Security Bug Allows Attackers to Brick Kubernetes Clusters

A vulnerability in one of the Go libraries that Kubernetes is based on could lead to denial of service DoS for the CRI-O and Podman container engines. The bug CVE-2021-20291 affects the Go library called “containers/storage.” According to Aviv Sasson, the security researcher at Palo Alto’s Unit 4...

Ransomware Attack Creates Dutch Cheese Shortages

An Easter weekend ransomware attack on a food-logistics firm in the Netherlands has caused shortages of prepackaged cheese in supermarkets across the country. The largest Dutch grocery store chain had some bad news for a cheese-mad nation. “Due to a technical malfunction, there is limited...

FBI Clears ProxyLogon Web Shells from Hundreds of Orgs

The Feds have cleared malicious web shells from hundreds of vulnerable computers in the United States that had been compromised via the now-infamous ProxyLogon Microsoft Exchange vulnerabilities. ProxyLogon comprises a group of security bugs affecting on-premises versions of Microsoft Exchange...

A Post-Data Privacy World and Data-Rights Management

The reality is that today, almost everyone is being tracked and monitored 24/7 with cameras recording our expressions, interactions and speech to determine what we might be thinking, where we are going and who we are meeting. While privacy differs from nation to nation and culture to culture, one...

100,000 Google Sites Used to Install SolarMarker RAT

Hackers are using search-engine optimization SEO tactics to lure business users to more than 100,000 malicious Google sites that seem legitimate, but instead install a remote access trojan RAT, used to gain a foothold on a network and later infect systems with ransomware, credential-stealers,...

Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes

Microsoft had its hands full Tuesday snuffing out five zero-day vulnerabilities, a flaw under active attack and applying more patches to its problem-plagued Microsoft Exchange Server software. In all, Microsoft released patches for 110 security holes, 19 classified critical in severity and 88...

How the NAME:WRECK Bugs Impact Consumers, Businesses

Researchers estimate more than 100 million internet-connected devices are vulnerable to a class of flaws dubbed NAME:WRECK. Devices ranging from smartphones, aircraft navigation systems and industrial internet of things IIoT endpoints are vulnerable to either a denial-of-service DoS or remote...

COVID-Related Threats, PowerShell Attacks Lead Malware Surge

Surging numbers of COVID-themed attacks, PowerShell trojans, along with the SolarWinds compromise and the continued spread of Sunburst malware were major contributors to a massive spike in the number of observed attacks in the wild during the last half of 2020, which McAfee’s said averaged 588...

Tax Phish Swims Past Google Workspace Email Security

A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building. The campaign is aimed at harvesting victims’ email account credentials, researchers said. According to Armorblox, the campaign also bypasses native Google...

Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop

Adobe has released security patches tackling four critical vulnerabilities in Adobe Bridge, along with other critical and important-rated updates for bugs in Adobe Digital Editions, Adobe Photoshop and RoboHelp. In all, Adobe fixed 10 security holes in its products during its scheduled April...

Chrome Zero-Day Exploit Posted on Twitter

A researcher has dropped working exploit code for a zero-day remote code execution RCE vulnerability on Twitter, which he said affects the current versions of Google Chrome and potentially other browsers, like Microsoft Edge, that use the Chromium framework. Security researcher Rajvardhan Agarwal...

1.3M Clubhouse Users’ Data Dumped in Hacker Forum for Free

Clubhouse, the startup invitation-only chat app, is the latest social-media platform to see mammoth troves of user data collected and posted in underground forums. An SQL file containing the personal data of 1.3 million Clubhouse users has been posted in a hacker forum for free. Names, user IDs,...

Man Arrested for AWS Bomb Plot

A Texas man has been charged with plotting a bombing of Amazon Web Services in a quest to allegedly “kill off the internet.” Seth Aaron Pendley was arrested in Ft. Worth after allegedly attempting to get an explosive device from an undercover FBI employee in a sting. The feds were alerted to...

Zero Trust: The Mobile Dimension

After embarking on a second unforeseen year of mass remote work, everyone is now accessing corporate resources through the cloud. To help enable this, organizations are introducing new technologies into their standard workflows. The COVID-19 pandemic presented a new realm of unmarked territory as...

IcedID Circulates Via Web Forms, Google URLs

Website contact forms and Google URLs are being used to spread the IcedID trojan, according to researchers at Microsoft. Attackers are using “contact us” forms on websites to send emails targeting organizations with trumped-up legal threats, researchers said. The messages consistently mention a...

DOJ: Creep Coach Finagles Nude Athlete Photos

A former track-and-field coach who worked at several universities has been arrested and is facing up to five years in prison for attempting to solicit nude photos of his athletes through sham social-media accounts and cyberstalking. The Department of Justice alleged that Steve Waithe, while...

623K Payment Cards Stolen from Cybercrime Forum

The Swarmshop cyber-underground “card shop” has been hit by hackers, who lifted the site’s database of stolen payment-card data and leaked it online. That’s according to researchers at Group-IB, who said that the database was posted on a rival underground forum. Card shops, are online cybercrimin...

Network Detection & Response: The Next Frontier in Fighting the Human Problem

Last year, Gartner published a market guide on network detection and response NDR. Formerly known as network-traffic analytics, which I’ve spoken about in the past at length, NDR has adapted to not only play a major role in helping network and security teams identify threats, but it has enabled...

Data from 500M LinkedIn Users Posted for Sale Online

Personal data from more than 500 million LinkedIn users has been posted for sale online in yet another incident of threat actors scraping data from public profiles and slinging it online for potential cybercriminal misuse. Hackers posted an archive containing data they said includes LinkedIn IDs,...

Adware Spreads via Fake TikTok App, Laptop Offers

Malicious Android apps disguised as TikTok and offers for free Lenovo laptops are being used in ad-stuffing attacks underway against devices on the Jio telecom network in India, security researchers warn. Researchers from Zscaler report this threat actor has been operating various phishing scams...

Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers

Cisco Systems said it will not fix a critical vulnerability found in three of its SOHO router models. The bug, rated 9.8 in severity out of 10, could allow unauthenticated remote users to hijack targeted equipment and gain elevated privileges within effected systems. The three Cisco router models...

IcedID Banking Trojan Surges: The New Emotet?

The banking trojan known as IcedID appears to be taking the place of the recently disrupted Emotet trojan, according to researchers. IcedID a.k.a. BokBot, bears similarities to Emotet in that it’s a modular malware that started life as a banking trojan used to steal financial information...

Azure Functions Weakness Allows Privilege Escalation

A privilege-escalation vulnerability Microsoft’s Azure Functions cloud container feature could ultimately allow a user to escape the container, according to researchers. Intezer researchers dubbed the bug “Royal Flush” after a flush-to-disk limitation that an exploit would need to evade. Flushing...

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks

Threat actors are exploiting a Fortinet vulnerability flagged by the feds last week that delivers a new ransomware strain, dubbed Cring, that is targeting industrial enterprises across Europe. Researchers say the attackers are exploiting an unpatched path-reversal flaw, tracked as CVE-2018-13379,...

Attackers Blowing Up Discord, Slack with Malware

Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans RATs and other malware. The pandemic-induced shift to remote work drove business processes...

Crossing the Line: When Cyberattacks Become Acts of War

The Cold War concept isn’t outdated. In the decades since the fall of the Soviet Union, the battleground has simply shifted from conflicts between ideological proxy governments to cyberspace. And the opponents have grown from a few primary nations into a broad range of sovereign threat actors. Th...

Fake Netflix App on Google Play Spreads Malware Via WhatsApp

Malware disguised as a Netflix app, lurking on the Google Play store, spread through WhatsApp messages, researchers have discovered. According to a Check Point Research analysis released on Wednesday, the malware masqueraded as an app called “FlixOnline,” which advertised via WhatsApp messages...

Facebook: Stolen Data Scraped from Platform in 2019

The leak of personal data from more than 533 million Facebook users was scraped from their profiles by malicious actors because of a security flaw in the company’s platform prior to September 2019, the social media giant said Tuesday. Threat actors posted that data to a public hacker forum over t...

Critical Bug in VMWare Carbon Black Allows Takeover

A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution. The bug CVE-2021-21982 ranks 9.1 out of 10 on the CVSS vulnerability-severity scale. The VMware Carbon...

Chinese Hackers Selling Intimate Stolen Camera Footage

Stolen videos captured by tens of thousands of security cameras at private properties throughout China are now for sale across social media, marketed as sex tapes. That’s according to the South China Morning Post, which reported that the cost of each “tape” varies, depending on how salacious the...

SAP Bugs Under Active Cyberattack

Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. Adversaries are carrying out a range of attacks, according to an alert from SAP and security firm Onapsis issued Tuesday – including theft of sensitive...

Conti Gang Demands $40M Ransom from Florida School District

UPDATE The Conti Gang has demanded a $40 million ransom from a Fort Lauderdale, Fla., school district after a ransomware attack last month. Attackers stole personal information from students and teachers, disrupted the district’s networks, and caused some services to be unavailable. The incident...

533M Facebook Accounts Leaked Online: Check if You Are Exposed

More than 533 million Facebook users had their personal information posted to a public hacker forum, a move that is raising concerns about an uptick in cybercrime leveraging the credentials. The publicly released Facebook user data is believed to be part of a 2019 “Add Friend” Facebook security b...

Spy Operations Target Vietnam with Sophisticated RAT

An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool RAT for carrying out espionage operations, researchers said. Further analysis suggested that this campaign was conducted by a group related to a...

LinkedIn Spear-Phishing Campaign Targets Job Hunters

A threat group called Golden Chickens is delivering the fileless backdoor moreeggs through a spear-phishing campaign targeting professionals on LinkedIn with fake job offers, according to researchers at eSentire. The phishing emails try to trick a victim into clicking on a malicious .ZIP file by...

Apple Mail Zero-Click Security Vulnerability Allows Email Snooping

A zero-click security vulnerability in Apple’s macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail’s sandbox environment, leading to a range of attack types. According to Mikko Kenttälä, founder and CEO of SensorFu, exploitation of the bug could lead to...

How To Defend the Extended Network Against Web Risks

Smart cybercriminals are going after web servers and browsers, more so than after individuals. Unfortunately, these types of attacks often go ignored, as they’re harder to test for in terms of pen-testing. With much of the world now working remotely, this threat has intensified. Attackers use...

15 Cybersecurity Pitfalls and Fixes for SMBs

Small- to medium-sized businesses SMBs, those with 100 employees or less, are more vulnerable than ever to catastrophic cybersecurity breaches and attacks. The good news is that there are many things they can do, with extraordinarily little added investment, that will help IT managers lock down...

FBI: APTs Actively Exploiting Fortinet VPN Bugs

The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat APT nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating system, affecting the company’s SSL VPN products. According t...

Call of Duty Cheats Expose Gamers to Malware

Activision, the company behind Call of Duty: Warzone, has issued a warning that a threat actor is taking out ads for cheat tools, which instead turn out to be remote-access trojan RAT malware . The scam was first floated in March when a cyberattacker posted in hacking forums that they had a free,...

From PowerShell to Payload: An Analysis of Weaponized Malware

UPDATE Click, and boom, your network is compromised. All a hacker needs is one successful exploit and you could have a very bad day. Recently we uncovered one artifact that we would like to break down and showcase. We will get “into the weeds” here and really deep-dive on the technical details, s...

Robinhood Warns Customers of Tax-Season Phishing Scams

Attackers have targeted customers of stock-trading broker Robinhood with a phishing campaign aimed to steal their credentials and spread malware using fake tax documents, the company has warned. Robinhood, which aims to make it easy for people to trade stocks online but has faced a number of...

80% of Global Enterprises Report Firmware Cyberattacks

Attacks against firmware are snowballing, outstripping many organizations’ cyber-defenses, according to a survey from Microsoft. The report showed that more than 80 percent of enterprises have experienced at least one firmware attack in the past two years – but only 29 percent of security budgets...

Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack

Two critical zero-day bugs affect legacy QNAP Systems storage hardware, and expose devices to remote unauthenticated attackers. The bugs, tracked as CVE-2020-2509 and CVE-2021-36195, impact QNAP’s model TS-231 network attached storage NAS hardware, allowing an attacker to manipulate stored data a...

Ragnarok Ransomware Hits Boggi Milano Menswear

Luxury Italian men’s clothing line Boggi Milano has confirmed what Ragnarok was already bragging about on the Dark Web: The brand was hit with a ransomware attack, according to multiple sources. Ragnarok and Boggi Milano representatives who spoke to Bloomberg agree on the facts; the ransomware...

Building a Fortress: 3 Key Strategies for IT Security

Last year and early spring has been undoubtedly tough for cybersecurity. We’ve seen one of – if not the – worst cyberattacks on U.S. companies and government agencies in the last decade; and the ProxyLogon Microsoft Exchange vulnerabilities continue to be dangerous. Knowing just how vulnerable ma...

North Korean APT Gears Up to Target Security Researchers

The same North Korean threat actors that targeted security researchers in January appear to be readying a new campaign using a fake company and associated social-media accounts that aim to lure security professionals into another cyber-espionage trap. Google discovered the site as well as Twitter...

Apple, Google Both Track Mobile Telemetry Data, Despite Users Opting Out

Mobile device-tracking by Apple and Google take center stage in a report revealing that, despite both allowing users to opt out of sharing telemetry data – they do anyway. “Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this,” wrote researcher Douglas...

Fraud Ring Launders Money Via Fake Charity Donations

A money-laundering fraud ring is targeting donation sites, taking advantage of the outpouring of charity sparked by the global pandemic. Dubbed Cart Crasher by the Sift security firm, the fraud ring leverages guest checkout options on donation sites to steal money and launder stolen payment cards...

Child Tweets Gibberish from U.S. Nuke Account

A nonsense tweet sent out from the official account of U.S. Strategic Command is no reason for alarm, according to the department. The social media manager’s kid found an open laptop, pounded on a few random keys and sent the tweet, which read, “;l;;gmlxzssaw” last Sunday. The tweets were met wit...