Deepfake Attacks Are About to Surge, Experts Warn

Artificial intelligence and the rise of deepfake technology is something cybersecurity researchers have cautioned about for years and now it’s officially arrived. Cybercriminals are increasingly sharing, developing and deploying deepfake technologies to bypass biometric security protections, and ...

Buer Malware Tool Rewritten in E-Z Rust Language

A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Join Threatpost for “Fortifying Your...

PortDoor Espionage Malware Takes Aim at Russian Defense Sector

A previously undocumented backdoor malware, dubbed PortDoor, is being used by a probable Chinese advanced persistent threat actor APT to target the Russian defense sector, according to researchers. The Cybereason Nocturnus Team observed the cybercriminals specifically going after the Rubin Design...

WeSteal: A Cryptocurrency-Stealing Tool That Does Just That

Some cybercriminals try, at least, to cover their dirty work with a threadbare “this will throw off the lawsuits” blanket of legitimacy. For example, phone-tracking tools that silently install and operate and which are supposedly meant for parents to legally watch out for their kids in actuality,...

A Tale of Two Hacks: From SolarWinds to Microsoft Exchange

The past four months have exposed two high-profile attacks, which both had pundits declaring them the “worst-ever” and “unprecedented.” They shared other similarities – both attacked businesses rather than individuals, and affected tens of thousands of organizations. But that is where the...

Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices

Security researchers at Microsoft are warning the industry about 25 as-yet undocumented critical memory-allocation vulnerabilities across a number of vendors’ IoT and industrial devices that threat actors could exploit to execute malicious code across a network or cause an entire system to crash...

Babuk Ransomware Gang Mulls Retirement

Just a few days after hackers bragged about purportedly raiding the computer systems of the Washington D.C. Metropolitan Police Department MPD and doxxing what looked like its data, the Babuk ransomware-as-a-service RaaS gang prepared a goodbye note saying that they’re hanging up its spurs...

F5 Big-IP Vulnerable to Security-Bypass Bug

F5 Networks’ Big-IP Application Delivery Services appliance contains a Key Distribution Center KDC spoofing vulnerability, researchers disclosed – which an attacker could use to get past the security measures that protect sensitive workloads. Join Threatpost for “Fortifying Your Business Against...

Experian API Leaks Most Americans’ Credit Scores

A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections. Experian, for its part, refuted concerns from the security community...

DoJ Task Force: Taking Down the Ransomware Economy

Ransomware has reached crisis levels across business sectors and across the globe, but a public-private Ransomware Task Force aims to stem the tide of attacks by disrupting the crooks’ business model. Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” ...

COVID-19 Results for 25% of Wyoming Accidentally Posted Online

The Wyoming Department of Health WDH said on Wednesday it accidentally posted COVID test results of state residents onto their public-facing storage buckets. The WDH said in a public advisory that an employee fumbled the health information of about 164,021 Wyoming residents and of people from oth...

Anti-Vaxxer Hijacks QR Codes at COVID-19 Check-In Sites

Quick-response QR codes used by a COVID-19 contact-tracing program were hijacked by a man who simply slapped up scam QR codes on top to redirect users to an anti-vaccination website, according to local police. He now faces two counts of “obstructing operations carried out relative to COVID-19 und...

SaaS Attacks: Lessons from Real-Life Misconfiguration Exploits

It’s unfortunate but true: SaaS attacks continue to increase. You can’t get around it, COVID-19 accelerated the already exploding SaaS market and caused industries not planning on making a switch to embrace SaaS. With SaaS apps becoming the default system of record for organizations, it has left...

DoppelPaymer Gang Leaks Files from Illinois AG After Ransom Negotiations Break Down

The ransomware gang identified as DoppelPaymer has leaked a substantial collection of files from the Illinois Office of the Attorney General OAG on a server controlled by the cybercriminal group. The move came after ransom negotiations between the two parties broke down following a ransomware...

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks

A phishing campaign, discovered by researchers at Cofense, is draping itself in a Microsoft Office SharePoint theme and successfully bypassing security email gateways SEGs. In a post on Tuesday, the firm said that this is an example of why it’s not always prudent to share documents via Microsoft’...

Google Chrome V8 Bug Allows Remote Code-Execution

Google’s Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution RCE within a user’s browser. The high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from...

Chase Bank Phish Swims Past Exchange Email Protections

Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims — by spoofing real-life customer scenarios. Researchers from Armorblox recently discovered the attacks, one of which claims to...

Nintendo Sues Video-Game Pirates

Gaming giant Nintendo has filed a lawsuit against video-game piracy group ringleader Gary Bowser, a Canadian national behind Team Xecuter, which law enforcement said built and sold hacking devices that enabled consoles to play unauthorized versions of games. Download “The Evolution of Ransomware”...

Linux Kernel Bug Opens Door to Wider Cyberattacks

An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. Specifically, the bug CVE-2020-28588 exists in the /proc/pid/syscall functionality of 32-bit ARM devices running...

Smishing: Put Text-Based Phishing on the CISO Radar

Anyone who uses a smartphone has likely been the target of at least one smishing attack. Smishing is much like email phishing scams, but instead sends deceptive or malicious links through text messages. Like phishing, smishing tries to trick users into giving up valuable information, such as...

Babuk Ransomware Gang Targets Washington D.C. Police

The Babuk gang of threat actors claims to have stolen more than 250 gigabytes of data from the Washington D.C. Metropolitan Police Department MPD on Monday, including police reports, internal memos, and arrested people’s mug shots and personal details. According to Vice, the attackers published t...

Apple Patches Zero-Day MacOS Bypass Bug

Apple patched a zero-day vulnerability in its MacOS that can bypass critical anti-malware capabilities and which a variant of the notorious Mac threat Shlayer adware dropper already has been exploiting for several months. Security researcher Cedric Owens first discovered the vulnerability, tracke...

Flubot Spyware Spreading Through Android Devices

Android mobile phone users across the U.K. and Europe are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot,” according to the U.K.’s National Cyber Security Centre. And the U.S. could be the next target. Victims are asked to download a fake app from ...

Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software

Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit GPU display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service DoS and information disclosure. Meanwhile, the Nvidia virtual GPU...

Oscar-Bait, Literally: Hackers Abuse Nominated Films for Phishing, Malware

Anticipation surrounding the upcoming 93rd Academy Awards broadcast on Sunday is being used by scammers to trick people into giving up their credentials — they think they’re about to stream Oscar-nominated films, but the reality turns out to be much different. Prior to the winners being announced...

Prometei Botnet Could Fire Up APT-Style Attacks

A heretofore little-seen botnet dubbed Prometei is taking a page from advanced persistent threat APT cyberattackers: The malware is exploiting two of the Microsoft Exchange vulnerabilities collectively known as ProxyLogon, in order to drop a Monero cryptominer on its targets. It’s also highly...

5 Fundamental But Effective IoT Device Security Controls

As the pandemic continues to fuel the shift to remote work, numerous manufacturers have capitalized on this movement to create a multitude of handy internet of things IoT devices. While these devices may make our home and work lives more convenient, they greatly expand the attack surface for...

REvil's Big Apple Ransomware Gambit Looks to Pay Off

The REvil ransomware gang is known for audacious attacks on the world’s biggest organizations, and its demands for astronomical ransoms to match. But the gang’s latest squeeze on Apple just hours before its splashy new product launch was a bold move, even for the notorious ransomware-as-a-service...

Mount Locker Ransomware Aggressively Changes Up Tactics

The Mount Locker ransomware has shaken things up in recent campaigns with more sophisticated scripting and anti-prevention features, according to researchers. And, the change in tactics appears to coincide with a rebranding for the malware into “AstroLocker.” According to researchers, Mount Locke...

Spotlight on Cybercriminal Supply Chains

An examination of cybercrime ecosystems reveals it mirrors legitimate financial organization and market systems. “Cybercriminals need to move money and pay employees in their organization just like any other company,” said Derek Manky Chief Security Insights & Global Threat Alliances at Fortinet’...

Telegram Platform Abused in 'ToxicEye' Malware Campaigns

Hackers are leveraging the popular Telegram messaging app by embedding its code inside a remote access trojan RAT dubbed ToxicEye, new research has found. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. The ToxicEye malware ca...

It’s Easy to Become a Cyberattack Target, but a VPN Can Help

Even though data breaches top news headlines every other week, it’s still tempting to think that no one is interested in your data. But a hacker doesn’t need to target you in particular to get their hands on your most sensitive information. Let’s look at the cyber-threats out there and how a...

4 Ways Cyberattackers Hunt for Security Bugs

Blue teamers are in constant battle against hackers — faceless adversaries whose persistence can seem unending. But these actors have processes just like corporate operations, even if theirs are bootlegged. Attackers seek the path of least resistance: Gain access with as little effort as possible...

QR Codes Offer Easy Cyberattack Avenues as Usage Spikes

The use of mobile quick-response QR codes in daily life, for both work and personal use, continues to rise – and yet, most people aren’t aware that these handy mobile shortcuts can open them up to savvy cyberattacks. That’s according to Ivanti, which carried out a survey of 4,157 consumers across...

Pulse Secure Critical Zero-Day Security Bug Under Active Exploit

A critical zero-day security vulnerability in Pulse Secure VPN devices has been exploited by nation-state actors to launch cyberattacks against U.S. defense, finance and government targets, as well as victims in Europe, researchers said. Download “The Evolution of Ransomware” to gain valuable...

Swiss Army knife For Information Security: What is Comprehensive Protection?

Written by Sergey Ozhegov, CEO of SearchInform In the early days of information security, we used to rely on antivirus and firewall in our arsenal. Once I even “caught” a leak with the help of the firewall logs: I noticed an atypically large data upload and found out that the user was uploading...

Novel Email-Based Campaign Targets Bloomberg Clients with RATs

A new email-based campaign by an emerging threat actor aims to spread various remote access trojans RATs to a very specific group of targets who use Bloomberg’s industry-based services. Cisco Talos Intelligence researchers discovered the campaign, dubbing it and its perpetrator “Fajan,” and...

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock

The Mozilla Foundation fixed a flaw in its Firefox browser that allowed spoofing of the HTTPS secure communications icon, displayed as a padlock in the browser address window. Successful exploitation of the flaw could have allowed a rogue website to intercept browser communications. The patch was...

GEICO Alerts Customers Hackers Stole Driver License Data for Two Months

Threat actors stole driver license numbers from customers of GEICO insurance for nearly two months earlier this year due to a security flaw on its website that has since been fixed. The second-largest auto insurance provider in the United States disclosed the vulnerability in a data breach notice...

NitroRansomware Asks for $9.99 Discord Gift Codes, Steals Access Tokens

The NitroRansomware malware strain is shaking up the ransomware norm by demanding Discord Nitro gift codes from victims instead of actual money. Discord is a VoIP, instant messaging and digital-distribution platform designed for creating communities. Users communicate with voice calls, video call...

Ransomware: A Deep Dive into 2021 Emerging Cyber-Risks

Ransomware has been a growing scourge for years, but recent attacks illustrate a growing sophistication by attackers within this slice of the cybercrime underbelly. Snowballing assaults against the business sector, schools and government organizations are now a primary cybersecurity concern. Maki...

What COVID-19 Taught Us: Prepping Cybersecurity for the Next Crisis

Few could have anticipated the impact COVID-19 has had on business. It spread from an isolated outbreak to a global pandemic seemingly overnight, and IT leaders across the planet have had mixed success adjusting to the changes and uncertainty it has brought. While COVID-19 caught many businesses...

BazarLoader Malware Abuses Slack, BaseCamp Clouds

The BazarLoader malware is leveraging worker trust in collaboration tools like Slack and BaseCamp, in email messages with links to malware payloads, researchers said. And in a secondary campaign aimed at consumers, the attackers have added a voice-call element to the attack chain. Join experts fr...

iOS Kids Game Morphs into Underground Crypto Casino

A kids’ game called “Jungle Run” that, until recently, was available in the Apple App store, was secretly a cryptocurrency-funded casino set up to scam people out of money. Join experts from Digital Shadows Austin Merritt, Malwarebytes Adam Kujawa and Sift Kevin Lee to find out how cybercrime...

NSA: 5 Security Bugs Under Active Nation-State Cyberattack

The Feds are warning that nation-state actors are once again after U.S. assets, this time in a spate of cyberattacks that exploit five vulnerabilities that affect VPN solutions, collaboration-suite software and virtualization technologies. According to the U.S. National Security Agency NSA, which...

Mandiant Front Lines: How to Tackle Exchange Exploits

Recently, the public learned of multiple vulnerabilities “ProxyLogon” that impacted Microsoft’s on-premises Exchange Server, a software application used worldwide to manage communications between employees. Since then, many in the security industry have come to realize that attackers knew of thes...

Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period

Google Project Zero will now give organizations a 30-day grace period to patch zero-day flaws it discovers in a new disclosure policy revealed this week aimed at speeding up the time it takes for patches to be adopted. Known for discovering a number of high-profile zero days—in Google’s own...

Biden Races to Shore Up Power Grid Against Hacks

President Biden is putting the final details on a plan to encourage American electric utilities to strengthen their cybersecurity protections against hackers in the next 100 days, amid increasing cyberattacks. The White House push to boost electrical grid security comes in the wake of a report th...

Gafgyt Botnet Lifts DDoS Tricks from Mirai

Several variants of the Gafgyt Linux-based botnet malware family have incorporated code from the infamous Mirai botnet, researchers have discovered. Gafgyt a.k.a. Bashlite is a botnet that was first uncovered in 2014. It targets vulnerable internet of things IoT devices like Huawei routers, Realt...

Attackers Target ProxyLogon Exploit to Install Cryptojacker

Cryptojacking can be added to the list of threats that face any unpatched Exchange servers that remain vulnerable to the now-infamous ProxyLogon exploit, new research has found. Researchers discovered the threat actors using Exchange servers compromised using the highly publicized exploit...