APT Charming Kitten Pounces on Medical Researchers

Security researchers have linked a late-2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten. The campaign—dubbed BadBloo...

Ziggy Ransomware Gang Offers Refunds to Victims

The Ziggy ransomware gang announced in early February they were getting out of the cybercrime business. Now they say they’re ready to refund their victims’ money. Anyone who paid a ransom to Ziggy just needs to shoot them an email with proof of payment calculated in Bitcoin and the computer ID...

Malicious Docker Cryptomining Images Rack Up 20M Downloads

At least 30 malicious images in Docker Hub, with a collective 20 million downloads, have been used to spread cryptomining malware, according to an analysis. The malicious images spread across 10 different Docker Hub accounts have raked in around $200,000 from cryptomining, according to Aviv Sasso...

SolarWinds Attackers Accessed DHS Emails, Report

The SolarWinds cyberattackers compromised the head of the Department of Homeland Security DHS under former president Trump and other top-ranking members of the department’s cybersecurity staff, according to a report. In the campaign, adversaries were able to use SolarWinds’ Orion network manageme...

Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website

Intel is being sued under a Florida state wiretapping law for using software on its website to capture keystrokes and mouse movements of people that visit it. The case is one of many that private citizens have brought against companies to dispute their use of session-replay technology. A...

Pair of Apex Legends Players Banned for DDoS Server Attacks

Two high-ranked Apex Legends players have been banned from the platform for cheating by launching distributed denial-of-service DDoS attacks on an Xbox server. The players, who had achieved the rank of “Apex Predators” in the console version of the game haven’t been named, but the whole thing wen...

Hades Ransomware Gang Exhibits Connection to Hafnium

The Hades ransomware gang has several unique characteristics that set it apart from the rest of the pack, according to researchers – including potentially having more than extortion on the to-do list. The group appears to use multiple nation-state tools and techniques. The researchers said that i...

PHP Infiltrated with Backdoor Malware

The PHP project on Sunday announced that attackers were able to gain access to its main Git server, uploading two malicious commits, including a backdoor. They were discovered before they went into production. PHP is a widely used open-source scripting language often used for web development. It...

E.O. Would Strengthen Federal Cyber Requirements

The U.S. federal government is mulling changes to up its cybersecurity software game in the wake of the sprawling SolarWinds cyberattacks that came to light in December, including requiring data-breach notifications. In a draft executive order from President Joe Biden, software companies would be...

Employee Lockdown Stress May Spark Cybersecurity Risk

Stressed-out employees in a remote-working world could be a major contributor to poor cybersecurity postures for companies, according to a survey. Forcepoint polled 2,000 office workers in Germany and the U.K., to better understand cybersecurity practices among remote workers. Among other finding...

Insurance Giant CNA Hit with Novel Ransomware Attack

A novel ransomware attack forced insurance giant CNA to take systems offline and temporarily shutter its website. The attack occurred earlier this week and leveraged a new variant of the Phoenix CryptoLocker malware. The Chicago-based company—the seventh largest commercial insurance provider in t...

Fleeceware Apps Bank $400M in Revenue

About 204 different “fleeceware” applications with a combined billion+ downloads have raked in more than $400 million in revenue so far, via the Apple App Store and Google Play, analysis has revealed. Fleeceware apps generally offer users a free trial to “test” the app, before commencing automati...

Microsoft Offers Up To $30K For Teams Bugs

Microsoft wants to send the message the company is serious about the security of its popular Teams desktop application and it’s willing to put some cash behind the talk. A new bug-bounty program offers up to $30,000 for security vulnerabilities, with top payouts going to those with the most...

Facebook Disrupts Spy Effort Aimed at Uyghurs

Facebook has taken on a group of hackers in China that target the Uyghur ethnic group with cyberespionage activity. The hacking group, known as Earth Empusa or Evil Eye, was targeting activists, dissidents and journalists involved in the Uyghur community, primarily those living abroad in Australi...

Manufacturing's Cloud Migration Opens Door to Major Cyber-Risk

Web-facing applications continue to be one of the highest security risks present for organizations, with more than 40 percent of them actively leaking data in a way that can have a ripple affect across businesses and their partners, research has found. Moreover, manufacturing is particularly...

ProtonVPN CEO Blasts Apple for 'Aiding Tyrants’ in Myanmar

In a blog post filled with a passionate defense of human rights and internet privacy, Andy Yen, the CEO of secure internet provider ProtonVPN, blasted Apple for blocking its latest update and accused the tech juggernaut of helping the global spread of authoritarianism by “giving in to tyrants.” Y...

Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws

Attackers are actively exploiting two recently-patched vulnerabilities in a popular suite of tools for WordPress websites from marketing platform Thrive Themes. Thrive Themes offers various products to help WordPress websites “convert visitors into leads and customers.” Its suite of products,...

Ransomware Attack Foils IoT Giant Sierra Wireless

A ransomware attack on leading internet-of-things IoT manufacturer Sierra Wireless this week ground its production activity to a halt and froze various other internal operations. The Canadian multinational manufacturer creates a broad array of communications equipment – from gateways to routers,...

Microsoft Exchange Servers See ProxyLogon Patching Frenzy

The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security bugs has reached 92 percent, according to Microsoft. The computing giant tweeted out the stat earlier this week – though of course patching won’t fix already-compromised machines. Still, that...

Purple Fox Malware Targets Windows Machines With New Worm Capabilities

A malware that has historically targeted exposed Windows machines through phishing and exploit kits has been retooled to add new “worm” capabilities. Purple Fox, which first appeared in 2018, is an active malware campaign that until recently required user interaction or some kind of third-party...

Security Analysis Clears TikTok of Censorship, Privacy Accusations

Nebulous privacy and censorship criticisms about video social-media app TikTok have been swirling for months. Security analysts from CitizenLab are the first to collect real data on the platform’s source code, and reported that TikTok meets reasonable standards of security and privacy. The...

Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail

A former IT contractor has been sentenced to two years in prison after hacking into a company’s server and deleting the majority of its employees’ Microsoft Office 365 O365 accounts. The incident resulted in the company completely shutting down for two days. The 32-year-old contractor, Deepanshu...

MangaDex Site Offline Following Hacking Incident

MangaDex, the online repository of manga animation comics, will be closed until further notice following a hacking incident. Last week, the site reported that a cyberattacker had gained access to an administrative account, “through the reuse of a session token found in an old database leak throug...

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Arts-and-crafts retailer Hobby Lobby has suffered a cloud-bucket misconfiguration, exposing a raft of customer information, according to a report. An independent security researcher who goes by the handle “Boogeyman” uncovered the issue and reported it to Motherboard in an online chat, according ...

Podcast: Microsoft Exchange Server Attack Onslaught Continues

Weeks after the disclosure around the ProxyLogon group of security bugs, exploitation attempts against unpatched Microsoft Exchange servers have skyrocketed. Derek Manky Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, said that last week researcher...

Energy Giant Shell Is Latest Victim of Accellion Attacks

Energy giant Royal Dutch Shell is the latest victim of a series of attacks on users of the Accellion legacy File Transfer Appliance FTA product, which already has affected numerous companies and been attributed to the FIN11 and the Clop ransomware gang. “Shell has been impacted by a data-security...

CISA Warns of Security Flaws in GE Power Management Devices

The U.S. Cybersecurity & Infrastructure Security Agency CISA is warning of critical-severity security flaws in GE’s Universal Relay UR family of power management devices. GE’s UR devices are the “basis of simplified power management for the protection of critical assets,” according to the company...

Critical Security Bugs Fixed in Virtual Learning Software

Netop, the company behind a popular software tool designed to let teachers remotely access student computers, has fixed four security bugs in its platform. Researchers said that the critical vulnerabilities in the company’s Netop Vision Pro system could allow attackers to hijack school networks,...

Adobe Fixes Critical ColdFusion Flaw in Emergency Update

In an unscheduled security update, Adobe is warning of a critical security flaw in its ColdFusion platform, used for building web applications. The security alert comes two weeks after Adobe’s regularly-scheduled updates. During these updates, the tech company issued patches for a slew of critica...

Critical F5 BIG-IP Flaw Now Under Active Attack

Attackers are exploiting a recently-patched, critical vulnerability in F5 devices that have not yet been updated. The unauthenticated remote command execution flaw CVE-2021-22986 exists in the F5 BIG-IP and BIG-IQ enterprise networking infrastructure, and could allow attackers to take full contro...

Office 365 Phishing Attack Targets Financial Execs

A new phishing scam is on the rise, targeting executives in the insurance and financial services industries to harvest their Microsoft 365 credentials and launch business email compromise BEC attacks, according to a new report from Area 1 Security. These new, sophisticated attacks are aimed at...

Bogus Android Clubhouse App Drops Credential-Swiping Malware

Researchers are warning of a fake version of the popular audio chat app Clubhouse, which delivers malware that steals login credentials for more than 450 apps. Clubhouse has burst on the social media scene over the past few months, gaining hype through its audio-chat rooms where participants can...

CopperStealer Malware Targets Facebook and Instagram Business Accounts

A malware that until now has gone undocumented has been quietly hijacking online accounts of advertisers and users of Facebook, Apple, Amazon, Google and other web giants since July 2019 and then using them for nefarious activity, researchers have found. Dubbed CopperStealer, the malware acts...

Fiserv Forgets to Buy Domain It Used as System Default

Fiserv, a multi-billion-dollar cybersecurity tech provider for financial institutions, forgot to buy the domain used as a default in their systems’ email communications, according to a report. The blunder could have exposed its clients’ user information to anyone with a few bucks to buy the domai...

Trojanized Xcode Project Slips MacOS Malware to Apple Developers

Cybercriminals are targeting Apple developers with a trojanized Xcode project, which once launched installs a backdoor that has spying and data exfiltration capabilities. Xcode is comprised of a suite of free, open software development tools developed by Apple for creating software for macOS, iOS...

Zoom Screen-Sharing Glitch ‘Briefly’ Leaks Sensitive Data

A security blip in the current version of Zoom could inadvertently leak users’ data to other meeting participants on a call. However, the data is only leaked briefly, making a potential attack difficult to carry out. The flaw CVE-2021-28133 stems from a glitch in the screen sharing function of...

Security Researcher Hides ZIP, MP3 Files Inside PNG Files on Twitter

A security researcher has discovered a novel steganography technique for hiding data inside a Portable Network Graphics .PNG image file posted on Twitter, a tactic that could be exploited by threat actors to hide malicious activity. Researcher David Buchanan heralded his discovery on Twitter...

Tutor LMS for WordPress Open to Info-Stealing

Security vulnerabilities in Tutor LMS, a WordPress plugin installed on more than 20,000 sites, open the door to information theft and privilege escalation, according to researchers. Tutor LMS is a learning-management system for educators that allows them to digitally reach their students. It...

Cisco Plugs Security Hole in Small Business Routers

A popular line of small business routers made by Cisco Systems are vulnerable to a high-severity vulnerability. If exploited, the flaw could allow a remote – albeit authenticated – attacker to execute code or restart affected devices unexpectedly. Cisco issued fixes on Wednesday for the flaw in i...

Teen Behind Twitter Bit-Con Breach Cuts Plea Deal

Thanks to a new plea deal with the Florida State Attorney’s Office, the 18-year-old behind last summer’s breach of Twitter’s high-profile accounts will not be charged as an adult, and instead will serve his sentence in juvenile detention. Graham Ivan Clark was arrested seven months ago, and has...

$4,000 COVID-19 'Relief Checks' Cloak Dridex Malware

Cybercriminals have wasted no time in hopping on the American Rescue Plan – the COVID-19 relief legislation just signed into law – as a lure for email-based scams. According to researchers at Cofense, a campaign began circulating in March that capitalized on Americans’ interest in the forthcoming...

Mimecast: SolarWinds Attackers Stole Source Code

Hackers who compromised Mimecast networks as part of the SolarWinds espionage campaign have swiped some of the security firm’s source code repositories, according to an update by the company. The email security firm initially reported that a certificate compromise in January was part of the...

State-sponsored Threat Groups Target Telcos, Steal 5G Secrets

Chinese-language APTs are targeting telecom companies in cyberespionage campaigns aimed at stealing sensitive data and trade secrets tied to 5G technology, according to researchers. The campaigns, dubbed “Operation Diànxùn”, target and lure victims working in the telecom industry. A typical ploy...

A New Paradigm in Data Security: Insider Risk Management

The pandemic was a force accelerator for digital transformation in the enterprise. It’s not just the dramatic remote work shift — it’s a profound shift toward prioritizing speed and flexibility as the drivers of a company’s competitive advantage. But as faster, more agile ways of working...

PYSA Ransomware Pillages Education Sector, Feds Warn

The FBI has issued a warning about an uptick in cyberattacks on the education sector that are delivering the PYSA ransomware. In a “Flash” alert to the cybersecurity community issued on Tuesday, the Feds said that PYSA has been seen in attacks on schools in 12 U.S. states and in the United Kingdo...

Mom & Daughter Duo Hack Homecoming Crown

A 17-year-old high school senior along with her mother, Laura Rose Carroll, were arrested this week, charged with accessing student records in a fraudulent attempt to rig her school’s Homecoming Queen election. Carroll worked as an assistant principal at Bellview Elementary School in the Escambia...

Latest Mirai Variant Targets SonicWall, D-Link and IoT Devices

A new variant of the Mirai botnet has been discovered targeting a slew of vulnerabilities in unpatched D-Link, Netgear and SonicWall devices — as well as never-before-seen flaws in unknown internet-of-things IoT gadgets. Since Feb. 16, the new variant has been targeting six known vulnerabilities ...

Exchange Cyberattacks Escalate as Microsoft Rolls One-Click Fix

As dangerous attacks accelerate against Microsoft Exchange Servers in the wake of the disclosure around the ProxyLogon group of security bugs, a public proof-of-concept PoC whirlwind has started up. It’s all leading to a feeding frenzy of cyber-activity. The good news, however, is that Microsoft...

Magecart Attackers Save Stolen Credit-Card Data in .JPG File

Magecart attackers have found a new way to hide their nefarious online activity by saving data they’ve skimmed from credit cards online in a .JPG file on a website they’ve injected with malicious code. Researchers at website security firm Sucuri discovered the elusive tactic recently during an...

Google Releases Spectre PoC Exploit For Chrome

Google has released proof-of-concept PoC exploit code, which leverages the Spectre attack against the Chrome browser to leak data from websites. Three years after the Spectre attack was first disclosed, researchers with Google have now released a demonstration website that leverages the attack,...