15946 matches found
Fresh APT Harvester Reaps Telco, Government Data
A previously unseen advanced persistent threat APT group dubbed Harvester by researchers is attacking telcos, IT companies and government-sector targets in a campaign that’s been ongoing since June. According to a Symantec analysis, the group sports a veritable cornucopia of advanced and custom...
Lyceum APT Returns, This Time Targeting Tunisian Firms
The Lyceum threat group has resurfaced, this time with a weird variant of a remote-access trojan RAT that doesn’t have a way to talk to a command-and-control C2 server and might instead be a new way to proxy traffic between internal network clusters. Kaspersky’s Mark Lechtik – senior security...
A Guide to Doing Cyberintelligence on a Restricted Budget
For those in the industry, it comes as no surprise that many cybersecurity programs have been impacted by loss of revenue during the pandemic. From cutting tooling and feed budgets to reduction in staff, it’s been challenging at best. In a recent SANS 2021 survey, “Threat Hunting In Uncertain...
Feds Warn BlackMatter Ransomware Gang is Poised to Strike
Federal authorities are warning businesses to shore up cybersecurity defenses as it carefully monitors the reemergence of the DarkSide ransomware gang, believed responsible for the crippling Colonial Pipeline attack in May 2021. The ransomware-as-a-service gang has regrouped under the moniker...
TA505 Gang Is Back With Newly Polished FlawedGrace RAT
The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherro...
Time to Build Accountability Back into Cybersecurity
In the age of remote work — where hybrid teams work out of offices, houses and coffee shops using a multitude of devices — presents challenges in terms of understanding who’s responsible for ensuring proper cyber-hygiene across the perimeter-less footprint. Suffice it to say that cybersecurity ha...
Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?
A month ago, the FBI, CISA and the U.S. Coast Guard Cyber Command CGCYBER warned that state-backed advanced persistent threat APT actors are likely among those who’d been actively exploiting a critical flaw in a Zoho-owned single sign-on and password management tool since early August. At issue w...
Sinclair Confirms Ransomware Attack That Disrupted TV Stations
Sinclair Broadcast Group, which owns hundreds of local television stations across the U.S., confirmed Monday that it has suffered a ransomware attack. The incident is disrupting its advertising operations, among other things, and spread to many of its owned TV affiliates over the weekend, knockin...
TikTok Serves Up Fresh Gamer Targets
TikTok has made people do all sorts of wild things — eat frozen honey, work on their choreography and even fall for malicious malvertising campaigns. The latest TikTok attacks are getting served to gamers on the platform disguised as “free” or “hacked” versions of games like Among Us, free Steam...
Twitter Suspends Accounts Used to Snare Security Researchers
Twitter has shuttered two accounts – @lagal1990 and @shiftrows13 – specifically used to trick security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. The campaign was first discovered by the Google Threat Analysis Group TAG in January an...
TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
The cybercriminals behind the infamous TrickBot trojan have signed two additional distribution affiliates, dubbed Hive0106 aka TA551 and Hive0107 by IBM X-Force. The result? Escalating ransomware hits on corporations, especially using the Conti ransomware. The development also speaks to the...
Missouri Vows to Prosecute ‘Hacker’ Who Informed State About Data Leak
The St. Louis Post-Dispatch newspaper recently found a huge security blunder: The Missouri educational agency’s site was displaying 100,000+ clearly visible Social-Security numbers for school teachers, administrators and counselors in its HTML source code. The newspaper verified its findings with...
Rickroll Grad Prank Exposes Exterity IPTV Bug
UPDATE When Township High School District 214 in Illinois got rickrolled all at once across its six different schools just before graduation, it was more than a meticulously executed senior prank. Cybersecurity star-in-the-making and recent high-school graduate Minh Duong found, and was able to...
Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack
On Wednesday, Verizon’s Visible – an all-digital, uber-cheap wireless carrier – confirmed what customers have been complaining about on Reddit and Twitter all week: They lost control of their accounts; had their passwords and shipping addresses changed; and some got stuck with bills for pricey ne...
CryptoRom Scammers Rake in $1.4M by Exploiting Apple Enterprise Features
Pyramid-scheme cryptocurrency scammers are exploiting Apple’s Enterprise Developer Program to get bogus trading apps onto their marks’ iPhones. So far, so good: They’ve made off with at least $1.4 million in ill-gotten gains so far. That’s according to Sophos Labs, which observed the scam making...
Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once
A recent report found that two-thirds, or 67 percent, of surveyed organizations have suffered a ransomware attack, about half have been hit multiple times, and 16 percent have been hit three or more times. According to Fortinet’s Global State of Ransomware Report 2021 PDF, released last week, mos...
FreakOut Botnet Turns DVRs Into Monero Cryptominers
Threat group FreakOut’s Necro botnet has developed a new trick: infecting Visual Tools DVRs with a Monero miner. Juniper Threat Labs researchers have issued a report detailing new activities from FreakOut, also known as Necro Python and Python.IRCBot. In late September, the team noticed that the...
Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers
Vulnerabilities in the Brizy Page Builder plugin for WordPress sites could be chained together to allow attackers to completely take over a website, according to researchers. Brizy or Brizy – Page Builder has been installed on more than 90,000 sites. It’s billed as an intuitive website builder fo...
Mandating a Zero-Trust Approach for Software Supply Chains
In the wake of the SolarWinds attack last year, President Biden issued an executive order in May advocating for mandatory software bills of materials, or SBOMs, to increase software transparency and counter supply-chain attacks. For reference, SBOMs are machine-readable documents that provide a...
OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances
Users of OpenSea, the world’s largest digital-collectible marketplace, have found their cryptocurrency wallets ripped off thanks to cyberattackers weaponizing security bugs that allowed them to highjack user accounts. The attacks revolved around boobytrapped art files, which circulated in the for...
30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware
In less time than it takes to get a stuffed crust pizza delivered, a new group called SnapMC can breach an organization’s systems, steal their sensitive data, and demand payment to keep it from being published, according to a new report from NCC Group’s threat intelligence team — no ransomware...
Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs
Today is Microsoft’s October 2021 Patch Tuesday, and it delivers fixes for four zero-day vulnerabilities, one of which is being exploited in a far-reaching espionage campaign that delivers the new MysterySnail RAT malware to Windows servers. Microsoft reported a total of 74 vulnerabilities, three...
Windows Zero-Day Actively Exploited in Widespread Espionage Campaign
Researchers have discovered a zero-day exploit for Microsoft Windows that was being used to elevate privileges and take over Windows servers as part of a Chinese-speaking advanced persistent threat APT espionage campaign this summer. The exploit chain ended with a freshly discovered remote access...
Office 365 Spy Campaign Targets US Military Defense
A new threat actor, dubbed DEV-0343, has been spotted attacking U.S. and Israeli defense technology companies, Persian Gulf ports of entry and global maritime transportation companies with ties to the Middle East. The threat actor’s goal is Microsoft Office 365 account takeovers. Microsoft, which...
Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug
Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution RCE zero-day vulnerability that’s being actively exploited. Within hours, a security researcher had picked the bug apart and published both proof-of-concept code and an explanation of the...
Incident Response: 5 Principles to Boost the Infosec/Legal Relationship
As an information-security professional, would you feel ready to respond to a state attorney in the event of a cyber-incident? Around half 47 percent of organizations polled for Kroll’s The State of Incident Response 2021 report said that their teams lack clarity around when to engage legal couns...
Navy Warship’s Facebook Page Hacked to Stream ‘Age of Empires’ Gaming
The official Facebook page of a destroyer-class Navy warship, the USS Kidd, has gone rogue: Someone has taken over the page in order to…stream Age of Empires play. Age of Empires is a real-time online multiplayer strategy game in which the objective is to advance one’s civilization. Players “buil...
Twitch Leak Included Emails, Password: Researcher
Twitch users, if you haven’t changed your password yet, go. Now. Do it. 101321 08:45 UPDATE: Your email and password may already have been leaked – unhashed and unencrypted, though it’s not known if the one Twitch set of Twitch credentials are from an internally or externally facing database...
4 Key Questions for Zero-Trust Success
Historically, securing remote access was primarily done using VPNs. However, as enterprises have begun to understand the principles of zero trust, which states that no user may access any data source without first being authenticated, VPNs are proving to be insufficient. The demand for secure...
Canopy Parental Control App Wide Open to Unpatched XSS Bugs
Canopy, a parental control app that offers a range of features meant to protect kids online via content inspection, is vulnerable to a variety of cross-site scripting XSS attacks, according to researchers. The attacks could range from a sneaky kid disabling the monitoring to a much more serious...
VMware ESXi Servers Encrypted by Lightning-Fast Python Script
Researchers have discovered a new Python ransomware from an unnamed gang that’s striking ESXi servers and virtual machines VMs with what they called “sniper-like” speed. Sophos said on Tuesday that the ransomware is being used to compromise and encrypt VMs hosted on an ESXi hypervisor in operatio...
ESPecter Bootkit Malware Haunts Victims with Persistent Espionage
A rare Windows UEFI bootkit malware has been discovered, offering attackers a path to cyber-espionage, researchers are warning. According to ESET, the bootkit’s goal is to install a full featured backdoor on a target PC, which “supports a rich set of commands and contains various automatic data...
Twitch Gets Gutted: All Source Code Leaked
An attacker claims to have ransacked Twitch for everything it’s got, including all of its source code and user-payout information. 100621 14:23 UPDATE: Twitch has confirmed the breach. According to Video Games Chronicle VGC, which first reported the assault on the interactive live-streaming...
IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft
Three vulnerabilities in the IP video-surveillance systems created by Axis Communications could allow arbitrary code execution, among other attacks. That’s according to Nozomi Networks Labs, whose researchers examined the company’s Axis Companion Recorder, a compact network video recorder NVR tha...
Apache Web Server Zero-Day Actively Exploited, Exposes Sensitive Data
Apache Software has quickly issued a fix for a zero-day security bug in the Apache HTTP Server, which was first reported to the project last week. The vulnerability is under active exploitation in the wild, it said, and could allow attackers to access sensitive information. According to a securit...
How to Build an Incident-Response Plan, Before Security Disaster Strikes
In a startling discovery, a recent report found that 98 percent of companies have experienced at least one cloud data breach in the past 18 months, compared to 79 percent last year. The same report disclosed that nearly 60 percent of the 200 CISOs and security decision-makers surveyed considered...
Facebook Blames Outage on Faulty Router Configuration
As of Monday night, Facebook had crawled back from what may have been its longest blackout ever and apologized for the mass outage that left billions of users locked out of Facebook, Instagram, WhatsApp, Messenger and Oculus VR for about six hours. \Sincere\ apologies to everyone impacted by...
Compound DeFi Platform Gives Out $90M
Compound, an Ethereum-based decentralized finance DeFi platform, accidentally gave out $90 million to its users in a botched upgrade. Now, the owners would appreciate it if they gave it back. Compound might even be willing to throw in a 10 percent “reward,” it said. On the flip side, those who...
Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR
As of Monday afternoon, Facebook had been flat on its face for hours, suffering a simultaneous worldwide outage not only on its main site, but also at its Instagram, WhatsApp, Messenger and Oculus VR subsidiaries. We’re aware that some people are having trouble accessing Facebook app. We’re worki...
Encrypted & Fileless Malware Sees Big Growth
A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive. That’s according to WatchGuard Technologies’ latest report on findings within its telemetry, which also found that these detections come primarily...
Transnational Fraud Ring Bilks U.S. Military Service Members Out of Millions
More than 3,300 U.S. military service members, military dependents and civilians employed by the Department of Defense were compromised as part of a transnational cybercrime ring created to defraud them out of $1.5 million in military benefits from the DoD and the Department of Veterans Affairs. ...
MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed
The accounts of at least 6,000 Coinbase customers were robbed of funds after attackers bypassed the cryptocurrency exchange’s multi-factor authentication MFA. According to a notification letter PDF – seen and posted by BleepingComputer, which first reported the story – that Coinbase sent to...
3.1M Neiman Marcus Customer Card Details Breached
Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May 2020. It took 17 months for the retailer to notice. Just...
Flubot Malware Targets Androids With Fake Security Updates
The Flubot banking trojan is using a fake security warning to try to trick Android users into thinking that they’ve already been infected … with Flubot. It’s a lie, but it will become a reality if recipients of the text message fall for it and click on the “install security update” button. “Andro...
New APT ChamelGang Targets Russian Energy, Aviation Orgs
A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at security firm...
Google Emergency Update Fixes Two Chrome Zero Days
Google has pushed out an emergency Chrome update to fix yet another pair of zero days – the second pair this month – that are being exploited in the wild. This hoists this year’s total number of zero days found in the browser up to a dozen. “Google is aware the exploits for CVE-2021-37975 and...
Military’s RFID Tracking of Guns May Endanger Troops
Reports that the military has started outfitting firearms with RFID tags for tracking have raised security alarms. The concern: What if the enemy uses the tags to track soldiers on the battlefield? The Department of Defense, the Marines and the Navy have already rejected the RFID tagging tech for...
Tips & Tricks for Unmasking Ghoulish API Behavior
I was analyzing one of my customer’s API traffic the other day and I noticed something odd about the devices that were using the mobile application API. I found standard browsers like Firefox and Chrome hitting API endpoints that should only be touched by their mobile-application communication. I...
Baby’s Death Alleged to Be Linked to Ransomware
A U.S. hospital paralyzed by ransomware in 2019 will be defending itself in court in November over the death of a newborn, allegedly caused by the cyberattack. As the Wall Street Journal reported on Thursday, the baby’s mother, Teiranni Kidd, gave birth to her daughter, Nicko Silar, on July 16,...
Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts
A sophisticated fraud ring, dubbed Proxy Phantom, has pushed the boundaries of credential-stuffing attacks with a dynamic account takeover ATO technique that was flooding eCommerce merchants in the third quarter. Researchers at Sift uncovered the group, which is innovating in the realm of...