Critical CISO Initiatives for the Second Half of 2021

As we all know, the coronavirus pandemic has affected CISOs and other security and risk-management leaders worldwide. Some of these leaders are developing and implementing security projects which are designed to simultaneously minimize the risk as well as support remote workers. In talking with o...

Mercedes-Benz Customer Data Flies Out the Window

Ahh, the luxury of Mercedes-Benz cars: The high-end upholstery, plush carpeting, polished wood trim, LED mood lighting. “Even the scent signals that this vehicle is special,” as the automaker sighs. Of course, even a company like Mercedes-Benz can inadvertently fart out customer data. That’s what...

PS3 Players Ban: Victims of Surging Gaming Attacks

A reported breach of a Sony folder containing the serial ID numbers for every PlayStation 3 console appears to have led to users being inexplicably banned from the platform. This is just the latest in a shocking spike in attacks on unsuspecting gamers. Sony reportedly left a folder with every PS3...

FIN7 ‘Pen Tester’ Headed to Jail Amid $1B in Losses

A so-called “pen-tester” for the financial cybergang known as FIN7 will spend seven years in the slammer after being convicted for payment-card theft. According to the Department of Justice, Andrii Kolpakov, a Ukrainian national, was also ordered to pay a tidy $2.5 million in restitution for his...

Cisco ASA Bug Now Actively Exploited as PoC Drops

Researchers have dropped a proof-of-concept PoC exploit on Twitter for a known cross-site scripting XSS vulnerability in the Cisco Adaptive Security Appliance ASA. The move comes as reports surface of in-the-wild exploitation of the bug. Researchers at Positive Technologies published the PoC for...

My Book Live Users Wake Up to Wiped Devices

If you haven’t already, stop reading and go yank your My Book Live storage device offline, lest you join the ranks of those who woke up on Thursday to find that years of data had been wiped clean on devices around the world. Western Digital’s My Book storage device is designed for consumers and...

Hackers Crack Pirated Games with Cryptojacking Malware

A new Monero cryptojacking malware distributed via “cracked” versions of popular online games is wiping out antivirus programs AVs and surreptitiously mining cryptocurrency in more than a dozen countries, researchers have found. Dubbed “Crackonosh,” the malware — which has been active since June...

Spam Downpour Drips New IcedID Banking Trojan Variant

Researchers have seen a new variant of the IcedID banking trojan sliding in via two new spam campaigns. Written in English and carrying .ZIP files full of the malware – or links to such ZIP files – the new twist on the old banking trojan is a tweaked downloader, which the threat actors moved from...

Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims

U.K.-based fashion brand French Connection, which advertises under the acronym “FCUK,” confirmed that it has been compromised by ransomware group REvil. Just hours later, Brazilian medical diagnostics firm Grupo Fleury announced it had the same misfortune. The twin attacks reveal shifting...

Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Ads

YouTube fans have been swindled out of almost $1 million and counting thanks to an extremely convincing fake SpaceX crypto-coin campaign that uses a popular decentralized finance protocol called Uniswap. The scam is rearing its Elon-Musk-themed head in ads on YouTube that show up before and after...

Critical VMware Carbon Black Bug Allows Auth Bypass

VMware has fixed an uber-severe bug in its Carbon Black App Control AppC management server: A server whose job is to lock down critical systems and servers so they don’t get changed willy-nilly. AppC also ensures that organizations stay in continuous compliance with regulatory mandates. This is a...

Tulsa’s Police-Citation Data Leaked by Conti Gang

The city of Tulsa, OK is asking some of its residents to keep a close eye on their personal and financial accounts after the Conti ransomware group leaked some 18,000 city files, mostly police citations, on the dark web. The leak stemmed from a May 6 ransomware attack that caused the city to shut...

Atlassian Bugs Could Have Led to 1-Click Takeover

Atlassian, a platform used by 180,000 customers to engineer software and manage projects, could have been hijacked with a single click due to security flaws, researchers have disclosed. On Thursday, Check Point Research CPR published a report PDF outlining how an attacker could have exploited the...

30M Dell Devices at Risk for Remote BIOS Attacks, RCE

UPDATE A high-severity series of four vulnerabilities can allow remote adversaries to gain arbitrary code execution in the pre-boot environment on Dell devices, researchers said. They affect an estimated 30 million individual Dell endpoints worldwide. According to an analysis from Eclypsium, the...

Iran Media Websites Seized by U.S. in Disinformation Campaign

The Department of Justice has seized the domains of 36 Iranian media sites that officials say weren’t just operating in violation of sanctions, but were part of a widespread government-backed malign-influence operation targeting the U.S. The DoJ said that 33 of the sites are run by the Iranian...

Pandemic-Bored Attackers Pummeled Gaming Industry

Attacks on the gaming industry skyrocketed during the year of the pandemic, with attacks on web applications shooting up 340 percent in 2020. According to Akamai Technologies’ latest State of the Internet and Security report, Gaming in a Pandemic PDF, cyberattack traffic targeting the video game...

Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

A critical security bug in Palo Alto Networks’ Cortex XSOAR could allow remote attackers to run commands and automations in the Cortex XSOAR War Room and to take other actions on the platform, without having to log in. Found internally by Palo Alto, the bug CVE-2021-3044 is an...

REvil Ransomware Code Ripped Off by Rivals

They say imitation is the sincerest form of flattery: The LV ransomware, a strain that cropped up just this spring, turns out to be based on what is most likely pirated REvil ransomware code, according to researchers. A malware analysis of LV from Secureworks Counter Threat Unit CTU found that it...

Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE

An unpatched stored cross-site-scripting XSS security vulnerability affecting Linux marketplaces could allow unchecked, wormable supply-chain attacks, researchers have found. The bug was found to affect Pling-based markets by researchers at Positive Security, including AppImage Hub, Gnome-Look, K...

SonicWall ‘Botches’ October Patch for VPN Bug

UPDATE An October patch for a critical remote code execution RCE bug in a SonicWall VPN appliance turned out to be insufficient. While the patch closed the RCE attack vector, more than 800,000 devices were still vulnerable to an additional memory-leak flaw for months, according to researchers...

BEC Losses Top $1.8B as Tactics Evolve

Business email compromise BEC attacks ramped up significantly in 2020, with more than $1.8 billion stolen from organizations with these types of attacks last year alone — and things are getting worse. BEC attacks are carried out by cybercriminals either impersonating someone inside an organizatio...

Cryptominers Slither into Python Projects in Supply-Chain Campaign

A group of cryptominers was found to have infiltrated the Python Package Index PyPI, which is a repository of software code created in the Python programming language. Similar to other repositories like GitHub, npm and RubyGems, PyPI is part of the software supply chain. It offers a place where...

Email Bug Allows Message Snooping, Credential Theft

Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email...

Kids’ Apps on Google Play Rife with Privacy Violations

About 20 percent of the Top 500 kids’ mobile apps in the Google Play store are collecting data on users in a way that likely violates the Children’s Online Privacy Protection Act COPPA. These have been downloaded by a collective 492 million users, researchers said. That’s according to an analysis...

Lexmark Printers Open to Arbitrary Code-Execution Zero Day

Lexmark printers – those ubiquitous, inky office workhorses that fill homes and offices, and are found all the way on up to the federal government – have an unpatched vulnerability that could lead to serious, easy-to-execute attacks that require neither privileges nor user interaction and which c...

Six Flags to Pay $36M Over Collection of Fingerprints

Theme park operator Six Flags has agreed to pay $36 million to settle a class-action lawsuit over its acquisition of the fingerprint data of visitors to its theme parks. The Illinois Supreme Court ruled in the case Rosenbach v. Six Flags that collecting biometric data at premises’ gates by scanni...

Wegmans Exposes Customer Data in Misconfigured Databases

Wegmans Food Markets, the U.S. supermarket chain, has notified customers that some of their data was exposed because two of its cloud-based databases were misconfigured, making them publicly accessible online. In a publicly posted breach notification letter, Wegmans said that the issue was first...

Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft

Flaws impacting millions of internet of things IoT devices running NVIDIA’s Jetson chips open the door for a variety of hacks, including denial-of-service DoS attacks or the siphoning of data. NVIDIA released patches addressing nine high-severity vulnerabilities including eight additional bugs of...

Embryology Data Breach Follows Fertility Clinic Ransomware Hit

A fertility clinic serving the Atlanta area has been hit with a ransomware attack that also exposed private health information for 38,000 of its patients. Reproductive Biology Associates RBA, along with its affiliate My Egg Bank North America, is a well-known pioneer in in-vitro fertilization IVF...

Agent Tesla RAT Returns in COVID-19 Vax Phish

The Agent Tesla remote access trojan RAT is scurrying around the internet again, this time arriving via a phishing campaign that uses a COVID-19 vaccination schedule as a lure. Spotted by researchers at the Bitdefender Antispam Lab, the attackers are targeting Windows machines using emails with...

iPhone Wi-Fi Crushed by Weird Network

FUD is spreading about a weirdly named personal network that a reverse engineer stumbled across and which he said “permanently” wrecked his iPhone’s Wi-Fi. TL;DR version: The twitching inflicted on his iPhone, which he demonstrated in the 4-second Tweet below, wasn’t permanent. As replies to the...

What’s Making Your Company a Ransomware Sitting Duck

They thought they were all set. They patched the Exchange Server. They ran Microsoft’s testing script to find out whether the server had been exploited. Nope, the test concluded, you’re clean as a whistle. So how did this unnamed organization wind up having been exploited via ProxyLogon? “It turn...

Carnival Cruise Cyber-Torpedoed by Cyberattack

Carnival Corp., the world’s largest cruise-ship operator, has sprung another leak: For the second time in a year, attackers have breached email accounts and accessed personal, financial and health information belonging to guests, employees and crew. Carnival has quite the armada: Its cruise brand...

Insider Versus Outsider: Navigating Top Data Loss Threats

It’s no surprise that cloud adoption has increased considerably in the last year, as organizations sought to adapt to the rapid transition to remote work amid the pandemic. However, what’s shocking is that despite the many advantages cloud and software-as-a-service SaaS applications provide...

‘Oddball’ Malware Blocks Access to Pirated Software

The objective of most malware is some kind of gain — financial or otherwise — for the attackers who use it. However, researchers recently observed a unique malware with a single intent: Blocking the infected computers from visiting websites dedicated to software piracy. The malware which SophosLa...

Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors

Several organizations in the oil, gas and food sectors have received threatening emails from cybercriminals posing as DarkSide – the ransomware gang behind the Colonial Pipeline hack. According to researchers at Trend Micro, threat actors are taking advantage of the notoriety around the pipeline...

Clop Raid: A Big Win in the War on Ransomware?

Yesterday’s noisy raid of the Clop ransomware gang in Ukraine was a major win according to most experts throughout the cybersecurity community, who said the moment marks a shift in the international war on ransomware. The raid, according to Ukrainian reports translated by eSpire analysts, include...

Cisco Smart Switches Riddled with Security Holes

Cisco has flagged and patched several high-severity security vulnerabilities in its Cisco Small Business 220 Series Smart Switches that could allow session hijacking, arbitrary code execution, cross-site scripting and HTML injection. It also issued fixes for high-severity problems in the AnyConne...

Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes

A pair of billing and tech support “vishing” attacks using Geek Squad and Norton Antivirus as cover managed to hit 25,000 mailboxes recently, questing after victims’ credit-card details. Vishing a contraction of “voice phishing” generally involves stealing personal information from victims over t...

CVS Health Records for 1.1 Billion Customers Exposed

More than 1 billion records for CVS Health customers were left in the database of a third-party, unnamed vendor – exposed, unprotected, online. Researchers said the data points revealed could be strung together to create an extremely personal snapshot of someones’s medical situation. The glitch i...

Threat Actors Use Google Docs to Host Phishing Attacks

Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims’ credentials. Researchers at email and collaboration security firm Avanan discovered the campaign, which is th...

Akamai’s DDoS Mitigation Service Triggers Outages

UPDATE Major financial institutions, airlines and the Hong Kong stock exchange were knocked offline by a backfiring distributed denial-of-service DDoS mitigation service Thursday. The hour-long outage, which was triggered at approximately 1 a.m. EST Thursday, is tied to Akamai Technology’s...

IKEA Fined $1.2M for Elaborate ‘Spying System’

IKEA’s French subsidiary was just hit with a $1.2 million fine after it was found guilty of a creepy systematic snooping scheme targeting customers, employees and even prospective hires. Prosecutors said in all, the company illegally surveilled about 400 people in total, according to the BBC. IKE...

Exclusive Ransomware Poll: 80% of Victims Don’t Pay Up

Ransomware is on the rise, but what toll does it take on the real world? Threatpost set out to answer that question in an exclusive poll aimed at taking the pulse of organizations wrestling with attacks, including looking at mitigations and the defenses organizations have in place. When viewed...

Takeaways from the Colonial Pipeline Ransomware Attack

If you feel like you’ve read a lot about ransomware in recent months, it’s because these attacks have indeed intensified. In 2020, ransomware attacks surged by 150 percent, with the average payment size increasing by more than 170 percent. Some of the notable victims include United Health Service...

Euros Football Fever Nets Dumb Passwords

The European soccer championship a.k.a. the Euros is stoking maximum football fever, which has slopped over into easy-to-crack passwords. Such as, say, “football.” That password is of course easy as pie to crack via a dictionary attack – a type of brute-force attack that involves trying thousands...

5 Tips to Prevent and Mitigate Ransomware Attacks

Ransomware attacks cost companies over $100 billion a year. Making matters worse, the overwhelming majority of ransomware attacks now include a threat to leak stolen data if the ransom isn’t paid, a technique called “double extortion.” Cybercriminals like ransomware because the entry barrier is...

Avaddon Ransomware Gang Evaporates Amid Global Crackdowns

Ransomware group Avaddon has decided to shutter its criminal enterprise after landing in the crosshairs of law-enforcement agencies in the U.S. and Australia. Avaddon, a prolific ransomware-as-a-service RaaS provider, released its decryption keys to BleepingComputer — 2,934 in total — with each k...

Researchers: Booming Cyber-Underground Market for Initial-Access Brokers

It’s well known that email is often the gateway for cybercriminals looking to infiltrate a corporate network. But rather than do the heavy lifting themselves, ransomware gangs are buying their way onto networks, partnering with other criminal groups that have already paved the way for entry with...

Peloton Bike+ Bug Gives Hackers Complete Control

The popular Peloton Bike+ and Peloton Tread exercise equipment contain a security vulnerability that could expose gym users to a wide variety of cyberattacks, from credential theft to surreptitious video recordings. According to research from McAfee’s Advanced Threat Research ATR team, the bug no...