15946 matches found
Sneaky New Orbit Malware Backdoors Linux Devices
A sneaky malware for Linux is backdooring devices to steal data and can affect all the processes running on a particular machine, researchers have found. The malware, dubbed Orbit, is unlike other Linux threats in that it steals information from different commands and utilities and then stores th...
U.S. Healthcare Orgs Targeted with Maui Ransomware
Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities. Threat actors from North Korea have been...
Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol
The popular protocol for radio controlled RC aircraft called ExpressLRS can be hacked in only a few steps, according to a bulletin published last week. ExpressLRS is an open-source long range radio link for RC applications, such as first-person view FPV drones. “Designed to be the best FPV Racing...
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens
A prominent Chinese tech CEO has cited human error as the likely reason hackers got their hands on the personal data of 1 billion people in China from a Shanghai police database and then put some of it up for sale on illicit online markets. A government developer wrote a blog post on the China...
Latest Cyberattack Against Iran Part of Ongoing Campaign
Malware used in a crippling cyberattacks against an Iranian steel plants last week is connected to an attack that shut down the country’s rail system last year. In both cases, on malware strain was used to impact physical and critical infrastructure, according to a report from Check Point Researc...
Google Patches Actively Exploited Chrome Bug
While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year. Chrome 103...
ZuoRAT Can Take Over Widely Used SOHO Routers
A novel multistage remote access trojan RAT that’s been active since April 2020 is exploiting known vulnerabilities to target popular SOHO routers from Cisco Systems, Netgear, Asus and others. The malware, dubbed ZuoRAT, can access the local LAN, capture packets being transmitted on the device an...
A Guide to Surviving a Ransomware Attack
Surviving ransomware is possible with a combination of preparation and intentionality. Often, there is a misguided characterization of ransomware attacks that implies defenders either completely thwart an attack or that attackers establish complete control of their targets’ IT infrastructure. But...
Leaky Access Tokens Exposed Amazon Photos of Users
The Amazon Photos app for Android insufficiently protected user access tokens, according to a blog post published on Wednesday. Theoretically, with exposed tokens, an attacker could’ve accessed users’ personal data from a number of different Amazon apps – not just Photos but also, for example,...
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Eighty-two percent of attacks on organizations in Q1 2022 were caused by the external exposure of a known vulnerabilities in the victim’s external-facing perimeter or attack surface. Those unpatched bugs overshadowed breach-related financial losses tied to human error, which accounted for 18...
Top Six Security Bad Habits, and How to Break Them
Cybercrime is on the rise, and attacks are getting faster, more nuanced and increasingly sophisticated. The number of cyberattack-related data breaches rose 27 percent in 2021 — an upward trend that shows no signs of slowing down. Bad security habits, such as using the same password more than onc...
Mitel VoIP Bug Exploited in Ransomware Attacks
Ransomware groups are abusing unpatched versions of a Linux-based Mitel VoIP Voice over Internet Protocol application and using it as a springboard plant malware on targeted systems. The critical remote code execution RCE flaw, tracked as CVE-2022-29499, was first report by Crowdstrike in April a...
‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade
Russia-linked cyber collective Killnet has claimed responsibility for DDoS attacks Monday on the Lithuanian government and other entities in the Baltic country over closure of transit routes within the Russian exclave of Kaliningrad, according to researchers. The threat group warns that it will...
Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
The Cybersecurity and Infrastructure Security Agency CISA and Coast Guard Cyber Command CGCYBER released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway UAG servers. The VMware Horizon is a...
Google Warns Spyware Being Deployed Against Android, iOS Users
Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls. Researchers from Google Threat Analysis Group TAG revealed details in a blog post...
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug
Advanced persistent threat group Fancy Bear is behind a phishing campaign that uses the specter of nuclear war to exploit a known one-click Microsoft flaw. The goal is to deliver malware that can steal credentials from the Chrome, Firefox and Edge browsers. The attacks by the Russia-linked APT ar...
You’ve Been Warned: Overlook Security Basics at Your Peril
Hackers are increasingly capitalizing on our volatile world—there was an increase in coronavirus-related phishing attacks in the pandemic’s early days as well as threats associated with the uptick in telecommuting and remote learning. Russia’s invasion of Ukraine is the latest example, with...
Gamification of Ethical Hacking and Hacking Esports
While ethical hacking is by no means a new or groundbreaking practice, the scale at which organizations and individuals are undertaking such initiatives continues to intensify, especially considering recent events such as the log4j vulnerability. Traditionally, ethical hacking is undertaken by...
Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture
Researchers discovered 56 vulnerabilities affecting devices from 10 operational technology OT vendors, most of which they’ve attributed to inherent design flaws in equipment and a lax approach to security and risk management that have been plaguing the industry for decades, they said. The...
Elusive ToddyCat APT Targets Microsoft Exchange Servers
An advanced persistent threat APT group, dubbed ToddyCat, is believed behind a series of attacks targeting Microsoft Exchange servers of high-profile government and military installations in Asia and Europe. The campaigns, according to researchers, began in December 2020, and have been largely...
The Inevitable Need for Advanced Vulnerability Management
We have read enough and more news in recent times on the surge in cyberattacks. It is crystal clear that attackers are not leaving out even the tiniest of security loopholes and are coming up with smarter ways to invade our IT network. Vulnerability management is the most crucial cyber defense...
The Inevitable Need for Advanced Vulnerability Management
We have read enough and more news in recent times on the surge in cyberattacks. It is crystal clear that attackers are not leaving out even the tiniest of security loopholes and are coming up with smarter ways to invade our IT network. Vulnerability management is the most crucial cyber defense...
Kazakh Govt. Used Spyware Against Protesters
An agent of the Kazakhstan government has been using enterprise-grade spyware against domestic targets, according to Lookout research published last week. The government entity used brand impersonation to trick victims into downloading the malware, dubbed “Hermit.” Hermit is an advanced, modular...
Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack
Researchers are warning attackers can abuse Microsoft Office 365 functionality to target files stored on SharePoint and OneDrive in ransomware attacks. Those files, stored via “auto-save” and backed-up in the cloud, typically leave end users with the impression data is shielded from a ransomware...
Voicemail Scam Steals Microsoft Credentials
Attackers are using an oft-used and still effective lure to steal credentials to key Microsoft apps by sending emails notifying potential victims that they have a voicemail message, researchers have found. A team from Zscaler ThreatLabZ has been monitoring a campaign since May that targets key...
China-linked APT Flew Under Radar for Decade
Researchers have identified a small yet potent China-linked APT that has flown under the radar for nearly a decade running campaigns against government, education and telecommunication organizations in Southeast Asia and Australia. Researchers from SentinelLabs said the APT, which they dubbed Aoq...
7 Key Findings from the 2022 SaaS Security Survey Report
The 2022 SaaS Security Survey Report, in collaboration with CSA, examines the state of SaaS security as seen in the eyes of CISOs and security professionals in today’s enterprises. The report gathers anonymous responses from 340 CSA members to examine not only the growing risks in SaaS security b...
State-Sponsored Phishing Attack Targeted Israeli Military Officials
An advanced persistent threat group, with ties to Iran, is believed behind a phishing campaign targeting high-profile government and military Israeli personnel, according to a report by Check Point Software. Targets of the campaign included a senior leadership in the Israeli defense industry, the...
Ransomware Risk in Healthcare Endangers Patients
In the last two years, COVID-19 has occupied healthcare providers’ minds — rightfully so, considering the pandemic’s tremendous toll on patients. But another threat that causes immense harm gets less attention: ransomware. While ransomware attacks receive lots of headlines, the irreparable damage...
Facebook Messenger Scam Duped Millions
For months now, millions of Facebook users have been duped by the same phishing scam that cons users into handing over their account credentials. According to a report outlining the phishing campaign, the scam is still active and continues to push victims to a fake Facebook login page where victi...
DragonForce Gang Unleash Hacks Against Govt. of India
According to a new advisory from Radware, a hacktivist group called DragonForce Malaysia, “with the assistance of several other threat groups, has begun indiscriminately scanning, defacing and launching denial-of-service attacks against numerous websites in India.” In addition to DDoS, their...
Travel-related Cybercrime Takes Off as Industry Rebounds
Researchers are warning a post-COVID upsurge in travel has painted a bullseye on the travel industry and has spurred related cybercrimes. Criminal activity includes an uptick in adversaries targeting the theft of airline mileage reward points, website credentials for travel websites and...
In Cybersecurity, What You Can’t See Can Hurt You
The dangers to SMBs and businesses of all sizes from cyberattacks are well known. But what’s driving these attacks, and what do cybersecurity stakeholders need to do that they’re not already doing? To answer these questions, we recently analyzed dozens of detailed incident response IR reports fro...
What the New OWASP Top 10 Changes Mean to You?
The Open Web Application Security Project OWASP recently updated its top 10 list of the most critical security risks to web applications after 4 years. It represents the most radical shake up since the list was introduced in 2003. The changes will undoubtedly have a big impact on how businesses...
Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach
Kaiser Permanente suffered a data breach due to email compromise on April 5 that potentially exposed the medical records of nearly 70,000 patients, the company revealed earlier this month. Attackers gained access to the emails of an employee at Kaiser Foundation Health Plan of Washington that...
Linux Malware Deemed ‘Nearly Impossible’ to Detect
A new Linux malware that’s “nearly impossible to detect” can harvest credentials and gives attackers remote access and rootkit functionality by acting in a parasitic way to infect targets, researchers said. Researchers from The BlackBerry Research and Intelligence Team have been tracking the...
Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers
Researchers warn Bluetooth signals can be used to track device owners via a unique fingerprinting of the radio signal. The technique was presented via a paper presented at IEEE Security and Privacy conference last month by researchers at the University of California San Diego. The paper suggests...
U.S. Water Utilities Prime Cyberattack Target, Experts
Industrial controls governing water-related U.S. critical infrastructure are woefully under-estimated as cyberattack targets. The potential for attack, say policymakers, is too great to ignore with consequences potentially devastating to populations. On Wednesday, the Center on Cyber and Technolo...
Potent Emotet Variant Spreads Via Stolen Email Credentials
Emotet’s resurgence in April seems to be the signal of a full comeback for what was once dubbed “the most dangerous malware in the world,” with researchers spotting various new malicious phishing campaigns using hijacked emails to spread new variants of the malware. The “new and improved” version...
Feds Forced Travel Firms to Share Surveillance Data on Hacker
The U.S. government ordered two travel companies to provide information about the movement of a Russian citizen suspected of hacking. The surveillance data was used as part of an investigation by the U.S. Secret Service, according to court documents recently unsealed. The revelation of the extent...
Taming the Digital Asset Tsunami
Internet Protocol IP addresses and the devices, web services and cloud assets behind them are the lifeblood of modern businesses. But too often companies amass thousands of digital assets, creating an unmanageable mess for IT and security teams. Left unchecked, a single forgotten, abandoned or...
Paying Ransomware Paints Bigger Bullseye on Target’s Back
Paying ransomware attackers doesn’t pay off and often paints a bigger target on a victim’s back. Eighty percent of ransomware victims that paid their attackers were hit a second time by the malware scourge. New ransomware numbers come from a Cybereason’s April ransomware survey of 1,456...
Black Basta Ransomware Teams Up with Malware Stalwart Qbot
A newcomer on the ransomware scene has coopted a 14-year-old malware variant to help it maintain persistence on a targeted network in a recent attack, researchers have found. Black Basta, a ransomware group that emerged in April, leveraged Qbot, a.k.a. Quakbot, to move laterally on a compromised...
Cyber Risk Retainers: Not Another Insurance Policy
The one-two punch of a cyberattack can be devastating. There is the breach and then the related mitigation costs. Implementing a comprehensive Incident Response IR gameplan into a worst-case-scenario should not be a post-breach scramble. And when that IR strategy includes insurance, it also must...
Conducting Modern Insider Risk Investigations
Dealing with risks presented by internal users requires a different approach than those from external threats. This shouldn’t be news to anyone, but it does need to be said since it’s not something that always happens in practice. It’s not uncommon to see the cudgels common to blue teams wielded...
Follina Exploited by State-Sponsored Hackers
Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft’s now-patched Follina vulnerability. According to researchers at Proofpoint, state-sponsored hackers have attempted to abuse the Follina vulnerability in Microsoft Office, aiming an email-bas...
Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw
Threat actors are using public exploits to pummel a critical zero-day remote code execution RCE flaw that affects all versions of a popular collaboration tool used in cloud and hybrid server environments and allows for complete host takeover. Researchers from Volexity uncovered the flaw in...
Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again
Ransomware and social engineering continue to dominate challenges facing cybersecurity professionals, according to Verizon’s 15th annual Data Breach Investigations Report DBIR. In general, the results of DBIR merely confirm well-established trends, such as the growing threats of ransomware – up 1...
The Ultimate SaaS Security Posture Management (SSPM) Checklist
Cloud security is the umbrella that holds within it: IaaS, PaaS, and SaaS. Gartner created the SaaS Security Posture Management SSPM category for solutions that continuously assess security risk and manage the SaaS applications’ security posture. With enterprises having 1,000 or more employees...
Evil Corp Pivots LockBit to Dodge U.S. Sanctions
Evil Corp has shifted tactics once again, this time pivoting to LockBit ransomware after U.S. sanctions have made it difficult for the cybercriminal group to reap financial gain from its activity, researchers have found. Researchers from Mandiant Intelligence have been tracking a “financially...