Compromised Website Images Camouflage ObliqueRAT Malware

The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites. The remote access trojan RAT, which has been operating since 2019, spreads via emails, which have malicious Microsoft Office documents attached. Previously, payloads were...

Ryuk Ransomware: Now with Worming Self-Propagation

A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have found. The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems ANSSI. The agency...

Mobile Adware Booms, Online Banks Become Prime Target for Attacks

Hackers painted a bullseye on the backs of online financial institutions in 2020 as the pandemic shuttered local branch offices and forced customers online. Over the past 12 months, incidents of adware nearly tripled. And, overall in 2020 researchers saw a slight drop in the number of mobile...

Malware Loader Abuses Google SEO to Expand Payload Delivery

The Gootloader malware loader, previously used for distributing the Gootkit malware family, has undergone what researchers call a “renaissance” when it comes to payload delivery. New research released this week paints Gootloader as an increasingly sophisticated loader framework, which has now...

Passwords, Private Posts Exposed in Hack of Gab Social Network

Distributed Denial of Secrets DDoSecrets, a self-proclaimed “transparency collective,” claim they have received more than 70 gigabytes of data exfiltrated from social media network Gab. Gab, which touts itself as “a social network that champions free speech, individual liberty and the free flow o...

Firewall Vendor Patches Critical Auth Bypass Flaw

Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. If exploited, the vulnerability could allow local attackers to bypass authentication measures and log in to internal company networks with the highest level of privileges. Genua...

Amazon Dismisses Claims Alexa 'Skills' Can Bypass Security Vetting Process

Researchers warn Amazon’s voice assistant Alexa is vulnerable to malicious third-party “skills” – voice assistant capabilities developed by third parties – that could leave smart-speaker owners vulnerable to a wide range of cyberattacks. The security-threat claim is roundly dismissed by Amazon...

Stalkerware Volumes Remain Concerningly High, Despite Bans

Tens of thousands of mobile users were infected by the class of software known generically as stalkerware last year. According to just-published research by Kaspersky, 2020 lockdowns related to the global COVID-19 pandemic put a damper on installations, but the scourge of privacy-busting software...

Lazarus Targets Defense Companies with ThreatNeedle Malware

The prolific North Korean APT known as Lazarus is behind a spear-phishing campaign aimed at stealing critical data from defense companies by leveraging an advanced malware called ThreatNeedle, new research has revealed. The elaborate and ongoing cyberespionage campaign used emails with COVID-19...

Yeezy Fans Face Sneaker-Bot Armies for Hot Kicks Releases

Shopping bots are likely to make it tough for everyday sneakerheads to get their hands on a pair of new Adidas Yeezy shoes from Kanye West as more styles become available through retailers in the next few months. Researchers at Cequence Security track bots across the internet, and the company’s...

Malware Gangs Partner Up in Double-Punch Security Threat

Cybergangs are joining forces under the guise of affiliate groups and “as-a-service” models, warns Maya Horowitz, the director of threat intelligence research with Check Point Research. She said the trend is driving a new and thriving cybercriminal underground economy. Several malware gangs have...

Podcast: Ransomware Attacks Exploded in Q4 2020

Ransomware attacks continue to plague companies, with researchers from Fortinet’s Fortiguard Labs saying they saw an explosion in ransomware activity towards the end of the fourth quarter of 2020. Derek Manky According to Fortinet’s new “FortiGuard Labs Threat Report: Disruption Key Threat Trend ...

Protecting Sensitive Cardholder Data in Today’s Hyper-Connected World

The payment processing system has steadily evolved over time. Greatly amplified by the COVID-19 pandemic, the use of electronic payment systems in this economy has soared nearly overnight. With online shopping at an all-time high as consumer behaviors shift toward more convenience and flexibility...

Cyberattacks Launch Against Vietnamese Human-Rights Activists

Human-rights activists are being targeted by cyberattacks as part of a wider effort by the Vietnamese state to censor anyone speaking out against the government, Amnesty International’s Security Lab alleges. Ocean Lotus, a well-known threat actor dating back to 2013, is behind the spyware campaig...

Health Website Leaks 8 Million COVID-19 Test Results

Yet another human-related error — this time a flaw in a health department website in the state of Bengal, India — has exposed the confidential results of COVID-19 tests as well as personally identifying information PII for an entire geographic region’s population. Test results related to more tha...

Malicious Mozilla Firefox Extension Allows Gmail Takeover

A newly uncovered cyberattack is taking control of victims’ Gmail accounts, by using a customized, malicious Mozilla Firefox browser extension called FriarFox. Researchers say the threat campaign, observed in January and February, targeted Tibetan organizations and was tied to TA413, a known...

Cisco Warns of Critical Auth-Bypass Security Flaw

A critical vulnerability in Cisco Systems’ intersite policy manager software could allow a remote attacker to bypass authentication. The vulnerability is one of three critical flaws fixed by Cisco on this week. It exists in Cisco’s ACI Multi-Site Orchestrator ACI MSO — this is Cisco’s management...

Tax Season Ushers in Quickbooks Data-Theft Spike

Cybercriminals are ready for tax season with new malware designed to exfiltrate Quickbooks data and post it on the internet, according to a new report from ThreatLocker. Attackers use email to deliver the malware, which the ThreatLocker’s CEO Danny Jenkins told Threatpost is a simple, 15-line pie...

Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking

The Mozilla Foundation has released its latest version of the Firefox browser, which comes with new privacy protections to squash cross-site cookie tracking, as well as a slew of security vulnerability fixes. Firefox 86, released on Tuesday, includes what it touts as a privacy-bolstering feature...

VMWare Patches Critical RCE Flaw in vCenter Server

Click to Register VMware has patched three vulnerabilities in its virtual-machine infrastructure for data centers, the most serious of which is a remote code execution RCE flaw in its vCenter Server management platform. The vulnerability could allow attackers to breach the external perimeter of a...

Nvidia's Anti-Cryptomining GPU Chip May Not Discourage Attacks

Nvidia, the chip company known for its gaming-friendly graphical processing units GPUs, said that its hotly anticipated GeForce RTX 3060 chipset, launching Thursday, has an added bonus of thwarting crypto-mining. Experts applaud the effort, but are skeptical the move will take the bullseye off th...

Microsoft Lures Populate Half of Credential-Swiping Phishing Emails

Almost half of phishing attacks in 2020 aimed to swipe credentials using Microsoft-related lures – from the Office 365 enterprise service lineup to its Teams collaboration platform. According to a Tuesday report by Cofense, which analyzed millions of emails related to various attacks, 57 percent...

Daycare Webcam Service Exposes 12,000 User Accounts

NurseryCam, a webcam service used across 40 daycare centers in the U.K. by parents who want to keep a watchful eye on their babies, has shut down following a data breach. The breach exposed the personal data of about 12,000 users to an attacker who said he or she was trying to improve the service...

IBM Squashes Critical Remote Code-Execution Flaw

IBM has patched a critical buffer-overflow error that affects Big Blue’s Integration Designer toolset, which helps enterprises create business processes that integrate applications and data. If exploited, the flaw could enable remote code execution. Click to Register The flaw CVE-2020-27221 has a...

Finnish IT Giant Hit with Ransomware Cyberattack

A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesda...

10K Microsoft Email Users Hit in FedEx Phishing Attack

Researchers are warning of recent phishing attacks targeting at least 10,000 Microsoft email users, pretending to be from popular mail couriers – including FedEx and DHL Express. Click to Register Both scams have targeted Microsoft email users and aim to swipe their work email account credentials...

TDoS Attacks Take Aim at Emergency Services

Telephony denial-of-service TDoS attacks, which affect the availability and readiness of call centers, are hitting critical first-responder facilities, according to the Federal Bureau of Investigation FBI. A TDoS attack is designed to prevent incoming and outgoing calls, by flooding a target with...

Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report

New research has found evidence that a Chinese-affiliated threat group APT31 has hijacked a hacking tool previously used by the Equation Group which has been tied to the U.S. National Security Agency, or NSA. The tool in question, dubbed “Jian,” is used to exploit a local privilege-escalation LPE...

Clubhouse Conversations Recorded, Researchers Warn

At nearly a year old, the invitation-only, audio-based social-media platform ClubHouse is grappling with security issues on multiple fronts, but the consensus among researchers is coming into focus: Assume your ClubHouse conversations are being recorded. The company confirmed to Bloomberg that ov...

Accellion FTA Zero-Day Attacks Tied to Clop, FIN11

Researchers have identified a set of threat actors dubbed UNC2546 and UNC2582 with connections to the FIN11 and the Clop ransomware gang as the cybercriminal group behind the global zero-day attacks on users of the Accellion legacy File Transfer Appliance product. Click to Register Multiple...

Malformed URL Prefix Phishing Attacks Spike 6,000%

Researchers from GreatHorn report they have observed a nearly 6,000-percent jump in attacks using “malformed URL prefixes” to evade protections and deliver phishing emails that look legit. They look legit, that is, unless you look closely at the symbols used in the prefix before the URL. “The URL...

Mysterious Silver Sparrow Malware Found Nesting on 30K Macs

Hard on the heels of a macOS adware being recompiled to target Apple’s new in-house processor, researchers have discovered a brand-new family of malware targeting the platform. Curiously, in the samples seen so far by analysts at Red Canary, the malware dubbed Silver Sparrow has been executing on...

Credential-Stuffing Attack Targets Regional Internet Registry

Regional internet registry RIPE NCC is warning of a credential-stuffing attack against its single sign-on service, RIPE NCC Access, and is encouraging users to implement two-factor authentication 2FA. Click to Register Located in Amsterdam, the Réseaux IP Européens Network Coordination Centre RIP...

Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code

Threat actors downloaded some Microsoft Exchange and Azure code repositories during the sprawling SolarWinds supply-chain attack but did not use the company’s internal systems or products to attack other victims. That’s the final verdict this week by the tech giant now that it’s completed a...

Cybercriminal Enterprise 'Ringleaders' Stole $55M Via COVID-19 Fraud, Romance Scams

Click to Register U.S. law enforcement arrested six “ringleaders” of a Ghana-based cybercriminal enterprise, who had allegedly launched a slew of money-stealing scams dating back to 2013 that included romance scams, business email compromise attacks and fraud. Seized in the arrests were a slew of...

Apple Outlines 2021 Security, Privacy Roadmap

Click to Register Apple released its 2021 Platform Security guide, Thursday, outlining its current and year-ahead agenda for its device hardware, software and silicon security. This year’s 192-page report is beefed-up, compared to past reports, with a wealth of new insights into how Apple is...

Kia Motors Hit With $20M Ransomware Attack – Report

So far, Kia Motors America has publicly acknowledged an “extended system outage,” but ransomware gang DoppelPaymer claimed it has locked down the company’s files in a cyberattack that includes a $20 million ransom demand. That $20 million will gain Kia a decryptor and a guarantee to not to publis...

Exploit Details Emerge for Unpatched Microsoft Bug

New details have emerged about an unpatched security vulnerability in Microsoft’s Internet Explorer that was recently used in a complex campaign against security researchers. A fresh analysis from 0patch offers further insight into where the bug exists and how it can be triggered in real-world...

Mac Malware Targets Apple’s New M1 Processor

Three months after Apple launched its new M1 system-on-a-chip SoC, cybercriminals have developed what may be the first malicious macOS application targeting the mobile giant’s first in-house silicon. Click to Register The recently uncovered malicious application, called GoSearch22, natively runs ...

SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps

Click to Register A vulnerability in an SDK that allows users to make video calls in apps like eHarmony, Plenty of Fish, MeetMe and Skout allows threat actors to spy on private calls without the user knowing. Researchers discovered the flaw, CVE-2020-25605, in a video-calling SDK from a Santa...

Stolen Jones Day Law Firm Files Posted on Dark Web

The Clop ransomware group has reportedly started posting data on the Dark Web apparently stolen from law firm Jones Day, which represents many of the globe’s most powerful people, including former president Donald Trump in his efforts to overturn the 2020 election. But the attack had nothing to d...

Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign

Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years – in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. Click to Register The attack is still in operation as of this writing – and due to the...

Ninja Forms WordPress Plugin Opens Websites to Hacks

Click to Register Ninja Forms, a WordPress plugin used by more than 1 million sites, contains four critical security vulnerabilities that together make it possible for a remote attacker to take over a WordPress site and create various kinds of problems. Ninja Forms offers WordPress site designers...

U.S. Accuses DPRK Hackers of Stealing Millions

The U.S. Department of Justice has indicted three North Korean computer programmers for their alleged participation in widespread, destructive cyberattacks as part of the advanced persistent threat APT known as Lazarus Group. The indictment broadens the scope of crimes that the DoJ has linked to...

Masslogger Swipes Outlook, Chrome Credentials

Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and...

Details Tied to Safari Browser-based 'ScamClub' Campaign Revealed

Details of a flaw in Apple’s Safari browser, publicly disclosed Tuesday, outline how the cybergang known as ScamClub reached 50 million users with a three-month-long malicious ad campaign pushing malware to mobile iOS Chrome and macOS desktop browsers. The Safari bug, patched on Dec. 2 by Apple,...

Complaint Blasts TikTok’s 'Misleading' Privacy Policies

An umbrella group comprising 44 consumer-privacy watchdog organizations have filed a complaint against TikTok, saying the wildly-popular video-sharing platform has “misleading” data-collection policies. ByteDance-owned TikTok has skyrocketed in popularity, with more than 2 billion downloads on th...

Let’s Encrypt to Replace 200M Certificates a Day

Let’s Encrypt just announced an infrastructure makeover which means the open certificate authority CA is able to re-issue up to 200 million certificates in a 24-hour period, something the service said could be necessary in “some of the worst scenarios.” The upgrade comes a year after Let’s Encryp...

DDoS Attacks Wane in Q4 Amid Cryptomining Resurgence

Distributed denial-of-service DDoS attacks dropped significantly at the end of 2020, down 31 percent in the fourth quarter, according to researchers. The reason? Cybercriminals have switched their efforts and their botnets to cryptomining. According to an analysis from Kaspersky published Tuesday...

Misconfigured Baby Cams Allow Unauthorized Viewing

A vulnerability affecting multiple baby monitors could allow someone to drop in and view a camera’s video stream, according to researchers. Potentially hundreds of thousands of live devices are impacted, they said. The issue exists in the manufacturers’ implementation of the Real-Time Streaming...