DoJ Charges Rhode Island Woman in Phishing Scheme Against Politicians

The Department of Justice DoJ has charged a woman in Rhode Island in a phishing campaign against candidates for political office and related associates that impersonated various individuals–including campaign workers and the Microsoft security team—in an attempt to trick victims into providing...

Amazon Sidewalk Poised to Sweep You Into Its Mesh

Tweet On June 8, Amazon, the Web giant with tentacles reaching into every nook and cranny of our lives, is going to stretch those tentacles out further by turning all its gadgets into little cell towers so they can help each other out with little slices of bandwidth. It’s created a new Wi-Fi...

Cyber-Insurance Fuels Ransomware Payment Surge

Ransomware victims are increasingly falling back on their cyber-insurance providers to pay the ransom when they’re hit with an extortion cyberattack. But security researchers warn that this approach can quickly become problematic. In the first half of 2020, ransomware attacks accounted for 41...

Where Bug Bounty Programs Fall Flat

Eavesdropping on the chatter of 600+ cybercriminal forums shows that cybercriminals have specific preferences, shown by the flavors of exploits they requisition, and that the bug bounty programs either are too slow, don’t pay enough or are just the start of profit-making. A year-long study into t...

How Mobile Ad Fraud has Evolved in the Year of the Pandemic

The past 18 months have arguably been the most turbulent on record for the mobile industry. The majority of the world spent significant portions of 2020 under some kind of lockdown, with pressure mounting on mobile operators to keep us connected to the outside world, and with each other. This...

Cyberattack Forces Meat Producer to Shut Down Operations in U.S., Australia

The world’s largest meat distributor shut down some operations in both the United States and Australia over the Memorial Day weekend after a cyberattack on its IT systems that could have a significant effect on the food supply chain if not resolved quickly. Attackers targeted several servers...

On the Taxonomy and Evolution of Ransomware

Given the frequency with which “ransomware” appears in news articles, it may be worthwhile to take a step back and actually consider what the term means. Any malware or attack that culminates in extorting ransom from the victim is commonly referred to as ransomware. The general idea is to encrypt...

Hackers Exploit Post-COVID Return to Offices

With COVID-19 restrictions lifting and workers trickling back to offices, threat actors are sharpening their spear phishing ploys. The latest scam includes pelting recipients with emails purportedly from their CIOs welcoming employees back into offices. The emails outline a company’s post-pandemi...

HPE Fixes Critical Zero-Day in SIM

Hewlett Packard Enterprise HPE has fixed a critical zero-day remote code execution RCE flaw in its HPE Systems Insight Manager SIM software for Windows that it originally disclosed in December. HPE SIM is a tool that enables remote support automation and management for a variety of HPE servers,...

Nobelium Phishing Campaign Poses as USAID

The cybercriminal group behind the notorious SolarWinds attack is at it again with a sophisticated mass email campaign aimed at delivering malicious URLs with payloads enabling network persistence so the actors can conduct further nefarious activities. Microsoft Threat Intelligence Center MSTIC...

Building Multilayered Security for Modern Threats

Considering recent announcements of major attacks caused by external malicious actors, including a ransomware attack on a U.S. gasoline pipeline, the need for increased security posture is as important as ever, and multilayered security remains the key. With rampant ransomware attacks and other...

Targeted AnyDesk Ads on Google Served Up Weaponized App

A fake version of the popular remote desktop application AnyDesk, pushed via ads appearing in Google search results, served up a trojanized version of the program. The campaign even bested AnyDesk’s own ad campaign on Google – ranking higher in its paid results. The campaign, active since April 2...

Fujitsu SaaS Hack Sends Govt. of Japan Scrambling

Threat actors have stolen files from several official government agencies of Japan by hacking into Fujitsu’s software-as-a-service SaaS platform and gaining access to its systems. The Japan-based tech giant temporarily disabled ProjectWEB enterprise after learning of the attack, which is known to...

Biden’s Cybersecurity EO: The Wrong Issues

It’s no secret that foreign adversaries are making a concerted effort to target U.S. government agencies and companies. As technology advances and foreign superpowers gain influence, the game is shifting beneath our feet here in the U.S. Motivated in part by the extent and consequences of the...

PDF Feature ‘Certified’ Widely Vulnerable to Attack

Certified portable document format PDF files are used to securely sign agreements between two parties while keeping the contents’ integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of...

VMware Sounds Ransomware Alarm Over Critical Severity Bug

VMware patched a critical bug impacting its vCenter Server platform with a severity rating of 9.8 out of 10. The company said the flaw could allow a remote attacker to exploit its products and take control of a company’s affected system. VMware went a step further on Tuesday, calling on IT securi...

BazaLoader Masquerades as Movie-Streaming Service

There’s a new, fake movie-streaming service in town called BravoMovies, and the offerings are utter garbage. Despite its pretty pictures and fun-sounding titles, it’s got nothing to offer for download besides BazaLoader malware. BazaLoader is a loader used to deploy ransomware or other types of...

‘Privateer’ Threat Actors Emerge from Cybercrime Swamp

A new type of cybercriminal is emerging in a cyber-threat landscape that’s historically been dominated by either state-sponsored threat actors or financially-motivated criminals that are hunted and prosecuted by law enforcement. Dubbed “privateers” by researchers at Cisco Talos Intelligence, thes...

A Peek Inside the Underground Ransomware Economy

Ransomware is not just a type of malware – it’s also at the center of a sophisticated, flourishing underground economy that has all the conventions of legitimate commerce. It’s a community made up of major malware developers, affiliates and channel partners, and those that provide adjacent...

‘Agrius’ APT Launches Wiper Attacks Against Israelis

A new attack group called Agrius is launching damaging wiper attacks against Israeli targets, which researchers said are hiding behind ransomware to make their state-sponsored activities appear financially motivated. Sentinel Labs analysts said they have been tracking Agrius’ operations in Israel...

Trend Micro Bugs Threaten Home Network Security

Three security vulnerabilities have been found in Trend Micro’s Home Network Security systems, which can allow denial of service DoS, privilege escalation, code execution and authentication bypass. The Home Network Security Station is an all-in-one device that scans for vulnerabilities for...

Combatting Insider Threats with Keyboard Security

As cyberattacks snowball and insider threats become an ever-larger part of the problem, it may be time to move beyond purely software-based cyber-defenses. Implementing hardware-based security, like secure keyboards, can be an important part of the mix. Those in IT-leadership roles are well aware...

Bose Admits Ransomware Hit: Employee Data Accessed

High-end audio-tech specialist Bose has disclosed a ransomware attack, which it said rippled “across Bose’s environment” and resulted in the possible exfiltration of employee data. The incident began on March 7, according to a disclosure letter sent to the Attorney General’s Office in New...

Pulse Secure VPNs Get Quick Fix for Critical RCE

Pulse Secure has issued a workaround for a critical remote-code execution RCE vulnerability in its Pulse Connect Secure PCS VPNs that may allow an unauthenticated, remote attacker to execute code as a user with root privileges. Pulse Secure’s parent company, Ivanti, issued an out-of-band advisory...

Apple Patches Zero-Day Flaw in MacOS that Allows for Sneaky Screenshots

Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone’s computer and capture images of their activity within applications or on video conferences without that person knowing. Apple addressed the vulnerability—discovered by researchers at enterprise...

American Express Fined Over Millions of Spam Messages

American Express Services Europe has been fined £90,000 $127,377 by a U.K. regulator, which found the company illegally blasted out 4 million marketing emails to customers who had opted out of receiving them. Critics said the fine, which is nominal for the multi-national financial brand, isn’t...

Reservation System Fixes Easy-to-Exploit XSS Bug

An easy-to-exploit bug impacting the WordPress plugin ReDi Restaurant Reservation allows unauthenticated attackers to pilfer reservation data and customer personal identifiable information by simply submitting a malicious snippet of JavaScript code into the reservation comment field. The bug...

FBI Analyst Indicted for Theft of Osama bin Laden Threat Intel

An FBI analyst with top-secret security clearance illegally squirreled away national-security documents related to Osama bin Laden, al-Qaeda, cybersecurity and more in her home for years, the feds say. Kendra Kingsbury, who was working in the FBI’s Kansas City Division until being put on leave in...

DarkSide Getting Taken to ‘Hackers’ Court’ For Not Paying Affiliates

Cybercriminals who have worked as affiliates with ransomware group DarkSide, responsible for the Colonial Pipeline attack, are having a tough time getting paid for their work now that the group has had its operations interrupted; so, they’re turning to admins of the group’s Dark Web criminal foru...

Building SIEM for Today’s Threat Landscape

It’s easy to see how the changing security landscape has shaped the evolution of the security information and event management SIEM practice area — and how it continues to. But architecting an effective SIEM approach requires a well-thought-out strategy. A combination of security information...

WP Statistics Bug Lets Attackers Lift Sites’ Data

WP Statistics, a plugin installed on more than 600,000 WordPress websites, has an SQL-injection security vulnerability that could let site visitors make off with all kinds of sensitive information from web databases, including emails, credit-card data, passwords and more. WP Statistics, as its na...

Email Campaign Spreads StrRAT Fake-Ransomware RAT

An email campaign is delivering a Java-based remote access trojan RAT that can not only steal credentials and take control of systems, but also presents as fake ransomware, Microsoft researchers have discovered. The Microsoft Security Intelligence MSI team has outlined details of a “massive email...

100M Android Users Hit By Rampant Cloud Leaks

More than 100 million Android users are at risk after 23 different mobile apps were found to leak personal data in the wake of rampant cloud misconfigurations. That’s according to Check Point Research, whose researchers found that emails, chat messages, location data, passwords, photos, personal...

The Gig Economy Creates Novel Data-Security Risks

As businesses strive to move faster and faster, many are adopting a “just-in-time” strategy of spinning up human resources on demand – a phenomenon known as the gig economy, familiar to most via Uber, Instacart or DoorDash. But it’s a concept that enterprises are embracing too – inadvertently...

4 Android Bugs Being Exploited in the Wild

Google updated its May 3 Android security bulletin on Wednesday to say that there are “indications” that four of the 50 vulnerabilities “may be under limited, targeted exploitation.” That was mostly confirmed by Maddie Stone, a member of Google’s Project Zero exploit research group, who clarified...

2021 Attacker Dwell Time Trends and Best Defenses

Cyberattacks have shifted from the usual smash-and-grab type of heists to stealthier campaigns where hackers silently camp out on networks for long periods, stealing anything they can get their hands on. Called attacker dwell time, this is part of an adversarial approach that has become even more...

Apple Exec Calls Level of Mac Malware ‘Unacceptable’

Apple is using the growing threat of malware on its Mac platform as a defense in a lawsuit that could force the company to open up new channels of applications for its mobile iOS platform. In testimony in a California court Wednesday, Apple head of software engineering, Craig Federighi called the...

Can Nanotech Secure IoT Devices From the Inside-Out?

Another day, another incident of internet-of-things IoT gadgets falling flat on their faces and spilling users’ privacy, if not getting hooked into a botnet, used for cryptomining or opening a network backdoor that allows intruders to move laterally through a network. It’s only Wednesday, but...

Microsoft, Google Clouds Hijacked for Gobs of Phish

Threat actors are cashing in on the rapid shift to cloud-based business services during the pandemic, by hiding behind ubiquitous, trusted services from Microsoft and Google to make their email phishing scams look legit. And it’s working. In fact, in the first three months of 2021 alone,...

Keksec Cybergang Debuts Simps Botnet for Gaming DDoS

A recently developed botnet named “Simps” has emerged from the cyber-underground to carry out distributed denial-of-service DDoS attacks on gaming targets and others, using internet of things IoT nodes. It’s part of the toolset used by the Keksec cybercrime group, researchers said. According to t...

Windows PoC Exploit Released for Wormable RCE

A researcher has released a proof-of-concept PoC exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack http.sys that could lead to wormable remote code execution RCE. Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch...

Bug Exposes Eufy Camera Private Feeds to Random Users

Owners of Eufy home security cameras were warned this week of an internal server bug that allowed strangers to view, pan and zoom in on their home-video feeds for approximately one day. Inversely, customers were also suddenly given access to do the same to other users. The SNAFU, according to...

Scammers Pose as Meal-Kit Services to Steal Customer Data

Attackers are piggybacking off the booming market for meal-kit delivery services since the pandemic, and sending SMS phishing messages doctored up to look like they’re legitimate correspondence from popular brand names — including HelloFresh and Gousto. This is just another example of why the wor...

Stalkerware Apps Riddled with Security Bugs

Android stalkerware apps – used to surreptitiously track people’s movements and digital activities – turn out to themselves be rife with security holes that put victims in even danger. Stalkerware can track the GPS location of a victim’s device, record conversations, capture images and snoop on...

It’s Time to Prepare for a Rise in Insider Threats

Earlier this year, Tesla discovered that an employee had stolen more than 6,000 files containing sensitive code. The software engineer, who was only employed for two weeks, had been hired as one of the few people who could access these files. This incident highlights the danger that insider threa...

Unsuccessful Conti Ransomware Attack Still Packs Costly Punch

Ireland’s department of health services continues to grapple with a ransomware attack that occurred last week by the Conti gang. Officials state the attack will cost tens of millions to repair, even though attackers were not successful in their attempt to encrypt systems on Ireland’s Department o...

Microsoft, Adobe Exploits Top List of Crooks’ Wish List

A year-long study into the underground market for exploits in cybercriminal forums shows that crooks are salivating for Microsoft bugs, which are far and away the most requested and most sold exploits. According to researchers see chart below Microsoft products made up a whopping 47 percent of th...

Magecart Goes Server-Side in Latest Tactics Changeup

Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September’s gonzo attack on more than 2,000 e-Commerce sites, and now researchers have issued a report explaining how they did it, detailing a new technical approach. The skimmers are still “very...

What a Year It’s Been: RSA 2021 Embraces ‘Resilience’

Clearly, the months since the world shut down in March of 2020 fomented a radical shift in how people work and live, and it’s brought a range of crises and challenges to bear across the spectrum of our lives. These profound changes and experiences were also felt in cybersecurity, bringing...

DarkSide Hits Toshiba; XSS Forum Bans Ransomware

For a ransomware gang whose servers were purportedly commandeered last week, DarkSide has had a server-fueled weekend, with a reported hit on Toshiba Business. Late on Thursday night came a post to the “Exploit” underground forum that looked, at least, to be from DarkSide. It described how the...