Kaseya Obtains Universal Decryptor for REvil Ransomware

Kaseya has obtained a master decryptor key for the REvil ransomware that locked up the systems of at least 60 of its customers in a spate of worldwide cyberattacks on July 2. The attacks, which exploited now-patched zero-days in the Kaseya Virtual System/Server Administrator VSA platform, affecte...

FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics

The Tokyo Olympics, set to open Friday night, are already being targeted by threat actors — however, the Federal Bureau of Investigation’s Cyber Division has issued a chilling warning the Games’ TV broadcast is likely to be plagued by attacks, since it will be the only way to view events now that...

Phish Swims Past Email Security with Milanote Pages

The Milanote app, billed as the “Evernote for creatives” by reviewers, has attracted the notice of cybercriminals who are abusing it to carry out credential-stealing campaigns that skate past secure email gateways SEGs, researchers said. Milanote is a tool for organizing and collaborating on...

Critical Jira Flaw in Atlassian Could Lead to RCE

Atlassian has dropped a patch for a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products, which can lead to arbitrary code execution. Atlassian is a platform that’s used by 180,000 customers to engineer software and manage projects, and...

Industrial Networks Exposed Through Cloud OT

The benefits of using a cloud-based management platform to monitor and configure industrial control systems ICS devices are obvious — efficiency, cost-savings and better diagnostics just for starters. But new research found critical vulnerabilities in these platforms that could be used to paralyz...

Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day

iPhone users, drop what you’re doing and update now: Apple has issued a warning about a ream of code-execution vulnerabilities – some of which are remotely exploitable – and experts are emphatically recommending an ASAP update to version 14.7 of iOS and iPadOS. Unfortunately, you aren’t getting a...

Microsoft Issues Windows 10 Workaround Fix for ‘SeriousSAM’ Bug

A privilege escalation bug, affecting versions of Windows 10, received a workaround fix by Microsoft Wednesday to prevent attackers from accessing data and creating new accounts on compromised systems. The bug, dubbed SeriousSAM, affects the Security Accounts Manager SAM database in all versions ...

NPM Package Steals Chrome Passwords

A credentials-stealing code bomb that uses legitimate password-recovery tools in Google’s Chrome web browser was found lurking in the npm open-source code repository, waiting to be planted within the sprawling galaxy of apps that pull code from that source. Researchers caught the malware filching...

Indictments, Attribution Unlikely to Deter Chinese Hacking

The federal government is fighting back against what it says are China-based cyberattacks against U.S. universities and companies with indictments and a “naming-and-shaming” approach — but researchers aren’t convinced the efforts will come to much in terms of deterring future activity. On Monday,...

Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows

Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers are warning. Argo Workflows is an open-source, container-native workflow engine for orchestrating parallel jobs on Kubernetes – to speed up processing time for compute-intensive jobs like machi...

French Launch NSO Probe After Macron Believed Spyware Target

French lawmakers have launched an investigation into Israeli offensive cybersecurity company NSO Group after they learned French President Emmanuel Macron topped a list of 14 heads of states potentially targeted by the company’s spyware. Amnesty International said Tuesday the French leader was a...

Tracking Malware and Ransomware Domains in 2021

In 2021, the threat of ransomware has loomed large. In many ways, it’s exactly what cybersecurity experts expected and predicted after the major cyber attacks of 2020—including hospital ransomware attacks on a healthcare industry hard-hit by both ransomware and Covid-19. But in other ways, this...

MacOS Being Picked Apart by $49 XLoader Data Stealer

There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on underground markets for as low as $49. It’s not only cheap; it’s easy. The data stealer is distributed in the form of malware-as-a-service MaaS and stands...

Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability

News of a zero-click zero-day in Apple’s iMessage feature being incorporated into the notorious Pegasus mobile spyware from NSO Group has drawn a variety of reactions from the security community, including concerns about the security of Apple’s closed ecosystem, and varying views on NSO Group’s...

Law Firm to the Fortune 500 Breached with Ransomware

Campbell Conroy & O’Neil, P.C. – U.S. law firm to a dazzling array of huge companies – told its star-studded clientele that an intruder may have groped their data. It was hit with ransomware in February and is now suffering the data-breach fallout. That client list spans a slew of industries and...

Why Your Business Needs a Long-Term Remote Security Strategy

When COVID-19 first emerged, companies across all sectors of the economy were forced to rapidly transition to remote work. The goal was simple: Ensuring business continuity in the face of an unprecedented challenge — a challenge that most assumed would come and go in short order. As vaccines...

16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines

Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers also used by Samsung and Xerox, which impacts hundreds of millions of Windows machines. If exploited, cyberattackers could bypass security products; install programs; view, change, encry...

A New Security Paradigm: External Attack Surface Management

Ran Nahmias, Co-founder and CBO, Cyberpion In the past, a web application or online service could be taken at face value by your customers and employees. It was created, developed, and secured by your organization, and every element of the IT infrastructure that supported that service was under...

MosaicLoader Malware Delivers Facebook Stealers, RATs

A never-before-documented Windows malware strain dubbed MosaicLoader is spreading worldwide, acting as a full-service malware-delivery platform that’s being used to infect victims with remote-access trojans RATs, Facebook cookie stealers and other threats. That’s according to Bitdefender...

What’s Next for REvil’s Victims?

Last week, the servers of ransomware giant REvil vanished. Many applauded as dark-web and clear-web sites used to support the backend infrastructure of REvil, aka Sodinokibi, as well as to leak victims’ data, slipped offline early Tuesday morning. Not REvil’s victims, though. They’re now stuck,...

Unpatched iPhone Bug Allows Code Execution

A vulnerability in Apple iOS opens the door to remote code execution RCE, researchers found. The assessment is a revision from a previous understanding of the flaw that viewed it as a low-risk and somewhat wacky denial-of-service DoS problem affecting iPhone’s Wi-Fi feature. Apple fixed the...

Ruthless Attackers Target Florida Condo Collapse Victims

Families mourning the loss of loved ones to the partial collapse of the Champlain Towers South condo building in Surfside, Fla. are now being urged to check the credit of their deceased relatives thanks to a group of heartless hackers targeting victims in a new identity-theft scheme. Apparently,...

Protecting Phones From Pegasus-Like Spyware Attacks

Pegasus spyware from the Israeli firm NSO Group is nearly invisible. It sends messages to compromise targeted phones without setting off any alarm bells to the phone’s user. There’s little you can do to protect yourself, say experts. But little isn’t nothing. Our guest today is Adam Weinberg, whi...

Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections

Israeli-based NSO Group is being blasted in a groundbreaking report that alleges that the company’s controversial Pegasus malware is being used to target activists, journalists, business executives and politicians on a widespread level, using a variety of exploits — including a zero-click zero-da...

Linux Variant of HelloKitty Ransomware Targets VMware ESXi Servers

For the first time, researchers have publicly spotted a Linux encryptor used by the HelloKitty ransomware gang: the outfit behind the February attack on videogame developer CD Projekt Red. On Wednesday, MalwareHunterTeam disclosed its discovery of numerous Linux ELF-64 versions of the HelloKitty...

Top CVEs Trending with Cybercriminals

Criminal small talk in underground forums offer critical clues about which known Common Vulnerabilities and Exposures CVEs threat actors are most focused on. This, in turn, offers defenders clues on what to watch out for. An analysis of such chatter, by Cognyte, examined 15 cybercrime forums...

The Evolving Role of the CISO

Digital technologies have infused every aspect of a business, especially with the shutdown of the physical workplace. The increased interdependence between the physical, digital and cybersecurity worlds demand a leadership position that combines both the technical know-how and the ability to...

Critical Juniper Bug Allows DoS, RCE Against Carrier Networks

A critical remote code-execution vulnerability in Juniper Networks’ Steel-Belted Radius SBR Carrier Edition lays open wireless carrier and fixed operator networks to tampering. The SBR Carrier server is used by telecom carriers to manage policies for how subscribers access their networks – by...

Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware

A set of unique spyware strains created by an Israeli firm and allegedly used by governments around the world to surveil dissidents has been defanged by Microsoft, the software giant said. The private company, called variously Candiru, Grindavik, Saito Tech and Taveta and dubbed “Sourgum” by...

Microsoft: Unpatched Bug in Windows Print Spooler

Microsoft has warned of yet another vulnerability that’s been discovered in its Windows Print Spooler that can allow attackers to elevate privilege to gain full user rights to a system. The advisory comes on the heels of patching two other remote code-execution RCE bugs found in the print service...

Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases

A critical SQL-injection security vulnerability in the WooCommerce e-commerce platform and a related plugin has been under attack as a zero-day bug, researchers have disclosed. The exploitation prompted WooCommerce to release an emergency patch for the issue late on Wednesday. The bug could allow...

Fake Zoom App Dropped by New APT ‘Luminous Moth’

Researchers have spotted a weird one: A newly identified threat actor linked to China that’s first mass-attacking, but then cherry-picking, just a few targets to hit with malware and data exfiltration. Kaspersky researchers said in a Wednesday writeup that they’ve named the advanced threat actor...

SonicWall Warns Firewall Hardware Bugs Under Attack

Security vendor SonicWall is warning customers to patch its enterprise firewall hardware to thwart an “imminent ransomware campaign using stolen credentials” that’s exploiting security holes in current models and those running legacy firmware. Targeted are the company’s Secure Mobile Access SMA 1...

SonicWall Warns Firewall Hardware Bugs Under Attack

Security vendor SonicWall is warning customers to patch its enterprise secure VPN hardware to thwart an “imminent ransomware campaign using stolen credentials” that’s exploiting security holes in current models and those running legacy firmware. Targeted are the company’s Secure Mobile Access SMA...

Safari Zero-Day Used in Malicious LinkedIn Campaign

Threat actors used a Safari zero-day flaw to send malicious links to government officials in Western Europe via LinkedIn before researchers from Google discovered and reported the vulnerability. That’s the word from researchers from Google Threat Analysis Group TAG and Google Project Zero, who...

Cryptominer Farm Rigged with 3,800 PS4s Busted in Ukraine

Authorities in Ukraine have made another cybersecurity bust — this time shutting down what they said is one of the largest underground cryptomining operations ever found. The ring was apparently run by stringing together 3,800 Sony PlayStation 4 PS4 gaming consoles. Cryptominers serve as auditors...

Linux-Focused Cryptojacking Gang Tracked to Romania

A cryptojacking gang that’s likely based in Romania is using a never-before-seen SSH brute-forcer dubbed “Diicot brute” to crack passwords on Linux-based machines with weak passwords. The point of the campaign is mainly to deploy Monero mining malware, Bitdefender researchers said in a report...

Apps Built Better: DevSecOps, a Security Silver Bullet

Security should never be an afterthought when developing software and applications. However, as technological advances continue to take hold, the security tools many rely on are changing in real-time, and combatting potential breaches or hacks of your wares before they arise now requires new...

Trickbot Malware Rebounds with Virtual-Desktop Espionage Module

The Trickbot trojan is in resurgence mode, with its operators filling out infrastructure globally and releasing an updated version of its “vncDll” module, used for monitoring and intelligence gathering, researchers said. According to an analysis this week from Bitdefender, there has been “a...

Updated Joker Malware Floods into Android Apps

The Joker mobile trojan is back on Google Play, with an uptick in malicious Android applications that hide the billing-fraud malware, researchers said. It’s also using new approaches to skirt past Google’s app-vetting process. Joker has been around since 2017, disguising itself within common,...

Windows Hello Bypass Fools Biometrics Safeguards

A vulnerability in Microsoft’s Windows 10 password-free authentication system has been uncovered that could allow an attacker to spoof an image of a person’s face to trick the facial-recognition system and take control of a device. Windows Hello is a feature in Windows 10 that allows users to...

Microsoft Crushes 116 Bugs, Three Actively Exploited

Three bugs under active exploit were squashed by Microsoft Tuesday, part of its July security roundup of fixes for Windows, Microsoft Office, SharePoint Server and Exchange Server. In all, Microsoft patched 116 bugs. Twelve bugs are rated critical, 103 rated important and one classified as modera...

Ransomware Giant REvil Disappears

All of REvil’s Dark Web sites slipped offline as of early Tuesday morning, and it’s not clear whether it’s due to the ransomware gang getting busted or whether the threat actors did it on purpose. The REvil ransomware operation, a.k.a. Sodinokibi, uses both clear web and Dark Web sites to negotia...

Guess Fashion Deals With Data Loss, Post-Ransomware

A February ransomware attack on fashion label Guess linked to Colonial Pipeline attackers DarkSide is still causing damage. Guess has started sending letters to 1,300 employees and contractors who had their personal and banking data exposed during the breach. The letter, published by...

Unpatched, Critical RCE Bug Allows Utility Takeovers

A critical remote code-execution RCE vulnerability in Schneider Electric programmable logic controllers PLCs has come to light, which allows unauthenticated cyberattackers to gain root-level control over PLCs used in manufacturing, building automation, healthcare and enterprise environments. If...

Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader

Eleven critical bugs in Adobe’s popular and free PDF reader, Acrobat, open both Window and macOS users to attacks ranging from an adversary arbitrarily executing commands on a targeted system to data leakage tied to system-read and memory flaws. In a Tuesday security bulletin, which included...

‘Charming Kitten’ APT Siphons Intel From Mid-East Scholars

An Iran-linked advanced persistent threat APT group has taken a scholarly bent with its latest phishing campaign, which involves lengthy chats with professors, think tank higher-ups and journalists focused on Middle Eastern affairs. The threat actor is Charming Kitten – aka a number of names,...

Is Remote Desktop Protocol Secure? It Can Be

Kroll’s Paul Drapeau, Jeff Macko and Isaiah Jensen also contributed to this report. Most of the problems with setting up Remote Desktop Protocol RDP for remote work involves making RDP accessible via the public internet. RDP itself is not a secure setup and therefore requires additional security...

New CISA Director Confirmed, W.H. Gains Cyber-Director

The U.S. has made a key move to shore up its cybersecurity strategy, with the confirmation of Jen Easterly as the director of the Cybersecurity and Infrastructure Security Agency CISA on Monday. Easterly, a former official at the National Security Agency from 2011 to 2013 and two-time Bronze Star...

SolarWinds Issues Hotfix for Zero-Day Flaw Under Active Attack

SolarWinds has issued a hotfix for a zero-day remote code execution RCE vulnerability already under active, yet limited, attack on some of the company’s customers. Microsoft alerted the company about the flaw, which affects its Serv-U Managed File Transfer Server and Serv-U Secured FTP products...