BIOPASS RAT Uses Live Streaming Steal Victims’ Data

Online gambling companies in China are being targeted by a new remote access trojan RAT which, in addition to its predictable features — like file assessment and exfiltration — takes the novel approach of using live streaming to spy on the screens of its victims. The malware was identified by a...

WordPress File Management Plugin Riddled with Critical Bugs

A critical cross-site scripting XSS bug impacts WordPress sites running the Frontend File Manager plugin and allows remote unauthenticated users to inject JavaScript code into vulnerable websites to create admin user accounts. The bug is one of six critical flaws impacting the WordPress plugin...

Critical RCE Vulnerability in ForgeRock OpenAM Under Active Attack

Attackers are actively exploiting a critical, pre-authorization remote-code execution RCE vulnerability in the popular Access Management platform from digital identity management firm ForgeRock. Access Management, a commercial access-management platform, is based on the OpenAM open-source...

Kaseya Patches Zero-Days Used in REvil Attacks

Kaseya made good on its promise to issue patches by July 11. On Saturday, the company behind the Virtual System/Server Administrator VSA platform that got walloped by the REvil ransomware-as-a-service RaaS gang in a massive supply-chain attack released urgent updates to address critical zero-day...

Cyber Polygon 2021

On June 9, 2021, the III annual international online training event Cyber Polygon took place. It connects various global organisations to train their competencies, exchange best practices and bring tangible results to the world community. 200 organizations from 48 countries tested their skills in...

Microsoft Office Users Face Malware-Protection Bypass

Legacy users of Microsoft Excel are being targeted in a malware campaign that uses a novel malware-obfuscation technique to disable Office defenses and deliver the Zloader trojan. The attack, according to research published Thursday by McAfee, marries functions in Microsoft Office Word and Excel ...

Cisco BPA, WSA Bugs Allow Remote Cyberattacks

A set of high-severity privilege-escalation vulnerabilities affecting Business Process Automation BPA application and Cisco’s Web Security Appliance WSA and could allow authenticated, remote attackers to access sensitive data or take over a targeted system. The first two bugs CVE-2021-1574 and...

Lazarus Targets Job-Seeking Engineers with Malicious Documents

The notorious Lazarus advanced persistent threat APT group has been identified as the cybergang behind a campaign spreading malicious documents to job-seeking engineers. The ploy involves impersonating defense contractors seeking job candidates. Researchers have been tracking Lazarus activity for...

Oil & Gas Targeted in Year-Long Espionage Campaign

A sophisticated campaign targeting large international companies in the oil and gas sector has been underway for more than a year, researchers said, spreading common remote access trojans RATs for cyber-espionage purposes. According to Intezer analysis, spear-phishing emails with malicious...

Coursera Flunks API Test in Researchers’ Security Exam

Researchers have discovered multiple application programming interface API issues in Coursera, the online learning platform used by 82 million learners and hundreds of Fortune 500 companies. On Thursday, the Checkmarx Security Research Team published a report on its findings, which included user...

How Fake Accounts and Sneaker-Bots Took Over the Internet

Recently, one of my friends from my submarine days sent me a friend request on Facebook. The weird thing is, I was already connected with this friend. Looking further at the profile, I noticed a few of the same pictures but only 11 friends. So I knew this was some scammer and, being me, I message...

Critical Sage X3 RCE Bug Allows Full System Takeovers

Four vulnerabilities afflict the popular Sage X3 enterprise resource planning ERP platform, researchers found – including one critical bug that rates 10 out of 10 on the CVSS vulnerability-severity scale. Two of the bugs could be chained together to allow complete system takeovers, with potential...

MacOS Targeted in WildPressure APT Malware Campaign

Threat actors known as WildPressure have added a macOS malware variant to their latest campaign targeting energy sector businesses, while enlisting compromised WordPress websites to carry out attacks. Novel malware, initially identified in March 2020 and dubbed Milum, has now been retooled with a...

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing

A Moroccan man suspected of being “Dr HeX” – the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding – has been arrested. Interpol announced the bust – which took place in Morocco in May – on...

Fake Kaseya VSA Security Update Drops Cobalt Strike

A malware spam campaign is milking the Kaseya ransomware attacks against its Virtual System/Server Administrator VSA platform to spread a link pretending to be a Microsoft security update, along with an executable file that’s dropping Cobalt Strike, researchers warn. On Tuesday night, Malwarebyte...

Why I Love (Breaking Into) Your Security Appliances

Amid the Colonial Pipeline and JBS ransomware attacks that sparked shockwaves among media worldwide, news broke that attackers were able to compromise Colonial Pipeline through a legacy VPN account. The account lacked multifactor authentication MFA and wasn’t in active use within the business, a...

Cloud Cryptomining Swindle in Google Play Rakes in Cash

Bogus cryptomining apps for Android available for download on Google Play are estimated to have scammed more than 93,400 victims to date, researchers said, stealing at least $350,000. According to Lookout, the apps – categorized into “BitScam” and “CloudScam” versions – advertise themselves as...

Microsoft Releases Emergency Patch for PrintNightmare Bugs

Microsoft has released an emergency patch for the PrintNightmare, a set of two critical remote code-execution RCE vulnerabilities in the Windows Print Spooler service that hackers can use to take over an infected system. However, more fixes are necessary before all Windows systems affected by the...

Pro-Trump Gettr Social Platform Hacked On Day 1

Gettr, a social media platform set up by allies of former President Donald Trump, was still wet and squirming when it got hacked – twice. The first slap on the rump for the politically conservative platform came in the form of Sonic the Hedgehog-themed porn that flooded it over the Fourth of July...

Android Apps in Google Play Harvest Facebook Credentials

A set of nine malicious Android apps that steal Facebook credentials were found on Google Play, which racked up a collective 5.9 million installations before Google removed them. According to Dr. Web’s malware analysts, the applications were fully functional, so that victims remained in the dark...

Western Digital Users Face Another RCE

Bad news comes in threes, most particularly for Western Digital customers. As if things weren’t bad enough for the untold number of Western Digital customers whose data blinked out of existence last month, there’s another zero-day waiting for whoever can’t or won’t upgrade its My Cloud storage...

Kaseya Patches Imminent After Zero-Day Exploits

UPDATE 3 The worldwide July 2 attacks on the Kaseya Virtual System/Server Administrator VSA platform by the REvil ransomware gang turn out to be the result of exploits for at least one zero-day security vulnerability, and the company is swinging into full mitigation mode, with patches for the...

Kaseya Attack Fallout: CISA, FBI Offer Guidance

The REvil cybergang is taking credit for Friday’s massive ransomware attack against managed service provider Kaseya Ltd. The criminals behind the attack claim it infected 1 million systems tied to Kaseya services and are demanding $70 million in bitcoin in exchange for a decryption key. Federal...

Ransomware Defense: Top 5 Things to Do Right Now

If there is any cyber-threat at the top of everyone’s mind right now, it must be ransomware. Once a “nuisance” threat, ransomware has grown into a layered, multi-billion-dollar industry for attackers. These threat actors are no longer amateurs trying their hand at breaking and entering. Rather, w...

TrickBot Spruces Up Its Banking Trojan Module

The TrickBot trojan is adding man-in-the-browser MitB capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said — potentially signaling a coming onslaught of fraud attacks. TrickBot is a sophisticated and common modular threat known for...

Kubernetes Used in Brute-Force Attacks Tied to Russia’s APT28

U.S. and U.K. authorities are warning that the APT28 advanced-threat actor APT – a.k.a. Fancy Bear or Strontium, among other names – has been using a Kubernetes cluster in a widespread campaign of brute-force password-spraying attacks against hundreds of government and private sector targets...

Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks

The healthcare industry is under attack like never before. What started as a surge in criminal activity during the early days of the coronavirus pandemic has now metastasized into a full-blown crisis within the healthcare industry worldwide. The recent disruptive ransomware attacks on Scripps...

CISA Offers New Mitigation for PrintNightmare Bug

The U.S. government has stepped in to offer a mitigation for a critical remote code execution RCE vulnerability in the Windows Print Spooler service that may not have been fully patched by Microsoft’s initial effort to fix it. To mitigate the bug, dubbed PrintNightmare, the CERT Coordination Cent...

Linux Variant of REvil Ransomware Targets VMware’s ESXi, NAS Devices

UPDATE Cybercriminals behind a string of high-profile ransomware attacks, including one extorting $11 million from JBS Foods last month, have ported their malware code to the Linux operating system. The unusual move is an attempt to target VMware’s ESXi virtual machine management software and...

Defeating Ransomware-as-a-Service? Think Intel-Sharing

The Colonial Pipeline ransomware attack put a glaring spotlight on the ransomware scourge – and, in particular, on the rise of ransomware-as-a-service RaaS. That attack was perpetrated by DarkSide, a RaaS platform that purportedly first surfaced last August. While the group now claims they’re don...

Hacked Data for 69K LimeVPN Users Up for Sale on Dark Web

The VPN provider known as LimeVPN has been hit with a hack affecting 69,400 user records, according to researchers. A hacker claims to have stolen the company’s entire customer database before knocking its website offline Threatpost confirmed that as of press time, the website was down. The stole...

Babuk Ransomware Builder Mysteriously Appears in VirusTotal

The Babuk ransomware gang’s source code has been uploaded to VirusTotal, making it available to all security vendors and competitors. It’s unclear however just how that happened. According to a Wednesday posting from Malwarebytes, the operators of the ransomware – perhaps best-known for hitting t...

Data Exfiltration: What You Should Know to Prevent It

In today’s digitally driven era, data is the most critical component of a business. Companies are collecting more data than ever before, and constantly enhancing their operations through data-driven decisions. As a result, data leaks are a serious concern for companies of all sizes; if one occurs...

LinkedIn’s 1.2B Data-Scrape Victims Targeted by Attackers

Just days after a yet another data-scraping operation aimed at LinkedIn was discovered, evidence has popped up in a popular hacker forum that the vast amount of lifted data is being collated and refined to identify specific targets. This might signal the start of a series of LinkedIn-fueled...

Netgear Authentication Bypass Allows Router Takeover

Netgear has patched three bugs in one of its router families that, if exploited, can allow threat actors to bypass authentication to breach corporate networks and steal data and credentials. Microsoft security researchers discovered the bugs in Netgear DGN-2200v1 series routers while they were...

Ongoing Spearphishing Campaign Targets Afghan Gov’t

Chinese-speaking cyberespionage actors have targeted the Afghan government, using Dropbox for command-and-control C2 communications and going so far as to impersonate the Office of the President to infiltrate the Afghan National Security Council NSC, researchers have found. According to a report...

Indexsinas SMB Worm Campaign Infests Whole Enterprises

The Indexsinas SMB worm is on the hunt for vulnerable environments to self-propagate into, researchers warned – with a particular focus on the healthcare, hospitality, education and telecommunications sectors. Its end goal is to drop cryptominers on compromised machines. Indexsinas, aka...

Why MTTR is Bad for SecOps

Mean time to resolution MTTR is a commonly used metric in the security industry. While it has utility to a business’s risk function, it does not belong in security operations SecOps. First, let us level-set on what reporting is versus metrics. Reporting measures activity and does not drive specif...

Zero-Day Used to Wipe My Book Live Devices

Western Digital will start providing free data-recovery services in July for people whose data was wiped off their network-attached storage NAS devices last week, the company said in an update on Tuesday. The company is also planning to offer a trade-in program to get customers onto the cloud –...

PoC Exploit Circulating for Critical Windows Print Spooler Bug

UPDATE A proof-of-concept for a critical Windows security vulnerability that allows remote code execution RCE was dropped on GitHub on Tuesday – and while it was taken back down within a few hours, the code was copied and is still out there circulating on the platform. The bug CVE-2021-1675 exist...

Feds Told to Better Manage Facial Recognition, Amid Privacy Concerns

Though the federal government widely uses facial recognition for various uses from criminal investigations to collecting traveler data, this use is largely unmonitored and unmanaged — a scenario that must change to protect people’s privacy and avoid inaccurate identification of perpetrators, a...

Users Clueless About Cybersecurity Risks: Study

Organizations are facing yet another unprecedented threat to their cybersecurity now that employees are headed back into offices with their personal devices, lax security hygiene and no clue about some of the most catastrophic attacks in history, such as the Colonial Pipeline shutdown. A new surv...

Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks

Microsoft patched two bugs in its Chromium-based Edge browser last week, one of which could be used by an attacker to bypass security and to remotely inject and execute arbitrary code on any website just by sending a message. That security-bypassing bug, CVE-2021-34506, is rated CVSS 5.4, or...

Details of RCE Bug in Adobe Experience Manager Revealed

Details of an Adobe zero-day bug found in its content-management solution Adobe Experience Manager AEM, which affected customers ranging from Mastercard, LinkedIn and PlayStation, were revealed Monday. The bug, patched in May, allowed hackers to bypass authentication protection and execute code...

Cobalt Strike Usage Explodes Among Cybercrooks

The use of Cobalt Strike – the legitimate, commercially available tool used by network penetration testers – by cybercrooks has shot through the roof, according to Proofpoint researchers, who say that the tool has now “gone fully mainstream in the crimeware world.” The researchers have tracked a...

Data for 700M LinkedIn Users Posted for Sale

A new posting with 700 million LinkedIn records has appeared on a popular hacker forum, according to researchers. Analysts from Privacy Sharks stumbled across the data put up for sale on RaidForums by a hacker calling himself “GOD User TomLiner.” The advertisement, posted June 22, claims that 700...

5G Security Vulnerabilities Fluster Mobile Operators

As 5G private networks roll out in the coming years, security may be a key issue for enterprises. A survey released at Mobile World Congress on Monday shows that major gaps persist in security capabilities among mobile operators. Some 68 percent of operators already sell private wireless networks...

NVIDIA Patches High-Severity GeForce Spoof-Attack Bug

NVIDIA gaming graphics software called GeForce Experience, bundled with the chipmaker’s popular GTX GPU, is flawed and opens the door to a remote attacker that can exploit the bug to steal or manipulate data on a vulnerable Windows computer. NVIDIA notified customers late last week of the bug and...

Attackers Breach Microsoft Customer Service Accounts

The same group behind the SolarWinds supply-chain attacks has been targeting Microsoft’s corporate networks to gain access to specific organizations — primarily, U.S.-based IT and government organizations. Microsoft officially announced the attacks after Reuters obtained an email sent to customer...

Microsoft Signed Malware That Spreads Through Gaming

Microsoft signed a driver being distributed within gaming environments that turned out to be a malicious network filter rootkit. G DATA malware analyst Karsten Hahn first noticed the rootkit, publicly posting the find on June 17 and simultaneously reaching out to Microsoft. Hahn noted that the co...