IoT Attacks Skyrocket, Doubling in 6 Months

The first six months of 2021 have seen a more than 100-percent growth in cyberattacks against internet-of-things IoT devices, researchers have found. According to a Kaspersky analysis of its telemetry from honeypots shared with Threatpost, the firm detected more than 1.5 billion IoT attacks – up...

The State of Incident Response: Measuring Risk and Evaluating Your Preparedness

The coronavirus pandemic presented the perfect opportunity for security teams to evaluate the state of their incident-response process. In fact, it highlighted the dire need to implement a more structured, detailed and well-practiced plan to sufficiently support organizations when suffering a...

FIN7 Capitalizes on Windows 11 Release in Latest Gambit

The FIN7 financial cybercrime gang is back, delivering JavaScript backdoors using Word documents themed around the next version of Windows. That’s according to researchers at Anomali, who observed a recent campaign from the group that leveraged six different docs, all referencing “Windows 11 Alph...

Brute-Force Attacks Target Inboxes for Gift Card Data

Threat actors are compromising up to 100,000 inboxes daily in a campaign that targets gift card and customer-loyalty program data in hopes of reselling it or cashing in on freebies, a security researcher has found. The actors behind the scam—outlined in a post by Brian Krebs on Krebs on...

NFT Collector Tricked into Buying Fake Banksy

An attacker was apparently able to breach the site for famed street artist Banksy and sell a fake non-fungible token NFT of the artist’s work for more than $336,000. The fraudster has since returned the ill-gotten cash, less a “transaction fee.” But the incident has delivered an invaluable lesson...

SpyFone & CEO Banned From Stalkerware Biz

The Federal Trade Commission FTC has kicked spyware maker SpyFone out of the surveillance business. The same goes for its CEO, Scott Zuckerman, and Support King LLC, the company behind the stalkerware. In a Wednesday announcement, the FTC slammed SpyFone, calling it a stalkerware app that sold...

Bluetooth Bugs Open Billions of Devices to DoS, Code Execution

Researchers have disclosed a group of 16 different vulnerabilities collectively dubbed BrakTooth, which impact billions of devices that rely on Bluetooth Classic BT for communication. According to an academic paper from the University of Singapore, the bugs are found in the closed commercial BT...

Google Play Sign-Ins Allow Covert Location-Tracking

It’s possible to track someone’s user location via Google Play sign-ins, a researcher has discovered – a potential stalker avenue that, so far, the internet behemoth has yet to address. “With the aid of Google I was able to ‘spy’ on my wife’s whereabouts without having to install anything on her...

Cisco Patches Critical Bug With Public Exploit

Cisco has patched a near-max critical bug in its NFVIS software for which there’s a publicly available proof-of-concept PoC exploit. On Wednesday, Cisco released patches for the flaw – an authentication bypass vulnerability in Enterprise NFV Infrastructure Software NFVIS that’s tracked as...

7 Ways to Defend Mobile Apps, APIs from Cyberattacks

There are two essential elements driving progress in today’s digital-first economy: Mobile applications and the application programming interfaces APIs that allow those applications to communicate and exchange data with each other. The growth in these two technologies has exposed users and their...

WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted

A security vulnerability in WhatsApp’s pic-retouching function could allow an attacker to read sensitive information from the WhatsApp memory, researchers said – so users should be careful whose pics they view and should, of course, update their apps. Disclosed by Check Point Research CPR, the...

Digital State IDs Start Rollouts Despite Privacy Concerns

Apple has unveiled the first eight states that will roll out digital IDs and drivers licenses on its mobile devices, despite critics’ concerns that the introduction of purely digital forms of identification will raise privacy, security and equanimity issues. Arizona and Georgia will be the first...

Comcast RF Attack Leveraged Remotes for Surveillance

More details about a now-patched vulnerability in Comcast’s XR11 voice remotes have emerged, which would have made it easy for a threat actor to intercept radio frequency RF communications between the remote and the set-top box, effectively turning the remote into a surveillance device. The XR11...

Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites

Two vulnerabilities have been found in the Gutenberg Template Library & Redux Framework plugin for WordPress, which is installed on more than 1 million websites. They could allow arbitrary plugin installation, post deletions and access to potentially sensitive information about a site’s...

LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files

After Bangkok Airways disclosed that it had been clobbered by a cyberattack last week, the LockBit 2.0 ransomware gang tossed its own countdown clock in the trash and went ahead and published what it claims are the airline’s encrypted files on its leak site. BleepingComputer posted an image shown...

BEC Scammers Seek Native English Speakers on Underground

Looking for work? Speak fluent English? Capable of convincingly portraying a professional – as in, somebody a highly ranked corporate leader would talk to? If you lack scruples and disregard those pesky things called “laws,” it could be your lucky day: Cybercrooks are putting up help-wanted ads,...

Feds Warn of Ransomware Attacks Ahead of Labor Day

Though lots of people might be taking some time off over the Labor Day weekend, threat actors likely won’t — which means organizations should remain particularly vigilante about the potential for ransomware attacks, the federal government has warned. Citing historical precedence, the FBI and CISA...

Fortress Home Security Open to Remote Disarmament

A pair of vulnerabilities in the Fortress S03 WiFi Home Security System could allow cyberattackers to remotely disarm the system, leaving homes open to unlawful entry. The Fortress platform is a consumer-grade home security system that allows users to mix and match various sensors, IP cameras and...

Cream Finance DeFi Platform Rooked For $29M

Cream Finance is the latest decentralized finance DeFi platform for cryptocurrency trading to take a major financial hit at the hands of hackers, losing nearly $19 million in an attack this week on its “flash loan” feature. The attacker was able to steal nearly $29 million before being discovered...

Proxyware Services Open Orgs to Abuse – Report

Services that allow consumers to resell their own internet bandwidth for profit to businesses that want to resell it are ripe for abuse, according to researchers. The burgeoning business model is growing in popularity with consumers who earn about $1 for every 10GB of their bandwidth shared with...

WooCommerce Pricing Plugin Allows Malicious Code-Injection

A pair of security vulnerabilities in the WooCommerce Dynamic Pricing and Discounts plugin from Envato could allow unauthenticated attackers to inject malicious code into websites running unpatched versions. This can result in a variety of attacks, including website redirections to phishing pages...

QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout

On Monday, QNAP put out two security advisories about OpenSSL remote-code execution and denial-of-service DoS bugs, fixed last week, that affect its network-attached storage NAS devices. The vulnerabilities are tracked as CVE-2021-3711 – a high-severity buffer overflow related to SM2 decryption–...

Top 3 APIs Vulnerabilities: Why Apps are Pwned by Cyberattackers

Application programming interfaces APIs have become the glue that holds today’s apps together. There’s an API to turn on the kitchen lights while still in bed. There’s an API to change the song playing on your house speakers. Whether the app is on your mobile device, entertainment system or garag...

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection

Researchers discovered a novel ransomware emerging on the heels of the ProxyShell vulnerabilities discovery in Microsoft Exchange servers. The threat, dubbed LockFile, uses a unique “intermittent encryption” method as a way to evade detection as well as adopting tactics from previous ransomware...

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform

Hewlett Packard Enterprise HPE is warning a vulnerability in Sudo, an open-source program used within its Aruba AirWave management platform, could allow any unprivileged and unauthenticated local user to gain root privileges on a vulnerable host. Rated high in severity, HPE warns the Sudo flaw...

Army Testing Facial Recognition in Child-Care Centers

Live video feeds of daycare centers are common, but the Army wants to take their kid-monitoring capabilities to the next level. Under a new pilot program being rolled out at a Fort Jackson, S.C. child-care center, the military is looking for service providers to layer commercially available facia...

The Underground Economy: Recon, Weaponization & Delivery for Account Takeovers

This is Part I of a two-part blog series taking readers inside the criminal enterprise that is account-takeover fraud. For part II, please click here. With account takeover ATO attacks on the rise, stopping threat actors in the early phases of the kill chain will help today’s defenders gain an...

Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping

A serious security vulnerability in Microsoft Exchange Server that researchers have dubbed ProxyToken could allow an unauthenticated attacker to access and steal emails from a target’s mailbox. Microsoft Exchange uses two websites; one, the front end, is what users connect to in order to access...

LockBit Gang to Publish 103GB of Bangkok Airways Customer Data

The LockBit ransomware gang has apparently struck again, having purportedly stolen 103GB worth of files from Bangkok Airways and promising to release them tomorrow, on Tuesday. A Dark Web intelligence firm calling itself DarkTracer apparently a separate intel firm than the better-known DarkTrace...

T-Mobile’s Security Is ‘Awful,’ Says Purported Thief

On Thursday, a 21-year-old US citizen claiming to be the attacker who stole data on more than 50 million T-Mobile customers called the telecom’s security “awful.” On Friday, a “humbled” T-Mobile CEO Mike Sievert wiped the egg from his face and apologized for the debacle, the repercussions of whic...

Parallels Offers ‘Inconvenient’ Fix for High-Severity Bug

The makers of Parallels Desktop has released a workaround fix for a high-severity privilege escalation bug that impacts its Parallels Desktop 16 for Mac software and all older versions. Mitigation advice comes five months after researchers first identified the bug in April. Parallels Desktop, now...

Experts: WH Cybersecurity Summit Should Be Followed by Regulation, Enforcement

Cataclysmic breaches and a woeful shortage of a trained cybersecurity workforce prompted the Biden Administration to haul a collection of the biggest names in business into a White House cybersecurity summit this week, to talk about what they plan to do about it. The outcome of the talks falls...

Winning the Cyber-Defense Race: Understand the Finish Line

If you ask organizations about their top objectives, you will likely hear they need to increase visibility, reduce toolsets and adopt automation to counteract the cybersecurity skills gap. And what most don’t realize is that these initiatives are driven by hurdles the industry has created for...

FIN8 Targets US Bank With New ‘Sardonic’ Backdoor

The financially motivated FIN8 cybergang used a brand-new backdoor – dubbed Sardonic by the Bitdender researchers who first spotted it – in attempted but unsuccessful breaches of networks belonging to two unidentified U.S. financial organizations. It’s a nimble newcomer, researchers wrote: “The...

Critical Azure Cosmos DB Bug Allows Full Cloud Account Takeover

A critical security vulnerability in Microsoft’s Azure cloud database platform – Cosmos DB – could have allowed full remote takeover of accounts, with admin rights to read, write and delete any information to a database instance. According to researchers at Wiz, any Azure customer could access...

Ragnarok Ransomware Gang Bites the Dust, Releases Decryptor

Another cybercriminal gang notorious for ransomware attacks has shut down, publishing its decryptor online to allow victims unlock and recover files. The Ragnarok gang, also known as Asnarok, closed up shop this week, publishing the news to their public website, according to a post published...

Top Strategies That Define the Success of a Modern Vulnerability Management Program

The CVE database reported 18,325 vulnerabilities in 2020. To add to this, more than 40% of the vulnerabilities do not even have a CVE identifier assigned, and open vulnerabilities on organizations’ infrastructure are the most widely exploited pain points for malicious attacks – including...

‘Pay Ransom’ Screen? Too Late, Humpty Dumpty – Podcast

Systems actively encrypted? Are they showing a screen that says “pay the ransom?” Too late: At that point, you’re probably toast. A few options, none great: 1. The painful and problematic process of recovery-via-backups if you have them and they work. You’ve tested them, right? No? Sorry: You can...

Man Sues Parents of Teens Who Hijacked Nearly $1M in Bitcoin

When Colorado resident Andrew Schober downloaded the Electrum Atom Bitcoin wallet from Reddit, he also picked up a piece of clipboard hijacking malware that eventually redirected his 16.4552 Bitcoin to a wallet controlled by two teenagers living in the U.K. At today’s price, 16.4552 Bitcoin would...

F5 Bug Could Lead to Complete System Takeover

Application delivery and networking firm F5 released a baker’s dozen of 13 fixes for high-severity bugs, including one that could lead to complete system takeover and hence is boosted to “critical” for customers that run BIG-IP in Appliance Mode, given that an attacker that holds valid credential...

Podcast: Ransomware Up x10; Telecoms Uber Walloped

Year-over-year, ransomware spiked more than tenfold in the first half of 2021, researchers report. According to Fortinet’s latest semiannual FortiGuard Labs Global Threat Landscape Report PDF, released on Monday, the telecommunications sector was the most heavily targeted, followed by government,...

Microsoft Breaks Silence on Barrage of ProxyShell Attacks

Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month. The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange...

Cisco Issues Critical Fixes for High-End Nexus Gear

Cisco Systems released six security patches tied to its high-end 9000 series networking gear ranging in importance from critical, high and medium severity. The most serious of the bugs patched by Cisco rated 9.1 out of 10 could allow a remote and unauthenticated adversary to read or write arbitra...

Win10 Admin Rights Tossed Off by Yet Another Plug-In

It’s not just Razer’s mice and keyboards that gobble up Windows 10’s tip-top, admin-level SYSTEM privileges: A SteelSeries bug also tosses off Windows 10 admin rights if you just plug in a device. … Or, then again, you can save yourself some cash by simply tricking an Android phone into thinking ...

US Media, Retailers Targeted by New SparklingGoblin APT

An emerging international cybergang is broadening its targets to include North American media firms, universities and one computer retailer. The advanced persistent threat APT group is new, according to researchers who dubbed it SparklingGoblin. Also new is a novel backdoor technique, called...

California Man Hacked iCloud Accounts to Steal Nude Photos

A California man impersonated an Apple customer support technician in a socially engineered email campaign that stole people’s iCloud passwords to break into accounts and collected upwards of 620,000 private photos and videos. Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four...

Poly Network Recoups $610M Stolen from DeFi Platform

A threat actor called “Mr. White Hat” has returned the $610 million they stole from the decentralized finance platform Poly Network. The breached company did everything from threaten to sic law enforcement on the attacker on up to its ultimate offer: the position of chief security officer in...

Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day

A never-before-seen, zero-click iMessaging exploit has been allegedly used to illegally spy on Bahraini activists with NSO Group’s Pegasus spyware, according to cybersecurity watchdog Citizen Lab. The digital researchers are calling the new iMessaging exploit FORCEDENTRY. In a report published on...

Custom WhatsApp Build Delivers Triada Malware

Triada malware, both pernicious and persistent, has resurfaced. Its most recent sighting is buried inside an advertising component of a modified version of the popular WhatsApp messenger called FM WhatsApp. The malware, first spotted by researchers at Kaspersky in 2016, is a type of mobile...

Effective Threat-Hunting Queries in a Redacted World

A decade ago, hunting for adversary infrastructure was often as simple as monitoring a domain registrant’s name or phone number in public WHOIS records. As bad actors have moved first toward privacy protection services and then gained further obscurity behind laws such as the General Data...