15946 matches found
‘DarkWatchman’ RAT Shows Evolution in Fileless Malware
A novel remote access trojan RAT being distributed via a Russian-language spear-phishing campaign is using unique manipulation of Windows Registry to evade most security detections, demonstrating a significant evolution in fileless malware techniques. Dubbed DarkWatchman, the RAT – discovered by...
Threat from Organized Cybercrime Syndicates Is Rising
From encrypting communications to fencing ill-gotten gains on underground sites, organized crime is cashing in on the digital revolution. The latest organized crime threat assessment from Europol issues a dire warning about the corrosive effect the rising influence of criminal syndicates is havin...
The State of Incident Response: Measuring Risk and Evaluating Your Preparedness
The coronavirus pandemic presented the perfect opportunity for security teams to evaluate the state of their incident-response process. In fact, it highlighted the dire need to implement a more structured, detailed and well-practiced plan to sufficiently support organizations when suffering a...
MacOS Flaw in Telegram Retrieves Deleted Messages
A vulnerability in a high-level privacy feature of Telegram on macOS that sets up a “self-destruct” timer for messages on both the sender’s and recipient’s devices can allow someone to retrieve these messages even after they’ve been deleted, a researcher has found. Reegun Richard Jayapaul,...
Data Exfiltration: What You Should Know to Prevent It
In today’s digitally driven era, data is the most critical component of a business. Companies are collecting more data than ever before, and constantly enhancing their operations through data-driven decisions. As a result, data leaks are a serious concern for companies of all sizes; if one occurs...
Police Grab Slilpp, Biggest Stolen-Logins Market
The U.S. Department of Justice DOJ announced on Thursday that a multinational operation has led to the seizure of Slilpp, a well-known marketplace for selling stolen online logins that offered more than 80 million sets of credentials for sale. Since 2012, Slilpp has been an underground market to...
Where Bug Bounty Programs Fall Flat
Eavesdropping on the chatter of 600+ cybercriminal forums shows that cybercriminals have specific preferences, shown by the flavors of exploits they requisition, and that the bug bounty programs either are too slow, don’t pay enough or are just the start of profit-making. A year-long study into t...
Cyberattack Forces Meat Producer to Shut Down Operations in U.S., Australia
The world’s largest meat distributor shut down some operations in both the United States and Australia over the Memorial Day weekend after a cyberattack on its IT systems that could have a significant effect on the food supply chain if not resolved quickly. Attackers targeted several servers...
Researchers Flag e-Voting Security Flaws
A group of election security experts said after a deep dive into Australia’s electronic voting systems that they have “serious problems” with the accuracy, integrity and privacy with elections run by the Australian Capital Territory ACT Electoral Commission. The team of four cybersecurity...
iPhone Hack Allegedly Used to Spy on China’s Uyghurs
In 2019, a Chinese security researcher working with the internet security and antivirus company Qihoo 360 unveiled an intricately woven exploit: One that would allegedly let a remote attacker easily jailbreak an iPhone X iOS 12.1. The researcher, Qixun Zhao, dubbed the exploit Chaos, for good...
Conti Gang Demands $40M Ransom from Florida School District
UPDATE The Conti Gang has demanded a $40 million ransom from a Fort Lauderdale, Fla., school district after a ransomware attack last month. Attackers stole personal information from students and teachers, disrupted the district’s networks, and caused some services to be unavailable. The incident...
Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws
Attackers are actively exploiting two recently-patched vulnerabilities in a popular suite of tools for WordPress websites from marketing platform Thrive Themes. Thrive Themes offers various products to help WordPress websites “convert visitors into leads and customers.” Its suite of products,...
Purple Fox Malware Targets Windows Machines With New Worm Capabilities
A malware that has historically targeted exposed Windows machines through phishing and exploit kits has been retooled to add new “worm” capabilities. Purple Fox, which first appeared in 2018, is an active malware campaign that until recently required user interaction or some kind of third-party...
Magecart Attackers Save Stolen Credit-Card Data in .JPG File
Magecart attackers have found a new way to hide their nefarious online activity by saving data they’ve skimmed from credit cards online in a .JPG file on a website they’ve injected with malicious code. Researchers at website security firm Sucuri discovered the elusive tactic recently during an...
Cybercriminal Enterprise 'Ringleaders' Stole $55M Via COVID-19 Fraud, Romance Scams
Click to Register U.S. law enforcement arrested six “ringleaders” of a Ghana-based cybercriminal enterprise, who had allegedly launched a slew of money-stealing scams dating back to 2013 that included romance scams, business email compromise attacks and fraud. Seized in the arrests were a slew of...
Kia Motors Hit With $20M Ransomware Attack – Report
So far, Kia Motors America has publicly acknowledged an “extended system outage,” but ransomware gang DoppelPaymer claimed it has locked down the company’s files in a cyberattack that includes a $20 million ransom demand. That $20 million will gain Kia a decryptor and a guarantee to not to publis...
Google Play Boots Barcode Scanner App After Ad Explosion
A barcode scanner app, with over 10 million downloads, was booted from the Google Play marketplace after users began to complain of mobile-ad overload. The makers of the app, called Barcode Scanner, intentionally altered the code of the app via an update turning it from a benign app to adware,...
Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise
Two web skimmers have been discovered on the payment webpages of Costway, one of the top retailers in North America and Europe, which sells appliances, furniture and more. The skimmers are targeting consumers’ credit-card payment details. In a twist, researchers say one of these web skimmers is...
Agent Tesla Trojan 'Kneecaps' Microsoft's Anti-Malware Interface
Researchers have identified new versions of the Agent Tesla remote access trojan RAT that target the Windows anti-malware interface used by security vendors to protect PCs from attacks. The newly discovered variants have also adopted new obfuscation capabilities, raising the stakes for businesses...
Malwarebytes Hit by SolarWinds Attackers
Malwarebytes is the latest discovered victim of the SolarWinds hackers, the security company said – except that it wasn’t targeted through the SolarWinds platform. “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor,” it...
ElectroRAT Drains Cryptocurrency Wallet Funds of Thousands
A new remote access tool RAT has been discovered being used in an extensive campaign. The attack has targeted cryptocurrency users in an attempt to collect their private keys and ultimately to drain their wallets. The never-before-seen RAT at the center of the campaign, which researchers dub...
Cloud is King: 9 Software Security Trends to Watch in 2021
IT security professionals have largely spent the year managing a once-in-a-generation workforce shift from office to home in 2020. With the initial push over, experts predict that 2021 will be focused on shoring up the cloud and re-imagining organizational workflows under this new normal. Softwar...
Critical, Unpatched Bug Opens GE Radiological Devices to Remote Code Execution
A pair of critical vulnerabilities have been discovered in dozens of GE Healthcare radiological devices popular in hospitals, which could allow an attacker to gain access to sensitive personal health information PHI, alter data and even shut the machine’s availability down. The flaws affect 100...
Russian Espionage Group Updates Custom Malware Suite
The advanced persistent threat APT known as Turla is targeting government organizations using custom malware, including an updated trio of implants that give the group persistence through overlapping backdoor access. Russia-tied Turla a.k.a. Ouroboros, Snake, Venomous Bear or Waterbug is a...
Carnival Corp. Ransomware Attack Affects Three Cruise Lines
Hackers accessed personal information of guests, employees and crew for three cruise line brands and the casino operations of Carnival Corp. in a ransomware attack the company suffered on Aug. 15, officials have confirmed. Carnival Cruise Line, Holland America Line and Seabourn were the brands...
Malware Families Turn to Legit Pastebin-Like Service
Cybercriminals are increasingly turning to a legitimate, Pastebin-like web service for downloading malware — such as AgentTesla and LimeRAT — in spear-phishing attacks. Pastebin, a code-hosting service that enables users to share plain text through public posts called “pastes,” currently has 17...
UPDATE – TikTok Ban: Security Experts Weigh in on the App's Risks
UPDATE Chinese apps TikTok and WeChat over the weekend have gotten an 11th hour reprieve from a plan to cut off access to them. As a ban on U.S. downloads loomed for Sunday, TikTok owner ByteDance reached an agreement to sell significant ownership stakes to Oracle and Walmart. While the deal is...
DDoS Attacks Skyrocket as Pandemic Bites
The first half of 2020 saw a significant uptick in the number of distributed denial-of-service DDoS attacks compared to the same period last year — a phenomenon that appears to be directly correlated to the global coronavirus pandemic. Neustar’s Security Operations Center SOC saw a 151 percent...
New Global Threat Landscape Report Reveals 'Unprecedented' Cyberattacks
A newly released threat report, tracking the biggest trends in the cybercriminal landscape, shows that attackers have been capitalizing on the global pandemic in various ways – from ransomware to web-based malware. Derek Manky Derek Manky, Chief, Security Insights & Global Threat Alliances at...
Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem
Social media used as a cudgel for nation-states to sway opinion is a cybersecurity threat CISOs can’t ignore — and need to understand better and mitigate against. That’s the message from Renée DiResta, research manager at the Stanford Internet Observatory, who said she is seeing a steady growth a...
Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills
Encryption expert Riana Pfefferkorn believes new proposed laws – the EARN IT Act and the Lawful Access to Encrypted Data Act – pose dire threats to cybersecurity and privacy. In this Threatpost interview, Pfefferkorn, who is associate director of Surveillance and Cybersecurity at the Stanford...
Microsoft Seizes Malicious Domains Used in Mass Office 365 Attacks
Microsoft has seized several domains associated with a massive hacking campaign, which has targeted Office 365 accounts with phishing and business email compromise BEC emails. The sophisticated phishing attacks, which first began in December, have since compromised Office 365 accounts in 62...
EvilQuest: Inside A 'New Class' of Mac Malware
The new malware sample discovered this week, dubbed EvilQuest by security researchers, may be ushering in a new class of Mac malware, according to Thomas Reed, director of Mac and mobile with Malwarebytes. While EvilQuest pretends to be ransomware, in the background it’s actually using its...
Qbot Trojan Reappears to Go After U.S. Banking Customers
Qbot, an ever-evolving information-stealing trojan that’s been around since 2008, has reappeared after a hiatus to target customers of U.S. financial institutions. Its latest variant features fresh capabilities to help it remain undetected. Qbot a.k.a. Qakbot or Pinkslipbot harvests browsing data...
Twitter Disrupts Wide-Ranging Political Disinformation Campaigns
Twitter has taken down three separate nation-sponsored influence operations, attributed to the People’s Republic of China PRC, Russia and Turkey. Collectively the operations consisted of 32,242 bogus or bot accounts generating the content and various amplifier accounts that retweeted it. “Every...
Minneapolis Police Department Hack Likely Fake, Says Researcher
As protests continue to proliferate across the globe in the wake of George Floyd’s death, the Minneapolis Police Department is making news for something else: A supposed hack, perpetrated at the hands of the Anonymous hacktivist group. According to Troy Hunt at Have I Been Pwned HIBP, the group o...
Login with Facebook Bug Earns $20K Bounty
Facebook has awarded a security researcher $20,000 for discovering a cross-site scripting XSS vulnerability in the Facebook Login SDK, which is used by developers to add a “Continue with Facebook” button to a page as an authentication method. Exploitation could allow threat actors to hijack...
Sphinx Malware Returns to Riddle U.S. Targets, with Modifications
The Zeus Sphinx banking trojan has seen a recent resurgence in the United States, sporting some modifications and using COVID-19 spam as a lure. Sphinx re-emerged in December but saw a big spike in March via the use of coronavirus themes. Since April, it has been seen attacking U.S. targets with ...
Shade Threat Actors Call It Quits, Release 750K Encryption Keys
The threat actors behind the Shade ransomware have called it quits, releasing 750,000 encryption keys on GitHub and publicly apologizing to victims affected by the malware. User “shade-team” posted four files on the code repository earlier this week, one containing the file keys and four “ReadMe”...
Tencent Ups Top Bug-Bounty Award to $15K
The Tencent Security Response Center TSRC is launching an expanded bug-bounty program, via the HackerOne white-hat platform – and the company has increased its top reward to $15,000. Tencent, a China-based global internet service provider, is opening up its existing bug-bounty program to...
Firefox Bug Opens iPhone AirPods to Third-Party Snooping
Five high-severity bugs were fixed in the Firefox web browser with the release of version 74 by the Mozilla Foundation on Tuesday. In addition, Mozilla reported a quirky moderate-severity flaw that allows hackers to target iPhone users and collect data tied to connected AirPods, if in use. In...
Spread of Coronavirus-Themed Cyberattacks Persists with New Attacks
As the coronavirus blows up into a worldwide pandemic, threat actors continue to exploit the disease to spread malware. Just this week, cybersecurity professionals identified a bevy of new threats ranging from coronavirus-themed malware attacks, booby-trapped URLs and credential stuffing scams. O...
Loyalty Cards Targeted in Tesco Clubcard Attack
U.K. supermarket giant Tesco is warning on a credential-stuffing attack that potentially affects 600,000 members of its Clubcard loyalty program. It said that it detected cybercriminals trying out different name and password combos, gleaned from a database of stolen usernames and passwords for...
TrickBot Adds ActiveX Control, Hides Dropper in Images
The TrickBot banking trojan has gotten trickier, with the addition of a Windows 10 ActiveX control to execute malicious macros in boobytrapped documents. Michael Gorelik, researcher at Morphisec Labs, said that at least two dozen documents have come to light in the last few weeks that use ActiveX...
Gamaredon APT Improves Toolset to Target Ukraine Government, Military
The Gamaredon advanced persistent threat APT group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been tracking an uptick in...
As Necurs Botnet Falls from Grace, Emotet Rises
A mid-January spam campaign by criminals behind the popular Necurs botnet shows a dramatic drop in skill and savvy by perpetrators. In a shift from sending sophisticated messages with lethal payloads, Necurs botnets are now peddling get-rich-quick spam messages in what researchers are calling...
Man Sentenced in ATM Skimming Conspiracy
A New York state man has been sentenced to five years for an elaborate ATM skimming conspiracy that allowed him to steal at least $390,141 from victims. Bogdan Rusu, 39, of Queens, NY pleaded guilty to participating in the scheme, which used secret card-reading devices and pinhole cameras on...
The Scammer Force is Strong with Star Wars: The Rise of Skywalker
Whenever the internet lights up in anticipation of anything, there are fraudsters and scammers waiting in the wings to take advantage of it. This week’s premiere of Star Wars: The Rise of Skywalker is no exception, with cybercriminals eyeing one of the world’s most beloved franchises as rich fodd...
Ring Plagued by Security Issues, Flood of Hacks
Serious security holes in the Ring smart doorbell have been uncovered, according to a new investigation. For instance, Ring owners aren’t notified of suspicious login alerts when devices are accessed on various IP addresses — and there are seemingly no limitations for incorrect login attempts. Th...
China-Linked Hackers Spy on Texts With MessageTap Malware
Researchers have discovered a new malware used for cyber-espionage efforts by China-linked threat group APT41. The malware intercepts telecom SMS server traffic and sniffs out certain phone numbers and SMS messages – particularly those with keywords relating to Chinese political dissidents. The...