Top MSPs challenges in 2021

If one searches for ‘the top MSP challenges’ between 2017 and 2020, there are mainly five things that are more likely to emerge from the search results: adopting cloud-based solutions, sales margins, satisfying complex client’s needs, employee turnover, and the scalability of the IT security...

Cybersecurity Bug-Hunting Sparks Enterprise Confidence

Nearly three-quarters of IT security professionals 73 percent surveyed say they prefer to buy technology and services from vendors who are proactive about security, including leveraging ethical hacking and having transparent communications about vulnerabilities. But less than half of vendors...

Cyberattacks See Fundamental Changes, A Year into COVID-19

COVID-19-related phishing emails, brute-force attacks on remote workers, and a focus on exploiting or abusing collaboration platforms are the hallmarks of cybercriminal enterprise as the coronavirus marks its first anniversary of going global. A year after the COVID-19 crisis was officially...

Google Warns Mac, Windows Users of Chrome Zero-Day Flaw

Google is hurrying out a fix for a vulnerability in its Chrome browser that’s under active attack – its third zero-day flaw so far this year. If exploited, the flaw could allow remote code-execution and denial-of-service attacks on affected systems. The vulnerability exists in Blink, the browser...

Critical Security Bug Can Knock Smart Meters Offline

Critical security vulnerabilities in Schneider Electric smart meters could allow an attacker a path to remote code execution RCE, or to reboot the meter causing a denial-of-service DoS condition on the device. Schneider Electric’s PowerLogic ION/PM smart meter product line, like other smart meter...

REvil Group Claims Slew of Ransomware Attacks

The REvil ransomware threat group is on a cyberattack tear, claiming over the past two weeks to have infected nine organizations across Africa, Europe, Mexico and the U.S. The organizations include two law firms, an insurance company, an architectural firm, a construction company and an...

Europol Credits Sweeping Arrests to Cracked Sky ECC Comms

Europol launched “major interventions” against organized crime on March 9, which it said were made possible by monitoring the encrypted messages of around 70,000 users of the Sky ECC service since mid-February. Sky ECC, which focuses on selling mobile phones with specialized, private...

Metamorfo Banking Trojan Abuses AutoHotKey

The Metamorfo banking trojan is abusing AutoHotKey AHK and the AHK compiler to evade detection and steal users’ information, researchers have warned. AHK is a scripting language for Windows originally developed to create keyboard shortcuts i.e., hot keys. According to the Cofense Phishing Defense...

Microsoft Exchange Exploits Pave a Ransomware Path

Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned. The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in earl...

Molson Coors Cracks Open a Cyberattack Investigation

Another high-profile company has been hit with a cyber attack that’s causing a major disruption to its business. Brewing company Molson Coors acknowledged on Thursday that it has “experienced a systems outage that was caused by a cybersecurity incident,” according to a Form 8-K filed with the SEC...

Ransomware Attack Strikes Spain’s Employment Agency

The Spanish State Employment Service SEPE in Spain has been hit by a cyberattack, suspending its communications systems across hundreds of offices and delaying thousands of appointments. SEPE is an “autonomous body” in Spain that manages and controls unemployment benefits. The cyberattack hit...

TrickBot Takes Over, After Cops Kneecap Emotet

A massive malicious spam campaign, along with the global takedown of Emotet, has vaulted the TrickBot trojan to the top of the Check Point’s list of the most popular malware among cybercriminals for February. In January, TrickBot was ranked third on Check Point’s list, and it was fourth overall f...

NanoCore RAT Scurries Past Email Defenses with .ZIPX Tactic

A spate of malicious emails with attachments delivering the NanoCore remote access trojan RAT is evading anti-malware and email scanners by abusing the .ZIPX file format. That’s according to researchers at Trustwave, who found that the campaign is effectively hiding a malicious executable by givi...

Microsoft Exchange Servers Face APT Attack Tsunami

Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat APT groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers. Microsoft said in early March that ...

Linux Systems Under Attack By New RedXOR Malware

Researchers have discovered a new backdoor targeting Linux systems, which they link back to the Winnti threat group. The backdoor is called RedXOR – in part because its network data-encoding scheme is based on the XOR encryption algorithm, and in part because its samples were found on an old...

FIN8 Resurfaces with Revamped Backdoor Malware

The FIN8 cyberattack group has resurfaced after a period of relative quiet, researchers have found. The gang is using new versions of the BadHatch backdoor to compromise companies in the chemical insurance, retail and technology industries. The attacks have been seen hitting organizations around...

F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs

F5 Networks is warning users to patch four critical remote command execution RCE flaws in its BIG-IP and BIG-IQ enterprise networking infrastructure. If exploited, the flaws could allow attackers to take full control over a vulnerable system. The company released an advisory, Wednesday, on seven...

SAP Stomps Out Critical RCE Flaw in Manufacturing Software

Enterprise software giant SAP pushed out fixes for a critical-severity vulnerability in its real-time data monitoring software for manufacturing operations. If exploited, the flaw could allow an attacker to access SAP databases, infect end users with malware and modify network configurations. The...

Fake Ad Blocker Delivers Hybrid Cryptominer/Ransomware Infection

At its previous peak in February, the Monero Miner cryptocurrency ransominer was targeting more than 2,500 users a day, disguised as an antivirus installer. Now, the tricky hybrid malware is on the rise again, this time impersonating an ad blocker and OpenDNS service. In total, it has infected mo...

Cyberattackers Exploiting Critical WordPress Plugin Bug

The Plus Addons for Elementor plugin for WordPress has a critical security vulnerability that attackers can exploit to quickly, easily and remotely take over a website. First reported as a zero-day bug, researchers said it’s being actively attacked in the wild. The plugin, which has more than...

Nim-Based Malware Loader Spreads Via Spear-Phishing Emails

The TA800 threat group is distributing a malware loader, which researchers call NimzaLoader, via ongoing, highly-targeted spear-phishing emails. While previous Twitter analysis identified this loader as a mere variant of TA800’s existing BazaLoader malware, new research cites evidence that...

Breach Exposes Verkada Security Camera Footage at Tesla, Cloudflare

Hackers claim to have breached Silicon Valley startup Verkada to gain unauthorized access to live feeds of 150,000 security cameras. They claim, the hack gave them widespread access to surveillance footage within companies such as Tesla and Cloudflare, as well as hospitals, companies,...

Apple’s Device Location-Tracking System Could Expose User Identities

Two vulnerabilities in a crowdsourced location-tracking system that helps users find Apple devices even when they’re offline could expose the identity of users, research claim. Offline Finding, a proprietary app introduced by Apple in 2019 for its iOS, macOS and watchOS platforms, enables the...

Microsoft Patch Tuesday Updates Fix 14 Critical Bugs

Microsoft has released its regularly scheduled March Patch Tuesday updates, which address 89 security vulnerabilities overall. Included in the slew are 14 critical flaws and 75 important-severity flaws. Microsoft also included five previously disclosed vulnerabilities, which are being actively...

Dark Web Markets for Stolen Data See Banner Sales

Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs. That leaves these thriving dirty data dealers in a familiar predicament — they need to lock down...

Adobe Critical Code-Execution Flaws Plague Windows Users

Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems. Affected products include Adobe’s Framemaker document processor, designed for writing and editing large or complex documents;...

Google Play Harbors Malware-Laced Apps Bent on Spying

A malware dropper that paves the way for attackers to remotely steal data from Android phones has been spreading via nine malicious apps on the official Google Play store, according to researchers. The malware is part of a campaign aimed at lifting victims’ financial information, but which also...

Apple Plugs Severe WebKit Remote Code-Execution Hole

Apple is rolling out fixes for a high-severity vulnerability in its WebKit browser engine that, if exploited, could allow remote attackers to completely compromise affected systems. The mobile giant released security updates on Monday for the flaw, for its Safari browser, as well as devices runni...

Newest Intel Side-Channel Attack Sniffs Out Sensitive Data

Intel processors are vulnerable to a new side-channel attack, which researchers said can allow attackers to steal sensitive information such as encryption keys or passwords. Unlike previous side-channel attacks, this attack does not rely on sharing memory, cache sets and other former tactics...

Crypto-Miner Campaign Targets Unpatched QNAP NAS Devices

Owners of popular QNAP Systems network attached storage NAS devices are being warned that a malicious cryptocurrency campaign is actively exploiting two critical firmware bugs in systems that have not yet been patched. QNAP fixed the flaws in October 2020; however, researchers at Qihoo 360’s...

Fake Google reCAPTCHA Phishing Attack Swipes Office 365 Passwords

Microsoft users are being targeted with thousands of phishing emails, in an ongoing attack aiming to steal their Office 365 credentials. The attackers add an air of legitimacy to the campaign by leveraging a fake Google reCAPTCHA system and top-level domain landing pages that include the logos of...

U.S. Weapons Programs Lack 'Key' Cybersecurity Measures

Weapons programs from the U.S. Department of Defense DoD are falling short when it comes to incorporating cybersecurity requirements, according to a new watchdog report. While the DoD has developed a range of policies aimed at hardening the security for its weapon systems, the guidance leaves out...

WordPress Injection Anchors Widespread Malware Campaign

The downloader malware known as Gootloader is poisoning websites globally as part of an extensive drive-by and watering-hole cybercampaign that abuses WordPress sites by injecting them with hundreds of pages of fake content. The adversaries have so far delivered the Cobalt Strike intrusion tool,...

Sprawling Cyberattack Breaches Several Airlines

A communications and IT vendor for 90 percent of the world’s airlines, SITA, has been breached, compromising passenger data stored on the company’s U.S. servers in what the company is calling a “highly sophisticated attack.” The affected servers are in Atlanta, and belong to the SITA Passenger...

Critics Blast Google’s Aim to Replace Browser Cookie with ‘FLoC’

This month Google begins a public test of a technology it says will eventually replace browser cookies in an effort to boost Chrome browser user privacy. However, critics say the switch is a half-measure and does not protect the web movements of Chrome users adequately. The Google solution–called...

D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant

Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network. Gafgyt, a botnet that was uncovered in 2014, has become infamous for launching large-scale distributed denial-of-service DDoS attacks. Researchers first discover...

Microsoft, FireEye Unmask More Malware Linked to SolarWinds Attackers

Researchers have uncovered more custom malware that is being used by the threat group behind the SolarWinds attack. Researchers with Microsoft and FireEye identified three new pieces of malware that the companies said are being used in late-stage activity by the threat actor previously called...

Cyberattackers Target Top Russian Cybercrime Forums

Maza, a place online for fraudsters and extorters to connect to pull off their operations, has been breached by an unknown attacker, in just the latest in a series of attacks targeting elite Russian-language cybercrime forums. Members are worried that their data is being used by researchers and l...

National Surveillance Camera Rollout Roils Privacy Activists

While controversy over the potential overreach of neighborhood and law-enforcement video surveillance has focused mainly on Ring, an Atlanta-based startup has quietly rolled out its own network of smart surveillance cameras across the country that is again raising questions of privacy and the ire...

CISA Orders Fed Agencies to Patch Exchange Servers

Hot on the heels of Microsoft’s announcement about active cyber-espionage campaigns that are exploiting four serious security vulnerabilities in Microsoft Exchange Server, the U.S. government is mandating patching for the issues. The news comes as security firms report escalating numbers of relat...

COVID-19 Vaccine Spear-Phishing Attacks Jump 26 Percent

As Moderna, Pfizer and Johnson & Johnson roll out COVID-19 vaccines cybercriminals are preying on the those hungry to get in line for immunization. Between October and January the average number of COVID-19 vaccine-related spear-phishing attacks grew 26 percent, said Barracuda Networks researcher...

Unpatched Bug in WiFi Mouse App Opens PCs to Attack

The mobile application called WiFi Mouse, which allows users to control mouse movements on a PC or Mac with a smartphone or tablet, has an unpatched bug allowing adversaries to hijack desktop computers, according to researcher Christopher Le Roux who found the flaw. Impacted is the Android app’s...

Google Patches Actively Exploited Flaw in Chrome Browser

Google has fixed a high-severity vulnerability in its Chrome browser and is warning Chrome users that an exploit exists in the wild for the flaw. The vulnerability is one of 47 security fixes that the tech giant rolled out on Tuesday in Chrome 89.0.4389.72, including patches for eight high-severi...

Malaysia Air Downplays Frequent-Flyer Data Breach

Malaysia Airlines sent out an email to frequent flyer program members assuring them that there’s “no evidence” their personal data has been misused in the wake of a supply-chain attack via a third-party vendor. However, experts think that’s unlikely. And, they say the repercussions could be...

Home-Office Photos: A Ripe Cyberattack Vector

That photo that appears when someone disables his or her Zoom video, or those photos of a remote worker’s home office shared on Instagram may seem innocuous and playful. However, they could become ammunition for threat actors to launch targeted scams and put personal and critical data at risk, a...

RTM Cybergang Adds New Quoter Ransomware to Crime Spree

The Russian-speaking group behind the infamous RTM banking trojan is now packing a trifecta of threats as it turns up the heat – part of a massive new money-grab campaign. Beyond the banking malware it is known for, attackers have enlisted a recently-discovered ransomware family called Quoter as...

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow among others inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept PoC code dependency-confusion exploit that w...

Microsoft Exchange 0-Day Attackers Spy on U.S. Targets

Microsoft has spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server. Adversaries have been able to access email accounts, steal a raft of data and drop malware on target machines for long-term remote access, according to the computin...

Post-Cyberattack, Universal Health Services Faces $67M in Losses

The cyberattack that hit Universal Health Services UHS in September has cost the healthcare service provider a whopping $67 million in damages, according to financial statements. A fourth-quarter earnings report last week from UHS highlighted the “significant incremental labor expense” needed to...

Jailbreak Tool Works on iPhones Up to iOS 14.3

Hackers behind previous iPhone jailbreak tools have released a jailbreak update based on a recently discovered and patched iPhone vulnerability. According to iPhone jailbreakers at UnC0ver, the tool allows users to take full control over unpatched iPhones. The jailbreak—which UnC0ver said works o...