‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks

A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in a Wednesday report that they spotted...

Predicting the Next OWASP API Security Top 10

As a long-time OWASP member and application security practitioner, I wanted to share my thoughts on how the newly released OWASP Web App Top 10 might impact or influence the updates to the API Security Top 10, last released back in December 2019. These lists cover the most common causes for...

Report: BlackMatter Ransomware Gang Goes Dark, Again

The prolific ransomware group that rose from the ashes of DarkSide appears to be going dark—again. BlackMatter said it will shut down due to increased pressure from authorities, according to a message posted on its website. VX-Underground, which aggregates a collection of malware source code,...

Squid Game Crypto Scammers Rip Off Investors for Millions

Players in the Squid Game cryptocurrency market have been eliminated — at least their investment has — by what cryptocurrency watchers have called a classic “rug-pull” scam. When SQUID tokens were first released last week, they were valued at a paltry $0.01 but promised entry into a game with the...

Ransomware Gangs Target Corporate Financial Activities

Ransomware gangs are zeroing in on publicly held companies with the threat of financial exposure in an effort to encourage ransom payments, the FBI is warning. In an alert issued this week PDF, the Bureau said that activity over the course of the past year shows a trend toward targeting companies...

Android Patches Actively Exploited Zero-Day Kernel Bug

Among Google’s November Android security updates is a patch for a zero-day weakness that “may be under limited, targeted exploitation,” the company said. Out of this month’s batch of 39 patches, 18 of them plug flaws in the framework and system components and another 18 address vulnerabilities in...

Apple macOS Flaw Allows Kernel-Level Compromise

Apple has patched a vulnerability in macOS can allow attackers to bypass a key OS protection and install a malicious rootkit to perform arbitrary operations on a device, researchers from Microsoft have discovered. The problem—dubbed “Shrootless”–is associated with a security technology called...

Office 365 Phishing Campaign Abuses Stolen Amazon SES Token

A surge in spearphishing emails designed to steal Office 365 credentials include some that were rigged to look like they came from major brands, including Kaspersky. According to a Kaspersky security bulletin posted Monday, two phishing kits identified as “Iamtheboss” and “MIRCBOOT’ are being use...

Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion

Demanding payment in exchange for not publicly disclosing a vulnerability isn’t the same as a bug bounty program; it’s extortion. A 30-year-old alleged sports content pirate in Minneapolis, Minn., has found himself on the receiving end of a criminal complaint alleging that he not only stole user...

‘Trojan Source’ Hides Invisible Bugs in Source Code

Researchers have found a new way to encode potentially evil source code, such that human reviewers see a harmless version and compilers see the invisible, wicked version. Named “Trojan Source attacks,” the method “exploits subtleties in text-encoding standards such as Unicode to produce source co...

Google Chrome is Abused to Deliver Malware as Legit Windows 10 App

Crooks behind a newly identified malware campaign are targeting Windows 10 with malware that can infect systems via a technique that cleverly bypasses Windows cybersecurity protections called User Account Control UAC. Researchers from Rapid7 recently identified the campaign and warn the goal of t...

All Sectors Are Now Prey as Cyber Threats Expand Targeting

Ransomware doesn’t discriminate – today, every sector faces risks. But we are seeing changes in which sectors are being targeted the most. For instance, while healthcare and education have long been considered the most heavily attacked, that’s shifting. In the latest FortiGuard Labs Global Threat...

Suspected REvil Gang Insider Identified

He lolls around on yachts, wears a luxury watch with a Bitcoin address engraved on its dial, and is suspected of buying it all with money he made as a core member of the REvil ransomware gang. The showy billionaire goes by “Nikolay K.”on social media, and German police are hoping he’ll cruise out...

UPDATE: EU’s Green Pass Vaccination ID Private Key Leaked or Forge

As of Thursday morning Eastern time, Adolf Hitler and Mickey Mouse could still validate their digital Covid passes, SpongeBob Squarepants was out of luck, and the European Union was investigating a leak of the private key used to sign the EU’s Green Pass vaccine passports. Two days earlier, on...

Grief Ransomware Targets NRA

A ransomware group tied to Russia claims to have stolen data from the National Rifle Association NRA in a ransomware attack on the controversial gun-rights group, which has declined to comment on the situation. The Grief ransomware gang listed the NRA as a victim of its nefarious activity on its...

WordPress Plugin Bug Lets Subscribers Wipe Sites

Researchers have discovered a homicidal WordPress plugin that allows subscribers to wipe sites clean of content. The high-severity security flaw is found in Hashthemes Demo Importer, a plugin that’s used in more than 8,000 active installations. According to security researchers at Wordfence, the...

Ransomware Attacks Are Evolving. Your Security Strategy Should, Too

Ransomware is an intensifying problem for all organizations, and it’s only going to get worse. What started as a floppy disk-based attack with a $189 ransom demands has grown from a minor inconvenience for organizations into a multi-billion dollar cybercrime industry. The organizational threat of...

Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam

During the early days of the pandemic, while the rest of the world was stress streaming and working on sourdough starter, an ambitious teen stuck in his bedroom decided to set up a fake “Love2Shop” gift card site to harvest people’s payment information, invest the stolen money in cryptocurrency a...

Adobe’s Surprise Security Bulletin Dominated by Critical Patches

Adobe has dropped a mammoth out-of-band security update this week, addressing 92 vulnerabilities across 14 products. The majority of the disclosed bugs are critical-severity problems, and most allow arbitrary code execution ACE. Privilege escalation, denial-of-service and memory leaks/information...

War-Driving Technique Allows Wi-Fi Password-Cracking at Scale

War-driving – the process of driving around mapping residential Wi-Fi networks in hopes of finding a vulnerability to exploit – can still pay off for attackers, apparently: A CyberArk researcher recently found he could easily slice open about 70 percent of Wi-Fi network passwords in one Tel Aviv...

Apple Patches Critical iOS Bugs; One Under Attack

Apple lovers who haven’t yet updated to iOS 15, you may want to pop into Settings to freshen up your iPhone now: Apple has released several critical security updates that might light a fire under your britches. On Monday and Tuesday, Apple released iOS 14.8.1, iPadOS 14.8.1, watchOS 8.1 and tvOS...

Cyberattack Cripples Iranian Fuel Distribution Network

An attack on the fuel distribution chain in Iran reportedly forced the shutdown of a network of filling stations Tuesday, leaving motorists stranded at pumps across the country and unable to fill up their tanks. The incident disabled government-issued electronic cards providing subsidies that man...

Cyber Attack Cripples Iranian Fuel Distribution Network

An attack on the fuel distribution chain in Iran reportedly forced the shutdown of a network of filling stations Tuesday, leaving motorists stranded at pumps across the country and unable to fill up their tanks. The incident disabled government-issued electronic cards providing subsidies that man...

SquirrelWaffle Loader Malspams, Packs Qakbot, Cobalt Strike

SquirrelWaffle, a new malware loader, is mal-spamming malicious Microsoft Office documents to deliver Qakbot malware and the penetration-testing tool Cobalt Strike – two of the most common threats regularly observed targeting organizations around the world. Cisco Talos researchers said on Tuesday...

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure

The inexorable movement of data and applications to the cloud that began several years ago and accelerated during the pandemic shows no signs of slowing down. The rationale for this transformation is driven by a desire to outsource non-critical functions building and maintaining data centers,...

Lazarus Attackers Turn to the IT Supply Chain

Lazarus – a North Korean advanced persistent threat APT group – is working on launching cyberespionage-focused attacks on supply chains with its multi-platform MATA framework. The MATA malware framework can target three operating systems: Windows, Linux and macOS. MATA has historically been used ...

Why the Next-Generation of Application Security Is Needed

By David Brumley Software is revolutionizing the way the world operates. From driverless cars to cryptocurrency, software reimagines possibilities. With software standing at the core of everything we do, we find ourselves pushing out code faster than ever. Current estimates show that there are mo...

Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware

Musical instruments, motorcycle parts and now malware — Craigslist really does have it all. The Craigslist internal email system was hijacked by attackers this month to deliver convincing messages, ultimately aimed at avoiding Microsoft Office security controls in order to deliver malware. Sent...

Mozilla Firefox Blocks Malicious Add-ons Installed by 455K Users

Mozilla’s Firefox team has blocked add-ons that were abusing the proxy API in order to prevent around 455,000 users from updating their browsers. In a Monday post, Mozilla’s development team members Rachel Tublitz and Stuart Colville said that they’d discovered the misbehaving add-ons in early...

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

Threat actors are using malicious Android apps to scam users into signing up for a bogus premium SMS subscription service, which results in big charges accruing on their phone bills. Jakub Vavra from the threat operations team of security firm Avast uncovered the campaign, which he dubbed UltimaS...

Defending Assets You Don’t Know About Against Cyberattacks

Back in the 90s, we all used to build massive firewalls around our systems and spent our day-to-day resources looking for holes to patch. In theory, an impenetrable wall around everything you own is a great idea, because it protects even the things you’ve forgotten about. However, if a wall is yo...

Groove Calls for Cyberattacks on US as REvil Payback

UPDATE: Subsequent reporting and disclosures show “Groove” was a hoax intended to lure media outlets into reporting on fake potential threats against U.S. government interests. Threatpost regrets falling for a troll. Lesson learned and apologies to our readers. Following the recent international...

BQE Web Suite Billing App Rigged to Inflict Ransomware

Threat actors have been caught exploiting a now-patched zero-day critical vulnerability in a popular timeclock and billing system, to take over vulnerable servers and inflict companies’ networks with ransomware. Discovered by Huntress Labs earlier this month, the ongoing attacks focus on an...

BillQuick Billing App Rigged to Inflict Ransomware

Threat actors have been caught exploiting a now-patched zero-day critical vulnerability in a popular timeclock and billing system, to take over vulnerable servers and inflict companies’ networks with ransomware. Discovered by Huntress Labs earlier this month, the ongoing attacks focus on an...

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks

The SolarWinds attackers – an advanced persistent threat APT known as Nobelium – have started a new wave of supply-chain intrusions, this time using the technology reseller/service provider community to attack their targets. The activity has affected victims in North America and Europe thus far,...

CISA Urges Sites to Patch Critical RCE in Discourse

Discourse – the ultra-popular, widely deployed open-source community forum and mailing list management platform – has a critical remote code-execution RCE bug that was fixed in an urgent update on Friday. Tracked as CVE-2021-41163, the flaw is found in Discourse versions 2.7.8 and earlier. It’s...

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

The financially motivated cybercrime gang behind the Carbanak backdoor malware, FIN7, has hit upon a genius idea for maximizing profit from ransomware: Hire real pen-testers to do some of their dirty work instead of striking partnerships with other criminals. According to a report from Gemini...

REvil Servers Shoved Offline by Governments

The REvil ransomware gang is unhappy, with its Happy Blog leak site and Tor payment site pushed offline yet again, this time by a multi-country battering ram. Relying on input from three private-sector cyber-experts working with the U.S. and one former official, Reuters reported on Thursday that...

Cisco SD-WAN Security Bug Allows Root Code Execution

Cisco SD-WAN implementations are vulnerable to a high-severity privilege-escalation vulnerability in the IOS IE operating system that could lead to arbitrary code execution. Cisco’s SD-WAN portfolio allows businesses of all sizes to connect disparate office locations via the cloud using various...

Threat Actors Abuse Discord to Push Malware

Threat actors are abusing the core features of the popular Discord digital communication platform to persistently deliver various types of malware—in particular remote access trojans RATs that can take over systems–putting its 150 million users at risk, researchers have found. RiskIQ and CheckPoi...

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

The launch of a standing offer to pay for Windows virtual private network VPN software zero-day exploits came to light this week, even as the U.S. mulls new regulations on the export of tools that could be used in cyberattacks against the U.S. or its interests. The developments signal that the U....

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

The criminal threat group known as TA551 has added the Sliver red-teaming tool to its bag of tracks – a move that may signal ramped up ransomware attacks ahead, researchers said. According to Proofpoint researchers, TA551 aka Shathak has been mounting cyberattacks that start with email thread...

Gigabyte Allegedly Hit by AvosLocker Ransomware

The AvosLocker ransomware gang is claiming that it breached tech giant Gigabyte and has leaked a sample of what it claims are files stolen from the Taiwanese company’s network. It’s offering to sell the rest. On Wednesday, the gang posted a “press release” announcing that it had purportedly gutte...

Why is Cybersecurity Failing Against Ransomware?

Yes, security is hard – no one is ever 100 percent safe from the threats lurking out there. But how is it that time and time again, companies – big companies – are continuing to fall for ransomware attacks? Why aren’t we getting any better at preventing them? Let’s explore the main reasons why,...

Ransomware Sinks Teeth into Candy-Corn Maker Ahead of Halloween

The manufacturer of some of Halloween’s most popular sweet treats has been hit with a ransomware attack that disrupted production mere weeks before the candy industry’s biggest holiday. Chicago-based Ferrara Candy Co. confirmed publicly that a cyber-incident that encrypted some of its systems on...

Google Crushes YouTube Cookie-Stealing Channel Hijackers

Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on the ripped-off channels. In a Wednesday post, Ashley Shen, with Google’s Threat Analysis Group TAG, said that TAG attributes the assaults to a group of attackers recruit...

VPN Exposes Data for 1M Users, Leading to Researcher Questioning

Free virtual private network VPN service Quickfox, which provides access to Chinese websites from outside the country, exposed the personally identifiable information PII of more than a million users in just the latest high-profile VPN security failure. The incident has some security practitioner...

‘Lone Wolf’ APT Uses Commodity RATs

An APT described as a “lone wolf” is exploiting a decades-old Microsoft Office flaw to deliver a barrage of commodity RATs to organizations in India and Afghanistan, researchers have found. Attackers use political and government-themed malicious domains as lures in the campaign, which targets...

Employees Make Best Frontline Phishing Defense

The cybersecurity good news and bad news about phishing attacks is employees can be an enterprise’s weakest link or strongest first line of defense. Yes, we are talking about inboxes, human nature and the increasingly sophisticated number of phishing attacks. The Federal Bureau of Investigation...

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services

An out-of-bounds read vulnerability in the Squirrel programming language lets attackers break out of sandbox restrictions and execute arbitrary code within a Squirrel virtual machine VM, thus giving a malicious actor complete access to the underlying machine. Given where Squirrel lives – in games...