15946 matches found
Black Basta Ransomware Teams Up with Malware Stalwart Qbot
A newcomer on the ransomware scene has coopted a 14-year-old malware variant to help it maintain persistence on a targeted network in a recent attack, researchers have found. Black Basta, a ransomware group that emerged in April, leveraged Qbot, a.k.a. Quakbot, to move laterally on a compromised...
Threat Actors Blanket Androids with Flubot, Teabot Campaigns
Researchers have discovered a raft of active campaigns delivering the Flubot and Teabot trojans through a variety of delivery methods, with threat actors using smishing and malicious Google Play apps to target victims with fly-by attacks in various regions across the globe. Researchers from...
Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet
A massive Minecraft tournament styled after the Netflix blockbuster Squid Game known, of course, as “SquidCraft” apparently inspired a distributed denial of service DDoS attack that took down the sole and state-owned internet service provider in Andorra. Internet-freedom monitoring company...
Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months
Overcoming Google Play app restrictions, attackers have successfully racked up more than 300,000 banking trojan installations over just the past four months in the official Android app marketplace. Researchers from Threat Fabric reported that these threat groups have honed their ability to use...
Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers
An APT has attacked two separate vaccine manufacturers this year using a shape-shifting malware that appears at first to be a ransomware attack but later shows to be far more sophisticated, researchers have found. Dubbed Tardigrade by the Bioeconomy Information Sharing and Analysis Center...
How to Defend against App Impersonation in 2021
Most users who install applications through legitimate channels such as the Google Play Store or the Apple Store do so with complete trust that their information is safe from malicious attacks. This makes sense, because they’re the official app stores for across the globe. However, despite tight...
Invest in These 3 Key Security Technologies to Fight Ransomware
A recent survey by Fortinet revealed that two-thirds of organizations had been the target of at least one ransomware attack – and 85 percent are more concerned about a ransomware attack than any other form of cyberattack. And, the evolving threat landscape is cited as one of the top challenges in...
OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances
Users of OpenSea, the world’s largest digital-collectible marketplace, have found their cryptocurrency wallets ripped off thanks to cyberattackers weaponizing security bugs that allowed them to highjack user accounts. The attacks revolved around boobytrapped art files, which circulated in the for...
Kaseya’s ‘Master Key’ to REvil Attack Leaked Online
Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month. However, while the key may be interesting to security researchers, it’s not likely to be of use to any of...
Chaos Malware: Ransomware and Wiper
An under-construction malware called Chaos has been spotted, which is being advertised on an underground forum as being available for testing. While it calls itself ransomware, an analysis revealed that it’s actually more of a wiper. According to Trend Micro researcher Monte de Jesus, Chaos has...
New CISA Director Confirmed, W.H. Gains Cyber-Director
The U.S. has made a key move to shore up its cybersecurity strategy, with the confirmation of Jen Easterly as the director of the Cybersecurity and Infrastructure Security Agency CISA on Monday. Easterly, a former official at the National Security Agency from 2011 to 2013 and two-time Bronze Star...
‘Oddball’ Malware Blocks Access to Pirated Software
The objective of most malware is some kind of gain — financial or otherwise — for the attackers who use it. However, researchers recently observed a unique malware with a single intent: Blocking the infected computers from visiting websites dedicated to software piracy. The malware which SophosLa...
Application Layer is Still the Front Door for Data Breaches
By Terry Ray, SVP and Fellow, Imperva Each year, the number of data breaches grows by 30% while the number of records compromised increases by an average of 224%. 2021 is far from over, but we’re already on pace for another record-setting year. In fact, Imperva research finds that more records we...
GEICO Alerts Customers Hackers Stole Driver License Data for Two Months
Threat actors stole driver license numbers from customers of GEICO insurance for nearly two months earlier this year due to a security flaw on its website that has since been fixed. The second-largest auto insurance provider in the United States disclosed the vulnerability in a data breach notice...
Lazarus Targets Defense Companies with ThreatNeedle Malware
The prolific North Korean APT known as Lazarus is behind a spear-phishing campaign aimed at stealing critical data from defense companies by leveraging an advanced malware called ThreatNeedle, new research has revealed. The elaborate and ongoing cyberespionage campaign used emails with COVID-19...
Nvidia's Anti-Cryptomining GPU Chip May Not Discourage Attacks
Nvidia, the chip company known for its gaming-friendly graphical processing units GPUs, said that its hotly anticipated GeForce RTX 3060 chipset, launching Thursday, has an added bonus of thwarting crypto-mining. Experts applaud the effort, but are skeptical the move will take the bullseye off th...
Ransomware Demands Spike 320%, Payments Rise
When it comes to paying the ransom in a ransomware attack, demands are on the rise. Yet, many companies that paid the ransom failed to receive a decryption key, in a survey issued Monday. In fact, pandemic-themed phishing scams, a sustained onslaught of ransomware attacks and the rise of a remote...
Rob Joyce to Take Over as NSA Cybersecurity Director
As the incoming Biden administration continues to shake up federal leadership, the National Security Agency announced Friday that Rob Joyce, who is currently serving at the U.S. Embassy in London, was named to lead its cybersecurity division. Joyce will inherit the job from Anne Neuberger, who wi...
Fired Healthcare Exec Stalls Critical PPE Shipment for Months
The FBI has announced that Christopher Dobbins pleaded guilty and was sentenced to a year in prison for breaching and temporarily disabling the Stradis Healthcare shipping system using a secret account, after being fired weeks earlier. Last March, as doctors reported having to ration and reuse...
Police Vouch for Hacker Who Guessed Trump’s Twitter Password
When Dutch ethical hacker Victor Gevers tried to alert Secret Service that he was able to guess the password to President Donald Trump’s Twitter handle last October, there were plenty of skeptics, most notably at the White House. Now, Dutch prosecutors have determined Gevers did, in fact, guess t...
RubyGems Packages Laced with Bitcoin-Stealing Malware
RubyGems, an open-source package repository and manager for the Ruby web programming language, has taken two of its software packages offline after they were found to be laced with malware. RubyGems provides a standard format for distributing Ruby programs and libraries in the service of building...
Cybersecurity Predictions for 2021: Robot Overlords No, Connected Car Hacks Yes
Predicting the future is always an iffy proposition. There’s the Nostradamus route, making predictions so cryptic and vague they could mean just about anything. Or you can go the TV psychic route and throw a handful of darts at the wall, highlighting the ones that stick and hope everyone ignores...
BEC Attacks: Nigeria No Longer the Epicenter as Losses Top $26B
A study of more than 9,000 instances of business email compromise BEC attacks all over the world shows that the number has skyrocketed over the past year, and that the social-engineering scam has expanded well beyond its historic roots in Nigeria. The report from Agari’s Cyber Intelligence Divisi...
Facebook 'SilentFade' Malware Attack Stole Credentials For Years
Facebook has detailed a wide-scale Chinese malware campaign that targeted its ad platform for years and siphoned $4 million from users’ advertising accounts. The campaign was addressed by the social media’s security teams after it first became active. Dubbed SilentFade short for “Silently running...
Razer Gaming Fans Caught Up in Data Leak
An estimated 100,000 customers of Razer, a purveyor of high-end gaming gear ranging from laptops to apparel, have had their private info exposed, according to a researcher. Click to register. Security consultant Bob Diachenko ran across a misconfigured Elasticsearch cloud cluster that exposed a...
Bug in Google Maps Opened Door to Cross-Site Scripting Attacks
A researcher earned a double-payment totaling $10,000 for a cross-site scripting XSS bug he found in Google Maps. He earned $5,000 initially. But when Google’s patch fell short, the researcher earned a second $5,000 for discovering the bypass to the fix. Zohar Shachar, head of application securit...
Airline DMARC Policies Lag, Opening Flyers to Email Fraud
More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. DMARC Domain-based Message Authentication, Reporting & Conformance is considered the industry standard for email authentication to prevent attackers from...
Black Hat 2020: Scaling Mail-In Voting Spawns Broad Challenges
Security researcher Matt Blaze opened Black Hat 2020 with a call-to-arms for cybersecurity experts, asking them during his keynote to leverage their passion for election security to help secure the upcoming U.S. presidential elections, which will likely be a mostly vote-by-mail affair. “This...
Google Bans Stalkerware Ads – With a Loophole
Google will soon prohibit ads on its platform that promote stalkerware products and services – but the tech giant’s ban comes with a catch that some security experts worry will render it ineffective. Starting August 2020, Google’s ads policy will be updated to ban advertisements for stalkerware,...
Ring Doorbell's Police Partnerships Questioned Over Racial Bias
A U.S. congressman is asking Amazon if it plans to place a moratorium on police access to its Ring smart doorbell video footage, citing concerns around surveillance and racial bias. The inquiry comes on the heels of Amazon saying it would halt the sale of its Rekognition facial recognition platfo...
BofA Phish Gets Around DMARC, Other Email Protections
A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month, with emails that get around secure gateway protections and heavy-hitting protections like DMARC. The campaign involves emails that ask recipients to update their email addresses, warning...
Five Password Tips for Securing the New WFH Normal
The shift to working from home is pushing system administrators to adjust to a new security normal. This includes new, high-profile challenges, such as the adoption of cloud applications, remote access to digital assets, and remote client support, to name a few. That said, good old-fashioned...
Premier League's Return: A Hat Trick of Cyberthreats?
England’s Premier League is returning this week, with millions of soccer fans around the world looking to stream matches using their online video accounts. Unfortunately, the U.K.’s National Cyber Security Centre NCSC is warning on phishing, fraud and brute-forcing attempts by attackers looking t...
Shlayer Mac Malware Returns with Extra Sneakiness
A fresh variant of the Shlayer Mac OSX malware with advanced stealth capabilities has been spotted in the wild, actively using poisoned Google search results in order to find its victims. According to researchers at Intego, the malware, like many malware samples before it, is purporting to be an...
Active PayPal Phishing Scam Targets SSNs, Passport Photos
A recently uncovered phishing campaign, targeting PayPal users, pulls out all the stops and asks victims for the complete spectrum of personal data – even going so far as to ask for social security numbers and uploaded photos of their passports. The campaign starts with a fairly run-of-the-mill...
U.N. Weathers Storm of Emotet-TrickBot Malware
The operators behind the notorious Emotet malware have taken aim at United Nations personnel in a targeted attack ultimately bent on delivering the TrickBot trojan. According to researchers at Confense, a concerted phishing campaign has been using emails purporting to be from the Permanent Missio...
Adobe Fixes 17 Critical Acrobat, Photoshop and Brackets Flaws
Adobe Systems is stomping out 17 critical vulnerabilities in Acrobat Reader, Photoshop and Brackets, which could lead to arbitrary code execution if exploited. Overall, Adobe released patches – as part of its regularly-scheduled updates – addressing 25 CVEs across various products, including its...
Podcast: Vendors, Suppliers, Partners – Oh My! Who Will Increase Your Risk of Account Takeover?
Your users’ login credentials are available for sale on the criminal underground — and criminals know it. For the third year running, the 2019 Verizon Data Breach Report calls out the use of weak and stolen credentials as the most common hacking tactic. This podcast is sponsored by SpyCloud The...
Stealth Falcon Targets Middle East with Windows BITS Feature
The notorious Stealth Falcon cyberespionage group has adopted a new backdoor using the Windows Background Intelligent Transfer Service BITS in its ongoing spyware attacks against journalists, activists and dissidents in the Middle East. According to researchers at ESET, attackers are exploiting t...
Sponsored Podcast: The Operationalization of Data With a Purpose
Security, intel and fraud teams are swimming in data. Data is not the problem, but operationalizing and making use of the data we have is. This podcast is sponsored by SpyCloud Taking this one step further is making use of the data with a purpose, specifically, to interrupt the criminal lifecycle...
Poll: Are You Creeped Out By Facial Recognition?
Several news incidents this week regarding facial recognition and biometrics have sparked discussions in the security space over privacy concerns and issues around consent. First, a JetBlue passenger made headlines in a now-viral Twitter exchange with the airline, about the facial-recognition...
Insecure Ride App Database Leaks Data of 300K Iranian Drivers
A researcher has discovered that over a quarter-million drivers of the Iranian ride hailing app Tap30 have had their data left publicly exposed in an insecure database. Tap30 is an online taxi application, similar to Uber, that connects users to drivers through the mobile app and the corporate...
Critical, Unpatched Cisco Flaw Leaves Small Business Networks Wide Open
A critical and unpatched vulnerability in the widely deployed Cisco Small Business Switch software leaves the door open to remote, unauthenticated attackers gaining full administrative control over the device – and therefore the network. Cisco Small Business Switches were developed for small offi...
Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign
An Adobe Flash Player zero-day exploit has been spotted in the wild as part of a widespread campaign, researchers said on Wednesday. Adobe has just issued a patch for the previously unknown critical flaw. The vulnerability, CVE-2018-15982, is a use-after-free flaw enabling arbitrary code executio...
Siemens Patches Firewall Flaw That Put Operations at Risk
Siemens AG on Tuesday issued a slew of fixes addressing eight vulnerabilities spanning its industrial product lines. The most serious of the patched flaws include a cross-site scripting vulnerability in Siemens’ SCALANCE firewall product. The flaw could allow an attacker to gain unauthorized acce...
Nine NAS Bugs Open LenovoEMC, Iomega Devices to Attack
Lenovo is warning of nine vulnerabilities rated “high” and impacting 20 separate network attached storage NAS devices sold by the company, including its LenovoEMC, Iomega and its Lenovo-branded NAS devices. By exploiting one of several command-injection vulnerabilities in the devices’ operating...
Rowhammer Variant ‘RAMpage’ Targets Android Devices All Over Again
Researchers have found a new variation of the Rowhammer attack technique they have dubbed RAMpage. The vulnerability could allow an adversary to create an exploit to gain administrative control over targeted Android smartphones and tablets. The flaw impacts Android devices dating back to 2012...
Foscam Issues Patches For Vulnerabilities in IP Cameras
Foscam is urging customers to update their security cameras after researchers found three vulnerabilities in that could enable a bad actor to gain root access knowing only the camera’s IP address. The vulnerability trifecta includes an arbitrary file-deletion bug, a shell command-injection flaw a...
Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes
Google updated its Chrome browser to version 67.0.3396.62 on Tuesday patching 34 bugs and adding support for the credential management API called WebAuthn. The update will be available in the coming days for Windows, Mac and Linux platforms, Google said. Most notably to the browser update are...
Quant Loader Trojan Spreads Via Microsoft URL Shortcut Files
Researchers are warning of a new email phishing campaign that downloads and launches the Quant Loader trojan, capable of distributing ransomware and stealing passwords. Barracuda on Tuesday said it has been tracking emails containing zipped Microsoft internet shortcut files with a “.url” file...