Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators

Google’s Threat Analysis Group TAG has disrupted the blockchain-enabled botnet known as Glupteba, which is made up of around 1 million compromised Windows and internet of things IoT devices. In tandem, Google also filed a lawsuit against the botnet’s operators. Glupteba, already a formidable...

SolarWinds Attackers Spotted Using New Tactics, Malware

One year after the notorious and far-reaching SolarWinds supply-chain attacks, its orchestrators are on the offensive again. Researchers said they’ve seen the threat group – which Microsoft refers to as “Nobelium” and which is linked to Russia’s spy agency – compromising global business and...

Crypto-Exchange BitMart to Pay Users for $200M Theft

Cryptocurrency exchange BitMart has pledged to dig into its own pocket to pay back users affected in a cyberattack that drained it of about $150 million worth of cryptocurrencies, according to a tweet put out by BitMart CEO Sheldon Xia on Monday. 2/4 BitMart will use our own funding to cover the...

Are You Guilty of These 8 Network-Security Bad Practices?

They say the first step in addressing a serious issue is admitting you have a problem. And so it is with network security. The ongoing explosion of ransomware events and breaches many of which the public never hears about is elevating network security to a top corporate priority. Employees are...

Cyber Command Publicly Joins Fight Against Ransomware Groups

Cybercriminals who launch attacks on critical U.S. companies are going to be targeted by the branch of the military known as Cyber Command, and everyone has been put on notice. Gen. Paul Nakasone, who heads up Cyber Command, told the New York Times this weekend that his team isn’t just going afte...

‘Cuba’ Ransomware Gang Hauls in $44M in Payouts

The “Cuba” ransomware gang has settled into a groove, compromising at least 49 entities in five critical sectors in the U.S. as of November, the FBI has warned. In a flash alert, the Feds attributed a rash of attacks on U.S. entities in the financial, government, healthcare, manufacturing and...

Pegasus Spyware Infects U.S. State Department iPhones

An unknown assailant planted NSO Group’s Pegasus spyware on the iPhones of at least nine U.S. State Department employees, according to four of Reuters’ sources who are familiar with the matter. Two of the sources said that the attacks took place over the last several months, hitting targets eithe...

Apache Kafka Cloud Clusters Expose Sensitive Data Large Companies

Some of the world’s largest companies have exposed reams of sensitive information from the cloud, researchers said – thanks to misconfigured Kafdrop instances. Kafdrop is a management interface for Apache Kafka, which is an open-source, cloud-native platform for collecting, analyzing, storing and...

Pandemic-Influenced Car Shopping: Just Use the Manufacturer API

The pandemic has caused huge disruptions in the supply chain for a wide variety of industries. One of the major areas feeling the global issues is the car industry. Fortunately, I found a way to exploit a manufacturer API to minimize my frustration. First, some background: Many outlets have widel...

Omicron Phishing Scam Already Spotted in UK

The global pandemic has provided cover for all sorts of phishing scams over the past couple of years, and the rise in alarm over the spread of the latest COVID-19 variant, Omicron, is no exception. As public health professionals across the globe grapple with what they fear could be an even more...

What Are Your Top Cloud Security Challenges? Threatpost Poll

There are myriad reasons that organizations are moving en masse to the cloud: Digital transformation, the ability to be more agile, cost reduction, better collaboration and productivity, and, in these pandemic times, a better ability to support remote working. Cybercriminals are moving to the clo...

Threat Group Takes Aim Again at Cloud Platform Provider Zoho

State-backed adversaries expanded attacks against cloud platform company Zoho and its ManageEngine ServiceDesk Plus software, a help desk and asset management solution. A recent campaign marks an uptick in attacks against the firm’s platform, which have also included past targeting of Zoho’s...

‘Double-Extortion’ Ransomware Damage Skyrockets 935%

The ransomware business is booming, and feeble corporate security and a flourishing ransomware-as-a-service RaaS affiliate market are to blame, researchers say. Access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers and RaaS tools can turn everyday petty...

Planned Parenthood Breach Opens Patients to Follow-On Attacks

Planned Parenthood’s Los Angeles PPLA division has been hacked, with cyberattackers making off with sensitive personal health information for at least 400,000 patients. In a data-breach notice PDF filed with the state of California, the organization said that it had detected the intrusion on Oct...

AT&T Takes Steps to Mitigate Botnet Found Inside Its Network

AT&T is taking action to take down a botnet that had set up shop inside its network, infecting 5,700 VoIP servers that route traffic from enterprise customers to upstream mobile providers. Researchers from Netlab, a network security division of Chinese tech giant Qihoo 360, first discovered what...

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

The plugin “Variation Swatches for WooCommerce,” installed across 80,000 WordPress-powered retail sites, contains a stored cross-site scripting XSS security vulnerability that could allow cyberattackers to inject malicious web scripts and take over sites. Variation Swatches is designed to allow...

Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments

A threat actor tracked as WIRTE has been assaulting Middle East governments since at least 2019 using “living-off-the-land” techniques and malicious Excel 4.0 macros. On Monday, Kaspersky reported that it observed the group in February using Microsoft Excel droppers, which planted hidden...

Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users

Attackers are impersonating the Iranian government in a widespread SMS phishing campaign that is defrauding thousands of Android users by installing malware on their devices that can steal their credit card data and siphon money from financial accounts. Researchers from Check Point Research...

How Decryption of Network Traffic Can Improve Security

Strong encryption is critical to protecting sensitive business and personal data. Google estimates that 95 percent of its internet traffic uses the encrypted HTTPS protocol, and most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. This is a...

Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks

Fallout from nation-state sponsored cyberattacks will no longer be covered under cyber-insurance policies issued by famed insurer Lloyd’s of London. The insurance juggernaut’s underwriting director Patrick Davidson just released four new Cyber War and Cyber Operation Exclusion Clauses, outlining...

Finland Faces Blizzard of Flubot-Spreading Text Messages

The Flubot banking trojan is blanketing Finland, spreading via Android phones that are sending millions of malicious text messages. On Friday, the National Cyber Security Centre NCSC-FI at the Finnish Transport and Communications Agency posted a “severe” alert about the malware blizzard, which it...

Panasonic’s Data Breach Leaves Open Questions

Consumer electronics giant Panasonic’s data breach raises questions, researchers say – given that more than two weeks after the incident was discovered, it’s unclear if customers’ personal information has been impacted. On Friday, Panasonic confirmed that its “network was illegally accessed by a...

Yanluowang Ransomware Tied to Thieflock Threat Actor

A threat actor previously tied to the Thieflock ransomware operation may now be using the emerging Yanluowang ransomware in a series of attacks against U.S. corporations, researchers have found. Researchers from Symantec, a division of Broadcom Software, found ties between Thieflock and Yanluowan...

IKEA Hit by Email Reply-Chain Cyberattack

As of Friday – as in, shopping-on-steroids Black Friday – retail titan IKEA was wrestling with a then-ongoing reply-chain email phishing attack in which attackers were malspamming replies to stolen email threads. BleepingComputer got a look at internal emails – one of which is replicated below –...

Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months

Overcoming Google Play app restrictions, attackers have successfully racked up more than 300,000 banking trojan installations over just the past four months in the official Android app marketplace. Researchers from Threat Fabric reported that these threat groups have honed their ability to use...

ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks

The North Korea-linked ScarCruft advanced persistent threat APT group has developed a fresh, multiplatform malware family for attacking North Korean defectors, journalists and government organizations involved in Korean Peninsula affairs. Since 2019, ScarCruft aka APT37 or Temp.Reaper has been...

Unpatched Windows 10 Zero-Day Allows Privileged File Access

An unpatched Windows security vulnerability could allow information disclosure and local privilege escalation LPE, researchers have warned. The issue CVE-2021-24084 has yet to get an official fix, making it a zero-day bug – but a micropatch has been rolled out as a stop-gap measure. Security...

Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers

An APT has attacked two separate vaccine manufacturers this year using a shape-shifting malware that appears at first to be a ransomware attack but later shows to be far more sophisticated, researchers have found. Dubbed Tardigrade by the Bioeconomy ​​Information Sharing and Analysis Center...

New Twists on Gift-Card Scams Flourish on Black Friday

Black Friday cyber-pariahs have revamped gift-card scams to better target modern online shoppers hungry for deals post-Thanksgiving. Experts warn new tactics include bogus gift-card generators that install malware designed to sniff out a victim’s cryptocurrency wallet address. Internet-based Blac...

9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery

Why would a game about a cat’s “cute diary” need permission to make phone calls or suss out your location? It doesn’t: “Cat cute diary” is one of 190 trojanized games that Doctor Web malware analysts have found on AppGallery, the official app store for Huawei Android. They’re littering the Androi...

GoDaddy Breach Widens to Include Reseller Subsidiaries

The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected. The additional affected companies are 123Reg, Domain Factory, Heart Internet, Host Europe, Media Temple and tsoHost. The world’s larges...

Apple Lawsuit Amps Up Pressure on Pegasus Spyware-Maker

In the wake of a zero-click zero-day exploit that was deployed against iPhone users, Apple has filed a lawsuit against NSO Group. The complaint alleges that the maker of the infamous Pegasus mobile spyware is responsible for the illegal surveillance of Apple users. The computing giant is looking...

Attackers Actively Target Windows Installer Zero-Day

Attackers are actively exploiting a Windows Installer zero-day vulnerability that was discovered when a patch Microsoft issued for another security hole inadequately fixed the original and unrelated problem. Over the weekend, security researcher Abdelhamid Naceri discovered a Windows Installer...

Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast

Ransomware is on the rise, and attackers are massing in never-before-seen numbers, lining up to find victims. Could the new year possibly get any worse? According to FortiGuard Labs, the answer is yes. According to its 2022 predictions, upcoming threats will target an expanding attack surface,...

How to Defend against App Impersonation in 2021

Most users who install applications through legitimate channels such as the Google Play Store or the Apple Store do so with complete trust that their information is safe from malicious attacks. This makes sense, because they’re the official app stores for across the globe. However, despite tight...

Common Cloud Misconfigurations Exploited in Minutes, Report

Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found. Researchers at Palo Alto Networks’ Unit 42 used a honeypot infrastructure of 320 nodes...

GoDaddy’s Latest Breach Affects 1.2M Customers

Web-hosting giant GoDaddy has confirmed another data breach, this time affecting at least 1.2 million of its customers. On Monday, the world’s largest domain registrar said in a public filing to the SEC that an “unauthorized third party” managed to infiltrate its systems on Sept. 6 – and that the...

Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches

As the holiday shopping season gets into full swing, merchants aren’t the only ones expecting to have a prosperous year. Fraudsters, too, are out to grab their illicit share of the money changing hands or accounts in the weeks ahead. Especially susceptible to theft by fraud are millions of...

Attackers Hijack Email Using Proxy Logon/Proxyshell Flaws

Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing email threads, researchers say. What’s still under discussion: whether the offensive is delivering SquirrelWaffle, the new email loader tha...

Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover

A high-severity security vulnerability in CloudLinux’s Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers. Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for...

Iranians Charged in Cyberattacks Against U.S. 2020 Election

The U.S. Department of Justice has unsealed charges against two Iranian nationals for cyberattacks against the U.S. 2020 presidential campaign, and there’s a $10 million reward offered for information on their activities. The two men, Seyyed Mohammad Hosein Musa Kazemi and Sajjad Kashian, alleged...

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years

Sky, a U.K. broadband provider, left about 6 million customers’ underbellies exposed to attackers who could remotely sink their fangs into their home networks: a nice, soft attack surface left that way for nearly 18 months as the company tried to fix a DNS rebinding vulnerability in customers’...

California Pizza Kitchen Serves Up Employee SSNs in Data Breach

California Pizza Kitchen CPK served up more than tasty meals recently after a data breach exposed the names and Social Security numbers SSNs of more than 100,000 current and former employees. The “external system breach” occurred on Sept. 15 at the popular U.S. pizza chain and affected 103,767...

Ransomware Phishing Emails Sneak Through SEGs

Secure email gateway SEG protections aren’t necessarily enough to stop phishing emails from delivering ransomware to employees, especially if the cybercrooks are using legitimate cloud services to host malicious pages. Researchers are raising the alarm over a phishing email kicking off a...

3 Top Tools for Defending Against Phishing Attacks

Even with the most sophisticated email scanning and phishing detection system available, phishing emails are still a very common intrusion vector for cybercriminals to use to introduce malware, including ransomware, to a business’ network. That’s because 1 increasingly, legitimate systems are use...

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months

A threat actor has been exploiting a zero-day vulnerability in FatPipe’s virtual private network VPN devices as a way to breach companies and gain access to their internal networks, since at least May, the FBI has warned. “As of November 2021, FBI forensic analysis indicated exploitation of a 0-d...

Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials

A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found. Researchers from DomainTools discovered the suspicious PDFs – which...

How to Choose the Right DDoS Protection Solution

Pankaj Gupta, Senior Director at Citrix Distributed denial of service DDoS attacks have become increasingly sophisticated, bigger, and economically motivated. Even after 25 years, they still pose a huge security risk for every business. This is in large part because DDoS attacks are relatively ea...

Fake Ransomware Infection Hits WordPress Sites

Fake red-on-black warnings have been plastered to hundreds of WordPress sites, warning that they’ve been encrypted. The warnings have at least one ransomware accoutrement that might look convincing at first blush: a countdown clock tick-tick-ticking away, warning site owners that they’ve got seve...

Netflix Bait: Phishers Target Streamers with Fake Service Signups

The past year’s massive migration of movie and television audiences to streaming services has provided scammers with a sweet opportunity to launch phishing attempts to lure would-be subscribers into giving up their payment information. Where there’s payment data, cybercriminals are sure to follow...