky Password’ Revelations
Secure password firms 1Password, Dashlane, KeePass and LastPass are blasting a research report that highlights how a local adversary can crack open and steal passwords stored by the utilities. The uproar began Tuesday when lead researcher, Adrian Bednarek with Independent Security Evaluators ISE,...
GitHub Increases Rewards, Scope For Bug Bounty Program
GitHub has bolstered its bug-bounty program with increased rewards, an expanded scope of products and the addition of legal “safe-harbor” terms aiming to protect bounty hunters. The web-based hosting service announced Tuesday that its program, first launched in 2014, will no longer have a maximum...
Dailymotion Fights Ongoing Credential-Stuffing Attack
Dailymotion, the video-sharing platform, said Friday that it had fallen victim to a “large-scale” and ongoing credential-stuffing assault by attackers looking to harvest user data. The French YouTube competitor said in an alert that it has “successfully contained the attacks following the...
Popular Web-Hosting Platform Bluehost Riddled with Flaws
UPDATE A researcher has uncovered several one-click client-side vulnerabilities in the popular Bluehost web hosting platform. These would allow cybercriminals to easily carry out complete account takeover, according to the analysis. Bluehost has acknowledged the issue, and told Threatpost, “We ar...
Adobe Patches Six Critical Flaws in ColdFusion
Adobe has released patches fixing six critical vulnerabilities in its ColdFusion product that could lead to arbitrary code-execution. The flaws impact Adobe’s ColdFusion product, which is the company’s commercial web application development platform. Impacted are the 2016 Update 6 and earlier...
NFL Players and Agents Targeted in Database Extortion Attempt
A misconfigured database containing records belonging to 1,133 National Football League players and their agents was exposed via an unsecured Elasticsearch server. The database belongs to the NFL Players Association and includes the home address, phone numbers and IP addresses for hundreds of...
Apple Patches 'BroadPwn' Bug in iOS 10.3.3
Apple released iOS 10.3.3 Wednesday, which serves as a cumulative update that includes patches for multiple vulnerabilities including the high-profile BroadPwn bug that allowed an attacker to seize control of a targeted iOS device. BroadPwn was revealed earlier this month as a flaw in Broadcom...
New Mirai Variant Roars into Action With 54 Hour DDoS Attacks
A variant of the Mirai malware pummeled a U.S. college last month with a marathon 54-hour long attack. Researchers say this latest Mirai variant is a more potent version of the notorious Mirai malware that made headlines in October, targeting DNS provider Dyn and the Krebs on Security website. Th...
Old Linux Kernel Code Execution Bug Patched
A critical, local code-execution vulnerability in the Linux kernel was patched more than a week ago, continuing a run of serious security issues in the operating system, most of which have been hiding in the code for years. Details on the vulnerability were published Tuesday by researcher Philip...
Badlock Windows, Samba Man-in-the-Middle Vulnerability
Weeks of anxiety and concern over the Badlock vulnerability ended today with an anticlimactic thud. Badlock was the security boogeyman since the appearance three weeks ago of a website and logo branding the bug as something serious in Samba, an open source implementation of the server message blo...
New OpenSSL MITM Flaw Affects All Clients, Some Server Versions
There is a new, remotely exploitable vulnerability in OpenSSL that could enable an attacker to intercept and decrypt traffic between vulnerable clients and servers. The flaw affects all versions of the OpenSSL client and versions 1.0.1 and 1.0.2-beta1 of the server software. The new vulnerability...
Microsoft to Patch IE 10 Zero Day March 2014 Patch Tuesday
Microsoft will patch a lingering zero-day vulnerability in Internet Explorer next Tuesday, one of five bulletins it will release as part of its March 2014 Patch Tuesday security updates. The IE 10 zero-day was disclosed close to a month ago when researchers at FireEye reported on Operation SnowMa...
Six Security Flaws Fixed in BIND 9.9.2
A new version of the BIND DNS server software is available, fixing six security vulnerabilities and a long list of other bugs. BIND 9.9.2-P1 is mainly a security update and most of the issues it fixes are crashes and not remote code execution flaws. BIND is the overwhelming leader in market share...
Adobe Warns of Critical Zero-Day Flaw in Reader and Acrobat
Adobe is warning users about a critical vulnerability in its Reader and Acrobat applications that could lead to remote code execution. There are reports that attackers already are using the Reader bug in targeted attacks, and Adobe said it plans to have a patch ready by next week. Adobe security...
Microsoft Defends Secure Boot in Windows 8
Microsoft officials are seeking to assuage concerns that its implementation of UEFI in Windows 8 will prevent users from loading non-Microsoft operating systems or applications on their machines. Despite concerns raised by security researchers and open-source advocates about vendor lock-in and...
Cisco Confirms Network Breach Via Hacked Employee Google Account
Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee’s Google account. The networking giant is calling the attack a “potential compromise” in a Wednesday post by the company’s own Cisco Talos threat research arm. “During the...
Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol
The popular protocol for radio controlled RC aircraft called ExpressLRS can be hacked in only a few steps, according to a bulletin published last week. ExpressLRS is an open-source long range radio link for RC applications, such as first-person view FPV drones. “Designed to be the best FPV Racing...
Google: 2021 was a Banner Year for Exploited 0-Day Bugs
Google Project Zero reported 58 exploited zero-day vulnerabilities in 2021, a record in the short time the team of security researchers has been keeping tabs. In a year-in-review report on the number instances a zero-day bug has been exploited in the wild, researchers noted the number a twofold...
Russia Lays Groundwork for Cyberattacks on U.S. Infrastructure
The Russian government is exploring “options for potential cyberattacks” on critical infrastructure in the U.S., the White House warned on Monday, in retaliation for sanctions and other punishments as the war in Ukraine grinds on. Officials said that its latest intelligence shows cyber-related...
Three Plugins with Same Bug Put 84K WordPress Sites at Risk
Researchers have discovered three WordPress plug-ins with the same vulnerability that allows an attacker to update arbitrary site options on a vulnerable site and completely take it over. Exploiting the flaw does require some action from the site administrator, however. On Nov. 5, 2021, the...
‘Spider-Man: No Way Home’ Download Installs Cryptominer
Global buzz around the release of Spider-Man: No Way Home is making tons of online noise – an ideal environment for cybercriminals to spread a Monero cryptominer disguised as a download of the newly released film. A torrent download of Spider-Man: No Way Home is circulating, infected with a...
Missouri Vows to Prosecute ‘Hacker’ Who Informed State About Data Leak
The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency’s site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code. The newspaper verified its findings with...
Proxyware Services Open Orgs to Abuse – Report
Services that allow consumers to resell their own internet bandwidth for profit to businesses that want to resell it are ripe for abuse, according to researchers. The burgeoning business model is growing in popularity with consumers who earn about $1 for every 10GB of their bandwidth shared with...
Tulsa’s Police-Citation Data Leaked by Conti Gang
The city of Tulsa, OK is asking some of its residents to keep a close eye on their personal and financial accounts after the Conti ransomware group leaked some 18,000 city files, mostly police citations, on the dark web. The leak stemmed from a May 6 ransomware attack that caused the city to shut...
Volkswagen Vendor Exposed Data of 3.3m Drivers
One of Volkswagen’s vendors left one of its systems open for nearly two years, exposing the personal data of 3.3 million customers – nearly all of them owners or wannabe owners of the automaker’s luxury brand of Audis – Volkswagen America said last week. The breach took place between August 2019...
Microsoft: Big Cryptomining Attacks Hit Kubeflow
Microsoft has spotted a new, widespread, ongoing attack targeting Kubernetes clusters running Kubeflow instances, in order to plant malicious TensorFlow pods that are used to mine for cryptocurrency. The Kubeflow open-source project is a popular framework for running machine learning ML tasks in...
Cyberattack Suspected in Cox TV and Radio Outages
A reported ransomware attack on Cox Media Group CMG has crippled streaming and other internal operations of dozens of radio and television stations scattered across America’s 20 broadcast markets. CMG has won’t comment on the reported attack and hasn’t responded to a request for comment. A member...
100M Android Users Hit By Rampant Cloud Leaks
More than 100 million Android users are at risk after 23 different mobile apps were found to leak personal data in the wake of rampant cloud misconfigurations. That’s according to Check Point Research, whose researchers found that emails, chat messages, location data, passwords, photos, personal...