Apple Pay with Visa Hacked to Make Payments via Locked iPhones

An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic te...

Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones

An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The problem is due to unpatched vulnerabilities in both the Apple Pay and Visa systems, according to an academic te...

The Top Ransomware Threats Aren’t Who You Think

While there seem to be legions of ransomware gangs, it turns out that just a handful of ransomware-as-a-service RaaS actors dominate the entire ecosystem of encryption-attack threats. In fact, just three ransomware families, none of them household names, make up 64 percent of all threats detected...

Thousands of University Wi-Fi Networks Expose Log-In Credentials

Multiple configuration flaws in a free Wi-Fi network used by numerous universities can allow access to usernames and passwords of students and faculty who connect to the system from Android and Windows devices, researchers have found. A research team from WizCase, led by researcher Ata Hakçıl,...

Keep Attackers Out of VPNs: NSA, CISA Offer Guidance

Unsecured VPNs can be a hot mess: Just ask Colonial Pipeline which got pwned by the REvil ransomware crooks with an old VPN password or the 87,000 at least Fortinet customers whose credentials for unpatched SSL-VPNs were posted online earlier this month. Vulnerabilities in VPN servers are like...

Keep Attackers Out of VPNs: NSA, CISA Offer Guidance

Unsecured VPNs can be a hot mess: Just ask Colonial Pipeline which got pwned by the REvil ransomware crooks with an old VPN password or the 87,000 at least Fortinet customers whose credentials for unpatched SSL-VPNs were posted online earlier this month. Vulnerabilities in VPN servers are like...

Apple AirTag Zero-Day Weaponizes Trackers

An unpatched stored cross-site scripting XSS bug in Apple’s AirTag “Lost Mode” could open up users to a cornucopia of web-based attacks, including credential-harvesting, click-jacking, malware delivery, token theft and more. That’s according to Bobby Rauch, an independent security researcher who...

GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride

More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.” Zimperium uncovered more than 130...

Conti Ransomware Expands Ability to Blow Up Backups

Good at identifying and obliterating backups? Speak Russian? The notorious Conti ransomware group may find you a fine hiring prospect. That’s according to a report published on Wednesday by cyber-risk prevention firm Advanced Intelligence, which details how Conti has honed its backup destruction ...

‘Tomiris’ Backdoor Linked to SolarWinds Malware

Researchers have discovered a campaign delivering a previously unknown backdoor they’re calling Tomiris. Analysis of the new malware suggests that we may not have heard the last from the Nobelium advanced persistent threat APT behind the sprawling SolarWinds supply-chain attacks of 2020. Namely,...

Threat Actors Weaponize Telegram Bots for ExtortionThreat Actors Weaponize Telegram Bots to Compromise PayPal Accounts

Cybercriminals are using Telegram bots to steal one-time password tokens OTPs and defraud people through banks and online payment systems, including PayPal, Apple Pay and Google Pay, new research has found. Researchers from Intel 471 discovered the campaign, which has been operational since June,...

How to Prevent Account Takeovers in 2021

Data breaches and hacking put internet users at risk of account takeover, if cybercriminals successfully gain access to valid login credentials. There are reckoned to be in excess of 8.4 million discrete passwords currently circulating online, more than 3.5 billion of which are tied to active...

Gamers Beware: Malware Hunts Steam, Epic & EA Origin Accounts

There’s a new cybersecurity threat to gamers: An advanced trojan, dubbed BloodyStealer, has emerged on underground forums and is being used to steal gamer accounts on various platforms, including Steam, Epic Games Store and EA Origin. Demand for stolen gamer data throughout the underground market...

SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

The FinSpy surveillance kit has been driven from its hiding place following an eight-month investigation by Kaspersky researchers. Detections of the spyware trojan have dwindled since 2018, but it turns out that it hasn’t gone away – it’s simply been hiding behind various first-stage implants tha...

Working PoC Is Out for VMware vCenter CVE-2021-22005 Flaw

A fully working exploit for the critical CVE-2021-22005 remote code-execution RCE vulnerability in VMware vCenter is now public and being exploited in the wild. Released on Monday by Rapid7 security engineer William Vu who goes by the Twitter handle wvu, this one’s different from the incomplete...

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

The threat actors behind the notorious SolarWinds supply-chain attacks have dispatched new malware to steal data and maintain persistence on victims’ networks, researchers have found. Researchers from the Microsoft Threat Intelligence Center MSTIC have observed the APT it calls Nobelium using a...

Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

Armorblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email – one coming, weirdly enough, from what looks like a legitimate domain associated with the Baptist religion. At least, the threat actor is sending the phishing attack from...

5 Steps to Securing Your Network Perimeter

When it comes to security, some of tomorrow’s biggest threats will come from yesterday’s vulnerabilities. In that regard, the network perimeter is a primary concern. Network security has been discussed for years, and many best practices are well documented. And yet, according to Positive...

Women, Minorities Are Hacked More Than Others

Lower-income and vulnerable populations are disproportionally affected by cybercrime, according to a new survey, which uncovered that demographics play a big role in how often individuals are targeted. The survey results released Monday from Malwarebytes, Digitunity and Cybercrime Support Network...

EU: Russia Behind ‘Ghostwriter’ Campaign Against Germany

In the wake of cyberattacks targeting the recently held German elections, the European Union has blamed Russia for an ongoing disinformation campaign called “Ghostwriter.” Germany is the latest target in an effort that for years has tried to discredit NATO, and which has both smeared and...

3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale

On its own, the database of 3.8 billion phone numbers leaked from social-media platform Clubhouse didn’t have much value on the underground market. In fact, they were eventually dumped in a hacker forum for free. But an enterprising threat actor has reportedly combined those phone numbers with 53...

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords

Guardicore security researcher Amit Serper has discovered a severe design bug in Microsoft Exchange’s autodiscover – a protocol that lets users easily configure applications such as Microsoft Outlook with just email addresses and passwords. The flaw has caused the Autodiscover service to leak...

TangleBot Malware Reaches Deep into Android Device Functions

An Android malware called TangleBot has weaved its way onto the cyber-scene: One that researchers said can perform a bouquet of malicious actions, including stealing personal info and controlling apps and device functions. According to Cloudmark researchers, the newly discovered mobile malware is...

Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN

Cisco is warning three critical security vulnerabilities affect its flagship IOS XE software, the operating system for most of its enterprise networking portfolio. The flaws impact Cisco’s wireless controllers, SD-WAN offering and configuration mechanisms in use for scads of products. The...

Apple Patches 3 More Zero-Days Under Active Attack

Apple has patched three actively exploited zero-day security vulnerabilities in updates to iOS and macOS, one of which can allow an attacker to execute arbitrary code with kernel privileges. Apple released two updates on Thursday: iOS 12.5.5, which patches three zero-days that affect older versio...

REvil Affiliates Confirm Getting Screwed Out of Payments

A day after news broke about REvil having screwed their own affiliates out of ransomware payments – by using double chats and a backdoor that let REvil operators hijack ransom payments – those affiliates took to the top Russian-language hacking forum to renew their demands for REvil to fork over...

5 Tips for Achieving Better Cybersecurity Risk Management

When thinking about cybersecurity risk management, think about the last time you were comparing health-insurance policies. Each policy offers a means to protect yourself and your family from financial losses e.g. from hospital coverage, and many policies include things that are designed to reduce...

100M IoT Devices Exposed By Zero-Day Bug

A flaw in a widely used internet-of-things IoT infrastructure code left more than 100 million devices across 10,000 enterprises vulnerable to attacks. Researchers at Guardara used their technology to find a zero-day vulnerability in NanoMQ, an open-source platform from EMQ that monitors IoT devic...

FamousSparrow APT Spies on Hotels, Governments

A cyberespionage group dubbed “FamousSparrow” by researchers has taken flight, targeting hotels, governments and private organizations around the world with a custom backdoor called, appropriately, “SparrowDoor.” It’s one of the advanced persistent threats APTs that targeted the ProxyLogon...

Google Report Spotlights Controversial ‘Geofence Warrants’ by Police

Newly released data by Google sheds light on a controversial practice called “geofence warrants”, which describes the practice of law enforcement requesting mobile phone data of users within close proximity of a crime. Google said, in an August report, the number of geofence warrants the company...

Acronis Offers up to $5,000 to users who spot bugs in its cyber protection products

Acronis, the Swiss-Singaporean cyber protection company, has recently opened its long-standing bug bounty program to the public at large – now able to process twice as many reports. Users who discover vulnerabilities in Acronis’ software can earn up to $5,000, as well as additional perks. Through...

Domain Brand Monitor by WhoisXML API: The First Layer of Protection against Brand Impersonators

An alarming 32% of sample domains containing the names of the 10 most-impersonated brands have been found malicious by WhoisXML API researchers. The volume was based on a sample comprising 12,000 possible typosquatting domains and subdomains that made their way into the Domain Name System DNS...

Large-Scale Phishing-as-a-Service Operation Exposed

Microsoft uncovered a large-scale, well-organization and sophisticated phishing-as-a-service PhaaS operation. The turnkey platform allows users to customize campaigns and develop their own phishing ploys so they can then use the PhaaS platform to help with phishing kits, email templates and hosti...

Crystal Valley Farm Coop Hit with Ransomware

Crystal Valley, a Minnesota-based farm supply and grain marketing cooperative, has become the second U.S. agriculture business to be hit with a ransomware attack this week. The company released a statement about the attack on its website on Tuesday afternoon, but as of Wednesday afternoon, the si...

Netgear SOHO Security Bug Allows RCE, Corporate Attacks

A high-severity security bug affecting several Netgear small office/home office SOHO routers could allow remote code execution RCE via a man-in-the-middle MiTM attack. The bug CVE-2021-40847 exists in a third-party component that Netgear includes in its firmware, called Circle – it handles the...

Unpatched Apple Zero-Day Allows Code Execution

A zero-day security vulnerability in Apple’s macOS Finder system could allow remote attackers to trick users into running arbitrary commands, according to researchers – and a silent patch hasn’t fixed it. For those not in the Apple camp, the macOS Finder is the default file manager and GUI...

How REvil May Have Ripped Off Its Own Affiliates

There’s no honor amongst thieves, but this is beyond rude: Malware specialists have found evidence of how REvil’s leadership may have screwed their own affiliates out of their cut of ransomware payouts. Malware specialists researching newly available samples from REvil – aka Sodinokibi, a...

VMware Warns of Ransomware-Friendly Bug in vCenter Server

VMware has released a security update that includes patches for 19 CVE-numbered vulnerabilities that affect the company’s vCenter Server virtualization management platform and its hybrid Cloud Foundation platform for managing VMs and orchestrating containers. They’re all serious, but one –...

TikTok, GitHub, Facebook Join Open-Source Bug Bounty

Tech giants want hackers to take their money, in exchange for rooting out critical vulnerabilities lurking in the open-source code they use. As more businesses rely on open-source software for mission-critical infrastructure, HackerOne, along with sponsors including Elastic, Facebook, Figma,...

Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts

In an unprecedented move, the federal government has sanctioned a cryptocurrency exchange for laundering ransom transactions for cybercriminals and helping them evade law-enforcement activity. As part of its continued hardline against ransomware attacks, the U.S. Department of Treasury has...

Epik Confirms Hack, Gigabytes of Data on Offer

Epik, the domain registrar known for hosting several large right-wing organizations, has confirmed a hack of its systems, a week after attackers branding themselves part of the Anonymous hacktivist collective said that they had obtained and leaked gigabits of data from the hosting company,...

Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?

Hackers are upping their game, using an approach I call “Deep Sea Phishing,” which is the use of a combination of the techniques described below to become more aggressive. To keep pace, cybersecurity innovators have been working diligently to develop tools, techniques and resources to improve...

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

The Turla advanced persistent threat APT group is back with a new backdoor used to infect systems in Afghanistan, Germany and the U.S., researchers have reported. On Tuesday, Cisco Talos researchers said that they’ve spotted infections they attributed to the Turla group aka Snake, Venomous Bear,...

BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom

A ransomware group believed to be the latest incarnation of the infamous DarkSide cybergang is being blamed for taking out a farmers’ cooperative online network, with extortionists demanding $5.9 million in ransom. The group BlackMatter is credited for the attack on an Iowa collective of farmers...

46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe?

By Elad Erez, Chief Innovation Officer, Imperva Is there a day that goes by where you don’t read a news headline about a mega-breach impacting millions of people? It’s an unlikely scenario, particularly at a time when the volume of data breaches are rising by an astonishing 30 percent annually...

Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate

Drivers working for Amazon Delivery Service Partners DSPs are increasingly under constant surveillance for safe driving, monitored by artificial intelligence which awards them a score and generates voice reminders for safe driving. That score is used to award bonuses, promotions and more. Drivers...

Europol Breaks Open Extensive Mafia Cybercrime Ring

International law enforcement has busted up an extensive cybercrime operation run by a gang with ties to the Italian Mafia. The group allegedly used phishing attacks to defraud hundreds of victims. The suspects used various lures to convince victims mostly Italian nationals but also Spanish,...

Payment API Bungling Exposes Millions of Users’ Payment Data

App developers have once again been accused of having butterfingers when it comes to API keys, leaving millions of mobile app users at risk of exposing their personal and payment data. CloudSEK, maker of artificial intelligence- AI- enabled digital threat protection, reported last week that the...

Bring Your APIs Out of the Shadows to Protect Your Business

Pankaj Gupta, Senior Director, Citrix APIs are immensely more complex to secure. What was previously one request to one server has become dozens or hundreds of requests to dozens or hundreds of entities. In the past, you defended one large application with a single front door. Now you must defend...

Porn Problem: Adult Ads Persist on US Gov’t, Military Sites

U.S. military and government website subdomains have a sticky problem: They’re “quite vulnerable” to blackhat SEO tactics that result in persistent redirects to spammy Viagra ads and porn videos. An example is one that showed up on a dot.mil subdomain on the Minnesota National Guard site you can...