Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns

A state-backed Iranian threat actor has been using multiple CVEs – including both serious Fortinet vulnerabilities for months and a Microsoft Exchange ProxyShell weakness for weeks – looking to gain a foothold within networks before moving laterally and launching BitLocker ransomware and other...

Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts

A recently discovered phishing scam tried to takeover more than 125 high-profile user accounts on TikTok. Researchers said the campaign marks one of the first major attacks on “influencers” found on the TikTok social-media platform. Researchers at cloud email security provider Abnormal Security...

FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment

Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out to thousands of people from the FBI’s own email system on Friday night, has fingered the guy who allegedly pulled off the exploit. Register now for our LIVE event! Troia – white hat threat hunter, cybercrime investigat...

Rooting Malware Is Back. Here’s What to Look Out For.

Over the last several years, as the Android ecosystem matured, widely-distributed malware with rooting capabilities has become rare. But its rarity doesn’t mean it’s not still a threat. By definition, rooting malware is extremely dangerous because it can gain privileged access to the Android...

200M Adult Cam Model, User Records Exposed in Stripchat Breach

UPDATE A database containing the highly sensitive information on both users and models on the popular adult cam site Stripchat were discovered online, left completely unprotected. The data exposure puts models and users at risk of extortion, violence and more. Stripchat is a popular site founded ...

MosesStaff Locks Up Targets, with No Ransom Demand, No Decryption

The MosesStaff hacking group is aiming politically motivated, destructive attacks at Israeli targets, looking to inflict the most damage possible, researchers warned. Unlike other anti-Zionist hacktivists like the Pay2Key and BlackShadow gangs, which look to extort their victims and cause...

Emotet Resurfaces on the Back of TrickBot After Nearly a Year

Emotet, one of the most prolific and disruptive botnet malware-delivery systems, appears to be making a comeback after nearly a year of inactivity, researchers have found. A team of researchers from Cryptolaemus, G DATA and AdvIntel recently observed the TrickBot trojan launching what appears to ...

The Best Ransomware Response, According to the Data

Ransomware has become part of the cost of doing business, and driving down that cost can be the difference between recovery and catastrophe. A data analysis from Fox-IT, part of NCC Group, offers some best practices for how to minimize the fallout of a ransomware attack, after creating a dataset ...

High-Severity Intel Processor Bug Exposes Encryption Keys

A security vulnerability in Intel chips opens the door for encrypted file access and espionage, plus the ability to bypass copyright protection for digital content. That’s according to Positive Technologies PT, which found that the vulnerability CVE-2021-0146 is a debugging functionality with...

Cybercriminals Target Alibaba Cloud for Cryptomining, Malware

Cybercriminals are targeting Alibaba Elastic Computing Service ECS instances, disabling certain security features to further their cryptomining goals. Alibaba offers a few unique options that make it a highly attractive target for attackers, researchers noted. Register now for our LIVE event!...

FBI Says Its System Was Exploited to Email Fake Cyberattack Alert

The FBI admitted on Monday morning that an attacker exploited a flaw in how an agency messaging system is configured: a flaw that let an unknown party send out a flood of fake “urgent” warnings about bogus cyberattacks. The Spamhaus Project, a European nonprofit that monitors email spam, detected...

Threat from Organized Cybercrime Syndicates Is Rising

From encrypting communications to fencing ill-gotten gains on underground sites, organized crime is cashing in on the digital revolution. The latest organized crime threat assessment from Europol issues a dire warning about the corrosive effect the rising influence of criminal syndicates is havin...

Costco Confirms: A Data Skimmer’s Been Ripping Off Customers

Costco has discovered a payment card skimming device at one of its retail stores and has sent out notification letters informing customers that their card data may have been ripped off if they shopped there recently. Some customers have been aware for weeks that something was fishy and have been...

Top 10 Cybersecurity Best Practices to Combat Ransomware

If you’re like most IT professionals, the threat of a ransomware attack might keep you up at night. And you have a valid reason to worry — ransomware doesn’t discriminate. Organizations across every industry, public or private, are potential victims, if they haven’t been victims already. In fact,...

Windows 10 Privilege-Escalation Zero-Day Gets Unofficial Fix

A partially unpatched security bug in Windows that could allow local privilege escalation from a regular user to System remains unaddressed fully by Microsoft – but an unofficial micropatch from oPatch has hit the scene. The bug CVE-2021-34484 was originally disclosed and patched as part of...

Mac Zero Day Targets Apple Devices in Hong Kong

Since at least late August, attackers have been using flaws in macOS and iOS – including in-the-wild use of what was then a zero-day flaw – to install a backdoor on the Apple devices of users who visited Hong Kong-based media and pro-democracy sites. This isn’t a finely targeted campaign, but it’...

Millions of Routers, IoT Devices at Risk from BotenaGo Malware

Newly surfaced malware that is difficult to detect and written in Google’s open-source programming language has the potential to exploit millions of routers and IoT devices, researchers have found. Discovered by researchers at AT&T AlienLabs, BotenaGo can exploit more than 30 different...

Invest in These 3 Key Security Technologies to Fight Ransomware

A recent survey by Fortinet revealed that two-thirds of organizations had been the target of at least one ransomware attack – and 85 percent are more concerned about a ransomware attack than any other form of cyberattack. And, the evolving threat landscape is cited as one of the top challenges in...

Back-to-Back PlayStation 5 Hacks Hit on the Same Day

A pair of PlayStation 5 breaches shows the consoles don’t have protection from attackers taking over its most basic functions. Both exploits were posted on Twitter on Nov. 7 without disclosure to Sony or specifics, but they nonetheless signal potential security problems to come for the gaming...

Designing a Proactive Ransomware Playbook for Today’s Threat Landscape

By Paul Baird, Chief Technology Security Office, Qualys Ransomware attacks are among the most significant cyber-threats facing organizations today. According to research by Gartner, ransomware is the highest priority 78 percent and most important emerging risk to track. Yet, organizations are sti...

Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash

Russian-language group Void Balaur, also tracked under the name Rockethack, has been identified as a prolific cyber-mercenary group, available for hire to break into the email and social-media accounts of high-profile, high-stakes targets around the world. After monitoring Void Balaur for more th...

Congress Mulls Banning Big Ransomware Payouts

A U.S. lawmaker has introduced a bill – the Ransomware and Financial Stability Act H.R.5936 PDF – that would make it illegal for financial firms to pay ransoms over $100,000 without first getting the government’s permission. The legislation was introduced on Wednesday by the top Republican on the...

Operationalizing Threat Intelligence with User-Driven Automation

Security operations centers SOCs and threat analysts are struggling with ever-increasing and growing cyberthreats. Massive volumes of data created every second lead to new vulnerabilities and attack vectors. How do SOCs and incident response teams keep up with the threats happening across the...

Tiny Font Size Fools Email Filters in BEC Phishing

A new business email compromise BEC campaign targeting Microsoft 365 users is using a range of sophisticated obfuscation tactics within phishing emails that can fool natural language processing filters and are undetectable to end users. Researchers at Avanan, a CheckPoint company, first discovere...

Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access

A critical security bug in the Citrix Application Delivery Controller ADC and Citrix Gateway could allow cyberattackers to crash entire corporate networks without needing to authenticate. The two affected Citrix products formerly the NetScaler ADC and Gateway are used for application-aware traffi...

Massive Zero-Day Hole Found in Palo Alto Security Appliances

Researchers have developed a working exploit to gain remote code execution RCE via a massive vulnerability in a security appliance from Palo Alto Networks PAN, potentially leaving 10,000 vulnerable firewalls with their goods exposed to the internet. The critical zero day, tracked as CVE 2021-3064...

Android Spyware Poses Pegasus-Like Threat

Researchers discovered new Android spyware that provides similar capabilities to NSO Group’s Pegasus controversial software. Called PhoneSpy, the mobile surveillance-ware has been spotted activity targeting South Koreans without their knowledge. PhoneSpy disguises itself as a legitimate applicati...

Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs

Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important. The flaws are found in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge Chromium-based, Exchange Server,...

Not Punny: Angling Direct Breach Cripples Retailer for Days

The U.K.’s largest fishing retailer, Angling Direct, experienced a system breach on Nov. 5 that resulted in their domain being redirected to Pornhub. The jokes almost wrote themselves, but days later the site is still down and the extent of the damage to the company’s bottom line is remains uncle...

12 New Flaws Used in Ransomware Attacks in Q3

A dozen new vulnerabilities were used in ransomware attacks this quarter, bringing the total number of bugs associated with ransomware to 278. That’s a 4.5 percent increase over Q2, according to researchers. Five of the newbies can be used to achieve remote code execution RCE, while two can be us...

The New Frontier of Enterprise Risk: Nth Parties

By Ran Nahmias, Co-Founder and CBO, Cyberpion The concept of risk in enterprise IT is constantly evolving. And considering recent findings, it’s clear that there’s a risk frontier that’s been underestimated – Nth party risk. Traditional enterprise risk management has focused on two domains:...

Security Tool Guts: How Much Should Customers See?

Many cybersecurity tools use engines that calculate risk for events in customer environments. The accuracy of these risk engines is a major concern for customers, since it determines whether an attack is detected or not. Therefore, organizations often request visibility into how a risk engine...

Robinhood Trading Platform Data Breach Hits 7M Customers

Investor trading app company Robinhood Markets has confirmed a data breach that affects the personal information of about 7 million customers – roughly a third of its user base. A cyberattacker made off with emails and more, which could lead to follow-on attacks for Robinhood customers. The tradi...

Multiple BusyBox Security Bugs Threaten Embedded Linux Devices

Researchers have discovered 14 critical vulnerabilities in a popular program used in embedded Linux applications, all of which allow for denial of service DoS and 10 that also enable remote code execution RCE, they said. One of the flaws also could allow devices to leak info, according to...

REvil Affiliates Arrested; DOJ Seizes $6M in Ransom

International law enforcement is squeezing REvil affiliates out of hiding, but the underground is shrugging it off: They know that Russia won’t touch a hair on the heads of the Russian-speaking ransomware operators, experts say. On Monday, Europol announced the arrest of a total of seven suspecte...

DDoS Attacks Shatter Records in Q3, Report Finds

The third quarter saw the sheer volume of distributed denial-of-service DDoS attacks surge to several thousand hits per day, signaling a re-distribution of tactics by malicious actors away from cryptomining and toward the use of DDoS as a tool of intimidation, disinformation and straight-up...

Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs

Three separate threat groups are all using a common initial access broker IAB to enable their cyberattacks, according to researchers – a finding that has revealed a tangled web of related attack infrastructure underpinning disparate and in some cases rival malware campaigns. The BlackBerry Resear...

Zoho’s ManagedEnginePassword Manager Flaw Torched by Godzilla Webshell, New Data Stealer

A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far technology,...

Native Tribal Casinos Taking Millions in Ransomware Losses

Ransomware groups have made millions off attacks on native tribal casinos in the U.S., just over the past few months. A notification issued by the Federal Bureau of Investigation FBI cybercrime unit, according to a new report from Bleeping Computer, said that ransomware attacks on tribal casinos...

BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released

The embargo period is over for a proof-of-concept PoC tool to test for the recently revealed BrakTooth flaws in Bluetooth devices, and the researchers who discovered them have released both the test kit and full exploit code for the bugs. BrakTooth is a collection of flaws affecting commercial...

Beyond the Basics: Tips for Building Advanced Ransomware Resiliency

The rate at which ransomware attacks occur is rapidly increasing. Not only have we witnessed the rise in the frequency of these attacks, but have also seen them evolve into more sophisticated, successful and damaging events. The potential monetary gain from a ransomware attack is now so lucrative...

Google Ads for Faux Cryptowallets Net Scammers At Least $500K

Crypto-thieves are buying Google Ads to target victims with fake wallets, which steal credentials and drain balances. So far, it looks like the cybercrooks have made off with more than $500,000 and counting. The ads serve links to purportedly download popular cryptowallets Phantom and MetaMask,...

Proofpoint Phish Harvests Microsoft O365, Google Logins

Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims’ Microsoft Office 365 and Google email credentials. According to researchers at Armorblox, they spotted one such campaign lobbed at an unnamed global communications company, with nearly a thousan...

Feds Offer $10 Million Bounty for DarkSide Info

The federal government has upped the ante in its fight against ransomware by offering a $10 million reward for information leading to the identification or location of leaders of the DarkSide ransomware group. The U.S. Department of State unveiled the reward on Thursday, adding a $5 million rewar...

US Bans Trade With Pegasus Spyware Maker

NSO Group – the Israeli-based maker of the notorious, military-grade Pegasus spyware that’s been linked to cyberattacks against dissidents, activists and NGOs and murders of journalists at the hands of repressive regimes – has been blacklisted by the United States. NSO Group is one of four spywar...

3 Guideposts for Building a Better Incident-Response Plan

The COVID-19 pandemic has highlighted the pressing need for security organizations to implement a structured, detailed and well-practiced incident-response plan. While the walls of organizations have extended from corporate offices to employee living rooms, security-control effectiveness has...

Free Discord Nitro Offer Used to Steal Steam Credentials

There’s a new scam making the rounds on Discord, through which cybercriminals can harvest Steam account information and make off with any value it contains. Gamer-aimed Discord scams are just about everywhere. But researchers flagged a new approach as noteworthy because it crosses over between...

Critical Linux Kernel Bug Allows Remote Takeover

A critical heap-overflow security vulnerability in the Transparent Inter Process Communication TIPC module of the Linux kernel could allow local exploitation and remote code execution, leading to full system compromise. TIPC is a peer-to-peer protocol used by nodes within a Linux cluster to...

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar

A new Magecart threat actor is stealing people’s payment card info from their browsers using a digital skimmer that uses a unique form of evasion to bypass virtual machines VM so it targets only actual victims and not security researchers. The Malwarebytes team discovered the new campaign, which...

Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign

The Mekotio Latin American banking trojan is bouncing back after several of the gang that operates it were arrested in Spain. More than 100 attacks in recent weeks have featured a new infection routine, indicating that the group continues to actively retool. “The new campaign started right after...