Bizarro Banking Trojan Sports Sophisticated Backdoor

A never-before-documented Brazilian banking trojan, dubbed Bizarro, is targeting customers of 70 banks scattered throughout Europe and South America, researchers said. According to an analysis from Kaspersky released Monday, Bizarro is a mobile malware, aimed at capturing online-banking credentia...

CISOs Struggle to Cope with Mounting Job Stress

The CISOs aren’t OK. A new survey showed the pandemic has ratcheted up job pressure to “extreme stress” levels among chief information security officers CISOs, and it’s left them grappling for coping mechanisms ranging from workouts to narcotics. OneLogin released the results of its survey of 250...

FIN7 Backdoor Masquerades as Ethical Hacking Tool

The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers. According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a...

DarkSide Suffers ‘Oh, Crap!’ Server Shutdowns

DarkSide, the ransomware-as-a-server RaaS gang that crippled Colonial Pipeline Co. a week ago, extorted around $5 million, and sent the fuel company a decryption tool that reportedly could barely limp through the process of unlocking files, has now been paralyzed itself. In the wee hours of Frida...

Scheme Flooding Allows User Tracking Across Browsers

A security researcher has discovered a vulnerability that allows websites to track users across a number of different desktop browsers — including Apple Safari, Google Chrome, Microsoft Edge, Mozilla Firefox and Tor — posing a threat to cross-browser anonymity. Called “scheme flooding,” the flaw...

Verizon: Pandemic Ushers in ⅓ More Cyber Misery

Thanks for just showing up, said the team that cranked out the Verizon 2021 Data Breach Investigations Report DBIR. It’s quite the accomplishment that we all made it through the “often frightening and always unpredictable dystopian wasteland that was 2020,” the carrier noted, with cybersecurity...

Ransomware’s New Swindle: Triple Extortion

Ransomware attacks are exploding at a staggering rate, and so are the ransoms being demanded. Now experts are warning against a new threat — triple extortion — which means that attackers are expanding out to demand payments from customers, partners and other third parties related to the initial...

How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly

Zero-day disclosures, those known bugs without a fix, can have potentially catastrophic results. One of the best ways to combat them is by discovering them before the bad guys do. Some of the biggest tech brands on the planet have been pummeled by a rash of high-profile zero-day exploits. In the...

Colonial Pipeline Shells Out $5M in Extortion Payout, Report

Colonial Pipeline Co., operator of the largest U.S. fuel pipeline, reportedly paid $5 million to criminals behind a ransomware attack that has sent fuel prices spiking up and down the East Coast. Sources familiar with the payout told Bloomberg that representatives of Colonial Pipeline paid the...

Ransomware Going for $4K on the Cyber-Underground

In the cybercriminal underground, ransomware samples and builders are going for anywhere between $300 to $4,000, with ransomware-as-a-service rentals costing $120 to $1,900 per year. That’s according to an analysis by Kaspersky of the three main underground forums where ransomware is circulated...

Beyond MFA: Rethinking the Authentication Key

You have to hand it to the cyber-thieves: They have proven extremely adept at defeating security measures once thought reliable. Case in point: multifactor authentication MFA. While two-factor authentication 2FA using push text notifications has become the de-facto standard for login security, ba...

Fresh Loader Targets Aviation Victims with Spy RATs

A cyberattack campaign that goes after aviation targets has been uncovered, which is spreading remote access trojan RAT malware bent on cyber-espionage. Researchers from Microsoft said this week on Twitter that spear-phishing emails are the main attack vector. Individuals in the aerospace and...

Apple’s ‘Find My’ Network Exploited via Bluetooth

Apple’s “Find My device” function for helping people track their iOS and macOS devices can be exploited to transfer data to and from random passing devices without using the internet, a security researcher has demonstrated. Security researcher Fabian Bräunlein with Positive Security developed a...

Five Critical Password Security Rules Your Employees Are Ignoring

Password security was a problem even before the advent of widespread remote work. So, what happened post-pandemic? Keeper Security’s Workplace Password Malpractice Report sought to find out. In February 2021, Keeper surveyed 1,000 employees in the U.S. about their work-related password habits — a...

Pipeline Update: Biden Executive Order, DarkSide Detailed and Gas Bags

Colonial Pipeline Co. may have turned off the tap following Friday’s ransomware attack, but the news about the devastating assault keeps gushing. In the wake of the DarkSide cyberattack, President Biden signed an executive order Wednesday aimed at bolstering the federal government’s cyber defense...

Researchers Flag e-Voting Security Flaws

A group of election security experts said after a deep dive into Australia’s electronic voting systems that they have “serious problems” with the accuracy, integrity and privacy with elections run by the Australian Capital Territory ACT Electoral Commission. The team of four cybersecurity...

Telegram Fraudsters Ramp Up Forged COVID-19 Vaccine Card Sales

Telegram groups are being abused by fraudsters peddling fake COVID-19 vaccination cards to the unvaccinated and anti-vaxxer communities, according to researchers. Brittany Allen, trust and safety architect at Sift, noticed the illicit sales on the encrypted messaging platform as the COVID-19...

Gig Workers Being Paid $500 for Payroll Passwords

Fintech startup Argyle, a financial-services platform aimed at gig workers, is working to replace credit scores assigned by bureaus like Equifax. But closer security analysis hints that Argyle could be just the latest incarnation of an ongoing data-collection campaign, paying people to give up...

‘FragAttacks’: Wi-Fi Bugs Affect Millions of Devices

A Belgian security researcher specializing in Wi-Fi bugs has unearthed a clutch of new ones, which he called FragAttacks, that affect the Wi-Fi standard itself. The name is short for “fragmentation and aggregation attacks.” Some bugs date back to 1997, meaning that computers, smartphones or other...

TeaBot Trojan Targets Banks via Hijacked Android Handsets

Researchers have discovered an Android trojan that can steal victims’ SMS messages and credentials and completely take over devices. The trojan, dubbed TeaBot, is aimed at committing fraud against at least 60 banks in Europe. Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS ...

Wormable Windows Bug Opens Door to DoS, RCE

Microsoft’s May Patch Tuesday release addressed a modest 55 cybersecurity vulnerabilities, including just four critical bugs. It’s the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS. The good...

GitHub Prepares to Move Beyond Passwords

GitHub, the ubiquitous host for software development and version control and unfortunate target of a steady pitter-patter of attacks targeting the same, is now supporting security keys when using Git over SSH. In a post on Monday, GitHub security engineer Kevin Jones said that this is the next st...

Hackers Leverage Adobe Zero-Day Bug Impacting Acrobat Reader

Adobe is warning customers of a critical zero-day bug actively exploited in the wild that affects its ubiquitous Adobe Acrobat PDF reader software. A patch is available, as part of the company’s Tuesday roundup of 43 fixes for 12 of its products, including Adobe Creative Cloud Desktop Application...

Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack

A new Android malware that impersonates the Google Chrome app has spread to hundreds of thousands of people in the last few weeks, according to researchers. The fake app is being used as part of a sophisticated hybrid cyberattack campaign that also uses mobile phishing to steal credentials. Join...

Shifting Threats in a Changed World: Edge, IoT and Vaccine Fraud

Though it’s often hard to find group consensus, one thing everyone can agree on is a feeling of relief that we may be moving past the worst of the pandemic. While few want to look back on the darkest times, those months have continuing lessons to teach about cybersecurity. Like it or not, the...

200K Veterans’ Med Records May Have Been Stolen by Ransomware Gang

UPDATE A database filled with the medical records of nearly 200,000 U.S. military veterans was exposed online by a vendor working for the Veterans Administration, according to an analyst, who also presented evidence the data might have been exfiltrated by ransomware attackers. The VA for it’s par...

DarkSide Wanted Money, Not Disruption from Colonial Pipeline Attack

Threat actors behind last week’s Colonial Pipeline ransomware attack that crippled a major U.S. oil pipeline said that financial gain–not political, economic or social disruption–is the goal of their nefarious activities, vowing to choose their targets more carefully in the future. Join Threatpos...

Colonial Pipeline’s Ransomware Attack Sparks Emergency Declaration

The Biden administration has declared a state of emergency that covers 17 states and Washington D.C. in the wake of the ransomware attack on the Colonial Pipeline Co., and is working with Colonial to restart operations. On Monday morning, FireEye also confirmed to Threatpost that it’s been called...

Lemon Duck Cryptojacking Botnet Changes Up Tactics

The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework...

Major U.S. Pipeline Crippled in Ransomware Attack

A ransomware attack has halted pipeline activities for the Colonial Pipeline Co., which supplies the East Coast with roughly 45 percent of its liquid fuels. In a statement released on Saturday, Colonial Pipeline said it has temporarily halted pipeline operations in response to a cyberattack...

iPhone Hack Allegedly Used to Spy on China’s Uyghurs

In 2019, a Chinese security researcher working with the internet security and antivirus company Qihoo 360 unveiled an intricately woven exploit: One that would allegedly let a remote attacker easily jailbreak an iPhone X iOS 12.1. The researcher, Qixun Zhao, dubbed the exploit Chaos, for good...

80% of Net Neutrality Comments to FCC Were Fudged

Broadband providers and a 19-year-old college student were among those who successfully hijacked public comments during a crucial decision-making process in 2017 to overturn net neutrality by flooding the Federal Communications Commission FCC with fraudulent comments indicating their position on...

Qualcomm Chip Bug Opens Android Fans to Eavesdropping

A vulnerability in a 5G modem data service could allow mobile hackers to remotely target Android users by injecting malicious code into a phone’s modem – gaining the ability to execute code, access mobile users’ call histories and text messages, and eavesdrop on phone calls. That’s according to...

Critical Cisco SD-WAN, HyperFlex Bugs Menace Networks

Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution RCE on corporate networks or steal information. The networking giant also disclosed a denial-of-service issue in vManag...

Ryuk Ransomware Attack Sprung by Frugal Student

A European biomolecular research institute involved in COVID-19 research lost a week’s worth of research data, all thanks to a Ryuk ransomware attack traced back to a student trying to save money by buying unlicensed software. Security researchers at Sophos described the attack in a report...

Massive DDoS Attack Disrupts Belgium Parliament

Belgian ISP Belnet has restored its service after a massive distributed denial of service DDoS attack earlier this week that cut off Internet access to numerous government, public, scientific and educational agencies, including Belgium’s Parliament and some law-enforcement agencies. Join Threatpo...

New Crypto-Stealer ‘Panda’ Spreads via Discord

Yet another new information stealer – Panda Stealer – is being spread through a worldwide spam campaign. On Tuesday, Trend Micro researchers said that they first spotted the new stealer in April. The most recent wave of the spam campaign has had the biggest impact in Australia, Germany, Japan and...

Anti-Spam WordPress Plugin Could Expose Website User Data

An SQL-injection vulnerability discovered in a WordPress plugin called “Spam protection, AntiSpam, FireWall by CleanTalk” could expose user emails, passwords, credit-card data and other sensitive information to an unauthenticated attacker. Spam protection, AntiSpam, FireWall by CleanTalk is...

Raft of Exim Security Holes Allow Linux Mail Server Takeovers

A veritable cornucopia of security vulnerabilities in the Exim mail server have been uncovered, some of which could be chained together for unauthenticated remote code execution RCE, gaining root privileges and worm-style lateral movement, according to researchers. The Qualys Research Team has...

Peloton’s Leaky API Spilled Riders’ Private Data

Peloton has hit a pothole. Its API was leaking riders’ private data, it ignored a vulnerability disclosure from a penetration testing company, and it partially fixed the hole but didn’t get around to telling the researcher until he reached out to a cybersecurity journalist for some help. This is...

Feds Shut Down Fake COVID-19 Vaccine Phishing Website

Federal law enforcement in Maryland has shut down a fraudulent website targeting immigrant communities that claimed to be for a company developing a COVID-19 vaccine. Instead, the site was stealing information from people with the purpose of using it for future cybercriminal activity. The U.S...

Phishing Attacks Spawn Three New Malware Strains

Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye’s Mandiant cybersecurity team. On Tuesday, the team said that they’ve dubbed the hitherto-unseen malware strains...

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs

Pulse Secure has rushed a fix for a critical zero-day security vulnerability in its Connect Secure VPN devices, which has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe. Pulse Secure also patched thre...

Apple Fixes Zero‑Day Security Bugs Under Active Attack

Apple has issued out-of-band patches for critical security issues affecting iPad, iPhone and iPod, which could allow remote code execution RCE and other attacks, completely compromising users’ systems. And, the computing giant thinks all of them may have already been exploited in the wild. Three ...

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

Five high-severity security flaws in Dell’s firmware update driver are impacting potentially hundreds of millions of Dell desktops, laptops, notebooks and tablets, researchers said. The bugs have gone undisclosed for 12 years, and could allow the ability to bypass security products, execute code...

Why Retailers Fail to Stop Shopping Bots

In the 1970s the United States encountered an “oil embargo” that dramatically curtailed people from being able to purchase gasoline for their vehicles. “No Gas Today” signs were everywhere. Gas rationing was imposed by only allowing car owners to buy gas based on whether the final numbers on thei...

Phishers Delivering Increasingly Convincing Lures

Innovative twists on banking scams and corporate-account hunters wielding increasingly clever lures, including those with COVID-19 vaccine promises, are likely to dominate the spam and phishing landscape throughout Q2 2021, according to researchers. And although no new wild trends have emerged,...

Scripps Cyberattack Causes Widespread Hospital Outages

Scripps Health, a hospital network based in San Diego, was hit by a cyberattack over the weekend, forcing some critical-care patients to be diverted, according to the San Diego Union-Tribune. Scripps acknowledged the attack in a statement but didn’t specify whether it was a ransomware incident...

New Attacks Slaughter All Spectre Defenses

All defenses against Spectre side-channel attacks can now be considered broken, leaving billions of computers and other devices just as vulnerable today as they were when the hardware flaw was first announced three years ago. A paper published on Friday by a team of computer scientists from the...

Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool

Hewlett Packard Enterprise HPE is urging customers to patch one of its premier edge application management tools that could allow an attacker to carry out a remote authentication bypass attack and infiltrate a customer’s cloud infrastructure. Join Threatpost for “Fortifying Your Business Against...