15946 matches found
Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities
Living-off-the-land binaries LOLBins are no joke: Cyberattackers have been increasingly making use of them to hide their malicious work from security solutions. It’s time for threat hunters and IT security staff to familiarize themselves with how these are used in the attack chains of some of the...
Web Censorship Systems Can Facilitate Massive DDoS Attacks
Researchers are warning internet censorship systems are ripe for abuse by a new type of distributed denial of service DDoS attack. The potential for abuse is concerning, researchers say, because attacks would take advantage of a type of reflection and amplification, which would be “extremely...
Terrorist Watchlist Exposed Online with Nearly 1.9M Records
A researcher has revealed the discovery of a federal terrorist watchlist that includes 1.9 million records, which were available online without any security protections. The data remained exposed for three more weeks even after the Department of Homeland Security DHS was informed about it...
Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections
Israeli-based NSO Group is being blasted in a groundbreaking report that alleges that the company’s controversial Pegasus malware is being used to target activists, journalists, business executives and politicians on a widespread level, using a variety of exploits — including a zero-click zero-da...
Cryptominer Farm Rigged with 3,800 PS4s Busted in Ukraine
Authorities in Ukraine have made another cybersecurity bust — this time shutting down what they said is one of the largest underground cryptomining operations ever found. The ring was apparently run by stringing together 3,800 Sony PlayStation 4 PS4 gaming consoles. Cryptominers serve as auditors...
MacOS Targeted in WildPressure APT Malware Campaign
Threat actors known as WildPressure have added a macOS malware variant to their latest campaign targeting energy sector businesses, while enlisting compromised WordPress websites to carry out attacks. Novel malware, initially identified in March 2020 and dubbed Milum, has now been retooled with a...
Cryptominers Slither into Python Projects in Supply-Chain Campaign
A group of cryptominers was found to have infiltrated the Python Package Index PyPI, which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where...
Monumental Supply-Chain Attack on Airlines Traced to State Actor
A monster cyberattack on SITA, a global IT provider for 90 percent of the world’s airline industry, is slowly unfurling to reveal the largest supply-chain attack on the airline industry in history. The enormous data breach, estimated to have already impacted 4.5 million passengers, has potentiall...
Mysterious Custom Malware Collects Billions of Stolen Data Points
Researchers have uncovered a 1.2-terabyte database of stolen data, lifted from 3.2 million Windows-based computers over the course of two years by an unknown, custom malware. The heisted info includes 6.6 million files and 26 million credentials, and 2 billion web login cookies – with 400 million...
Cybersecurity Bug-Hunting Sparks Enterprise Confidence
Nearly three-quarters of IT security professionals 73 percent surveyed say they prefer to buy technology and services from vendors who are proactive about security, including leveraging ethical hacking and having transparent communications about vulnerabilities. But less than half of vendors...
Daycare Webcam Service Exposes 12,000 User Accounts
NurseryCam, a webcam service used across 40 daycare centers in the U.K. by parents who want to keep a watchful eye on their babies, has shut down following a data breach. The breach exposed the personal data of about 12,000 users to an attacker who said he or she was trying to improve the service...
SQL Server Malware Tied to Iranian Software Firm, Researchers Allege
Researchers have made new discoveries surrounding the source of a previously-uncovered cryptomining operation that has targeted internet-facing database servers. The campaign, dubbed MrbMiner, was discovered in September 2020 downloading and installing a cryptominer on thousands of SQL servers...
Changing Employee Security Behavior Takes More Than Simple Awareness
Security awareness rarely leads to sustained behavior change on its own, according to a recent analysis – meaning that organizations need to proactively develop a robust “human-centered” security program to reduce the number of security incidents associated with poor security behavior. According ...
Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs
Security researchers are blasting Apple for a feature in the latest Big Sur release of macOS that allows some Apple apps to bypass content filters and VPNs. They say it is a liability that can be exploited by threat actors to bypass firewalls and give them access to people’s systems and expose...
Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe
More than 100 smart-irrigation systems deployed across the globe were installed without changing the factory’s default, passwordless setting, leaving them vulnerable to malicious attacks, according to recent findings from Israeli security research firm Security Joes. The researchers immediately...
QR Codes: A Sneaky Security Threat
If it seems like QR codes have popped up everywhere these days, you’re right. Ever since they were first used by the Japanese auto industry to streamline manufacturing processes, companies everywhere have capitalized on the benefits of QR codes. They’re cheap to deploy and can be applied to almos...
Stolen Fortnite Accounts Earn Hackers Millions Per Year
UPDATE Hackers are scoring more than a million dollars annually selling compromised accounts for the popular Fortnite video game in underground forums. With Fortnite’s immense popularity skyrocketing over the past few years – it currently has more than 350 million global players – the game is a...
Hosting Provider's Database of Crooked Customers Leaked
A hacker has leaked online the database of the largest free hosting service popular with cybercriminals, the result of a breach that took down the service earlier this year, according to a published report. A hacker going by the online name of “KingNull” uploaded on a file-hosting site a database...
ThreatList: Human-Mimicking Bots Spike, Targeting e-Commerce and Travel
Bad bots, bad bots, whatcha gonna do? Target e-commerce, the travel industry, media and online marketplaces, that’s what. Those are the top four verticals attacked by bots in the last year, according to data released on Wednesday from Radware, with e-commerce accounting for the most activity. In...
WHO Targeted in Espionage Attempt, COVID-19 Cyberattacks Spike
The World Health Organization WHO has attracted the notice of cybercriminals as the worldwide COVID-19 pandemic continues to play out, with a doubling of attacks recently, according to officials there. Problematically, evidence has also now apparently surfaced that the DarkHotel APT group has tri...
Microsoft Edge Shares Privacy-Busting Telemetry, Research Alleges
Microsoft Edge is one of the least private web browsers — even more so than other popular browsers like Google Chrome and Mozilla Firefox — according to academic researchers. According to the analysis, from Douglas Leith with the School of Computer Science and Statistics at Trinity College in...
New Bill Proposes NSA Surveillance Reforms
A newly-introduced bill is proposing sweeping privacy reforms to a controversial government surveillance program, which has been previously used by the National Security Agency NSA to vacuum up the call records of millions of Americans. The “Safeguarding Americans’ Private Records Act” was...
McDonalds-Themed Facebook Ads Serve Up Banking Trojans
The Mispadu banking trojan is using a McDonalds malvertising tactic to ultimately steal payment-card data and online banking information. Written in Delphi, Mispadu targets Brazil and Mexico, uses pop-up windows and contains backdoor functionality. According to researchers at ESET, Mispadu spread...
Malware Loader ‘Brushaloader’ Grows More Menacing
The tenacious loader malware called Brushaloader is growing more menacing, showing no signs of abatement despite best efforts by security professionals. First identified in June 2018, the Brushaloader malware is now more pervasive, stealthy and growing in popularity faster than ever before. New...
Latest Qbot Variant Evades Detection, Infects Thousands
Qbot, an information-stealing trojan that has been around for 10 years, has resurfaced again with a new phishing-based infection technique that is able to evade anti-spam defenses. Varonis Security Research spotted the fresh global Qbot campaign in March. Researchers said they have positively...
Free Cynet Threat Assessment for Mid-sized and Large Organizations
If you cannot see what’s happening in your network, your ability to make smart security decisions will suffer. Many vendors offer threat assessment options, but they usually require an investment of time and resources. One vendor out there – Cynet – is offering a no-cost threat assessment to...
RSA Conference 2019: BEC Scammer Gang Takes Aim at Boy Scouts, Other Nonprofts
SAN FRANCISCO – A Nigeria-based scammer gang dubbed “Scarlet Widow” has been launching email fraud attacks against thousands of targets – including universities, the Salvation Army, and Boy Scouts of America. Researchers with Agari detailed the attack during an RSA Conference session on Tuesday...
Facebook Bans More Than 800 Accounts in Disinformation Purge
Facebook on Thursday announced it has removed hundreds of pages and accounts as the company cracks down on spam. The move comes at a time when Facebook is under intense scrutiny about how it handles misinformation, particularly as the U.S. midterm elections draw near. The company said it has...
Google Detects and Boots Tizi Spyware Off Google Play
The Google Play Protect team said it identified a new strain of Android spyware called Tizi found inside several apps previously available via the Google Play marketplace. The recent discovery triggered a wider investigation by Google who said apps infected by the Tizi malware date back to 2015...
Linux Foundation Badge Program Boost Open Source Security
The Linux Foundation says a new Core Infrastructure Initiative CII Best Practices Badge program launched Tuesday will help companies interested in adopting open source technologies evaluate projects based on security, quality and stability. The CII Best Practices Badge does not issue certificates...
FTC, Experts Push Startups to Think About Security From the Beginning
About a decade ago, many large software makers learned some very difficult lessons about software security and building security into their products from the start. Some are still learning. The FTC and a variety of security experts are hoping that today’s crop of start-ups will not have to go...
Microsoft Advisory Warns of Word Zero-Day Attacks
Targeted attacks have been spotted against a zero-day vulnerability in Microsoft Word 2010, leading Microsoft to issue a special security advisory and produce a Fix-it solution for users until a patch is ready. Microsoft also said that its Enhanced Mitigation Experience Toolkit EMET is a temporar...
Java Still a Favorite Target of Attackers
Java has become virtually unavoidable in the last few years, and it’s installed on hundreds of millions of PCs around the world. A huge number of those installations are vulnerable versions of Java, and this fact has not escaped the attention of attackers, who have made the technology one of thei...
ExploitHub Offering Bounties – And Residuals – for Exploits
NSS Labs’ announced today that their penetration-testing site, Exploithub, will be offering bounties to researchers for developing exploits for12 high-value vulnerabilities. Exploithub is putting up $4,400 for working exploits against what the company describes as a “dirty dozen” of client-side...
Microsoft Plugs IE Drive-By Download Flaws
Microsoft today shipped a cumulative Internet Explorer update with patches for 10 security holes, including a drive-by download vulnerability that’s already being used in malware attacks. The critical MS08-018 update patches security holes that could lead to code execution attacks on all versions...
PBS Website Compromised, Used to Serve Exploits
Some sections of the popular PBS.org Web site have been hijacked by hackers serving up a cocktail of dangerous exploits. According to researchers at Purewire, attempts to access certain PBS Web site pages yielded JavaScript that serves exploits from a malicious domain via an iframe. The malicious...
Universities Put Email Users at Cyber Risk
Top U.S. universities are among the worst in the world at protecting users from email fraud, lacking security measures to prevent common threat tactics such as domain spoofing or other types of fraudulent emails, researchers have found. Ninety-seven percent of the top 10 universities in the Unite...
Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches
AUTHOR: Mohit Tiwari, CEO and Co-Founder, Symmetry Systems Compromised credentials and identities, third-party breaches, API attacks, and application exploits are all foundational entry points for today’s hackers. Recent months have brought many high-profile breaches from Samsung and Nvidia to Ok...
Cyberattackers Put the Pedal to the Medal: Podcast
Cyber-defenders have a lot on their plates: Rapid vulnerability exploitation. Ransomware-apalooza. Botnet infestations on the order never seen in the past. How can IT security teams effectively deal with the escalating volume of threats, especially as those threats become more sophisticated and...
MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists
Malicious files doctored up to look like legitimate content related to the Israeli-Palestine conflict are being used to target prominent Palestinians, as well as activists and journalists in Turkey, with spyware. That’s according to a disclosure from Zscaler, which attributes the cyberattacks to...
Three Plugins with Same Bug Put 84K WordPress Sites at Risk
Researchers have discovered three WordPress plug-ins with the same vulnerability that allows an attacker to update arbitrary site options on a vulnerable site and completely take it over. Exploiting the flaw does require some action from the site administrator, however. On Nov. 5, 2021, the...
Log4Shell Is Spawning Even Nastier Mutations
The internet has a fast-spreading, malignant cancer – otherwise known as the Apache Log4j logging library exploit – that’s been rapidly mutating and attracting swarms of attackers since it was publicly disclosed last week. Most of the attacks focus on cryptocurrency mining done on victims’ dimes,...
Cisco Issues Critical Fixes for High-End Nexus Gear
Cisco Systems released six security patches tied to its high-end 9000 series networking gear ranging in importance from critical, high and medium severity. The most serious of the bugs patched by Cisco rated 9.1 out of 10 could allow a remote and unauthenticated adversary to read or write arbitra...
1M Stolen Credit Cards Hit Dark Web for Free
Threat actors have leaked 1 million stolen credit cards for free online as a way to promote a fairly new and increasingly popular cybercriminal site dedicated to…selling payment-card credentials. Researchers from threat intelligence firm Cyble noticed the leak of the payment-card data during a...
The True Impact of Ransomware Attacks
One of the most damaging myths about ransomware attacks is, “If your company does regular system backups, you don’t have to worry. Just restore from the backup.” While system backups are crucial — power outages, natural disasters, or even mistakes by employees can destroy data just as quickly as ...
Amazon Sidewalk Poised to Sweep You Into Its Mesh
Tweet On June 8, Amazon, the Web giant with tentacles reaching into every nook and cranny of our lives, is going to stretch those tentacles out further by turning all its gadgets into little cell towers so they can help each other out with little slices of bandwidth. It’s created a new Wi-Fi...
Microsoft, Google Clouds Hijacked for Gobs of Phish
Threat actors are cashing in on the rapid shift to cloud-based business services during the pandemic, by hiding behind ubiquitous, trusted services from Microsoft and Google to make their email phishing scams look legit. And it’s working. In fact, in the first three months of 2021 alone,...
4 Ways Cyberattackers Hunt for Security Bugs
Blue teamers are in constant battle against hackers — faceless adversaries whose persistence can seem unending. But these actors have processes just like corporate operations, even if theirs are bootlegged. Attackers seek the path of least resistance: Gain access with as little effort as possible...
Swiss Army knife For Information Security: What is Comprehensive Protection?
Written by Sergey Ozhegov, CEO of SearchInform In the early days of information security, we used to rely on antivirus and firewall in our arsenal. Once I even “caught” a leak with the help of the firewall logs: I noticed an atypically large data upload and found out that the user was uploading...
Crossing the Line: When Cyberattacks Become Acts of War
The Cold War concept isn’t outdated. In the decades since the fall of the Soviet Union, the battleground has simply shifted from conflicts between ideological proxy governments to cyberspace. And the opponents have grown from a few primary nations into a broad range of sovereign threat actors. Th...