Microsoft Pulls Bad Windows Update After Patch Issue

Microsoft has removed a faulty servicing stack update, which was causing issues for Windows users when they tried to install last week’s Patch Tuesday security updates. Microsoft’s servicing stack update provides fixes for the component that installs Windows updates. This particular defective...

Unpatched Android App with 1B Downloads Allows RCE

An Android app that’s been downloaded more than 1 billion times is riddled with flaws that can let attackers hijack app features or overwrite existing files to execute malicious code, or launch man-in-the-disk MiTD attacks on people’s devices, researchers discovered. The flaws exist in an app...

Cybercrooks Rake in $304M in Romance Scams

Romance scams remain the most successful fraud strategy for cybercrooks, and represents a growing sector, according to the Federal Trade Commission. Last year, romance schemes accounted for a record $304 million raked into illicit coffers, according to new data – up about 50 percent from 2019...

mHealth Apps Expose Millions to Cyberattacks

Some 23 million mobile health mHealth application users are exposed to application programming interface API attacks that could expose sensitive information, according to researchers. Generally speaking, APIs are an intermediary between applications that defines how they can talk to one another a...

Yandex Data Breach Exposes 4K+ Email Accounts

Yandex – one of Europe’s largest internet companies – is warning of a data breach that compromised 4,887 email accounts. The breach stems from an insider threat. Yandex is the most-used search engine in Russia – and the fifth most-popular search engine worldwide. Beyond its search engine, Yandex’...

Annoyingly Believable Tax Refund Scam Targets Mobile

A text message-based tax scam is making the rounds in the U.K., in a probable harbinger of things to come as the U.S. tax season gets underway in earnest. SMS messages are going out to unsuspecting U.K. citizens claiming to be from Her Majesty’s Revenue and Customs HMRC, the country’s...

Singtel Suffers Zero-Day Cyberattack, Damage Unknown

Singtel, Tier 1 telecom carrier throughout Asia and owner of Australian telco Optus, has been impacted by a software security hole in a third-party file transfer appliance targeted by attackers. Singtel is one of multiple organizations affected by the bug, including an Australian medical research...

Florida Water Plant Hack: Leaked Credentials Found in Breach Database

Researchers say they found several stolen and leaked credentials for a Florida water-treatment plant, which was hacked last week. Researchers at CyberNews said they found 11 credential pairs linked to the Oldsmar water plant, in a 2017 compilation of stolen breach credentials. Meanwhile, they als...

Valentine’s Day Malware Attack Mimics Flower Store

With Valentine’s Day approaching this weekend, several people have received “recent order” email confirmations for flowers or lingerie. These emails are actually part of a spear-phishing attack, which ultimately leads recipients to a malicious document that executes the BazaLoader malware. The...

Celeb SIM-Swap Crime Ring Stole $100M from U.S. Victims

A posse of alleged SIM-swapping cybercriminals has been rounded up across Europe by law-enforcement after the crooks finagled more than $100 million from U.S. celebrities and their families. Eight people in the U.K. were arrested in connection with the crime ring, in addition to individuals in...

How Email Attacks are Evolving in 2021

Hundreds of thousands of dollars lost. Financial and emotional ruin. And in some cases, suicide. These are some of the outcomes business email compromise BEC attacks have on victims, said Ronnie Tokazowski, senior threat researcher with Agari. These type of attacks don’t garner the same attention...

Various Malware Lurks in Discord App to Target Gamers

A rise in online gaming, tied to pandemic-mandated social distancing, has led to a spike in criminals targeting the demographic. The latest effort to exploit the trend is malicious files planted inside the Discord platform designed to trick users into downloading malware-laced files. Researchers...

Military, Nuclear Entities Under Target By Novel Android Malware

Researchers have uncovered two novel Android surveillanceware families being used by an advanced persistent threat APT group to target military, nuclear and election entities in Pakistan and Kashmir. The two malware families, which researchers call “Hornbill” and “SunBird,” have sophisticated...

SAP Commerce Critical Security Bug Allows RCE

SAP is warning of a critical vulnerability in its SAP Commerce platform for e-commerce businesses. If exploited, the flaw could allow for remote code execution RCE that ultimately could compromise or disrupt the application. SAP Commerce organizes data – such as product information – to be...

Hacker Sets Alleged Auction for Witcher 3 Source Code

The ransomware gang behind an attack on videogame developer CD Projekt Red may have made good on its promise to auction off the company’s data – including source code for Cyberpunk 2077 and an unreleased version of the Witcher 3. Or it may not have. The Twitter account @vxunderground, which bills...

Hybrid, Older Users Most-Targeted by Gmail Attackers

Users whose personal details have been exposed by a third-party breach, Australians, older folks and those who use both desktops and mobile devices are at the highest risk of becoming the victim of a malicious email attack, according to Google and researchers from Stanford, who teamed up to...

Intel Squashes High-Severity Graphics Driver Flaws

Intel has issued fixes for five high-severity vulnerabilities in its graphics drivers. Attackers can exploit these flaws to launch an array of malicious attacks – such as escalating their privileges, stealing sensitive data or launching denial-of-service attacks. The graphics driver is software...

The time for Insider Risk Management is now: Code42 2021 Data Exposure Report Reveals a Perfect Storm

We all knew the overnight shift to remote work and cloud-based productivity and collaboration would dramatically change the Insider Risk landscape. But now, with nearly a year of data to look at, the Code42 2021 Data Exposure Report DER shows that the impact is pretty staggering: Employees are 85...

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple

An ethical hacker has demonstrated a novel supply-chain attack that breached the systems of more than 35 technology players, including Microsoft, Apple, PayPal, Shopify, Netflix, Tesla and Uber, by exploiting public, open-source developer tools. The attack, devised by security researcher Alex...

Actively Exploited Windows Kernel Bug Allows Takeover

Microsoft has addressed nine critical-severity cybersecurity bugs in February’s Patch Tuesday updates, plus an important-rated vulnerability that is being actively exploited in the wild. Six of the security holes – including one of the critical bugs – were already publicly disclosed. Overall, the...

Google Play Boots Barcode Scanner App After Ad Explosion

A barcode scanner app, with over 10 million downloads, was booted from the Google Play marketplace after users began to complain of mobile-ad overload. The makers of the app, called Barcode Scanner, intentionally altered the code of the app via an update turning it from a benign app to adware,...

Attackers Exploit Critical Adobe Bug, Target Windows

Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows. The vulnerability CVE-2021-21017 has been exploited in “limited attacks,” according to Adobe’s Tuesday advisory, part of its regularly scheduled February updates. The flaw in...

Android Devices Hunted by LodaRAT Windows Malware

A newly discovered variant of the LodaRAT malware, which has historically targeted Windows devices, is being distributed in an ongoing campaign that now also hunts down Android devices and spies on victims. Along with this, an updated version of LodaRAT for Windows has also been identified; both...

Cyberpunk 2077 Publisher Hit with Hack, Ransomware

UPDATE CD Projekt Red, the videogame-development company behind Cyberpunk 2077 and the wildly popular Witcher series, has suffered a ransomware attack that could soon result in troves of company data being dumped online – including game source code. The Warsaw-based company tweeted out a notice o...

Hacker Tries to Poison Water Supply of Florida Town

A threat actor hacked into the computer system of the water treatment facility in Oldsmar, Fla., and tried to poison the town’s water supply by raising the levels of sodium hydroxide, or lye, in the water supply. The attack happened just two days before NFL’s Super Bowl LV was held nearby in Tamp...

Billions of Passwords Offered for $2 on Dark Web

A “compilation of many breaches” – COMB for short – has been leaked on the cyber-underground, according to researchers. The so-called COMB contains a staggering 3.27 billion unique combinations of cleartext email addresses and passwords. The trove is an aggregate database that brings together old...

Critical WordPress Plugin Flaw Allows Site Takeover

Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws. The NextGen Gallery plugin, which is installed on 800,000 WordPress websites, allows sites to upload photos in batch quantities, import metadata and edit...

Ransomware Demands Spike 320%, Payments Rise

When it comes to paying the ransom in a ransomware attack, demands are on the rise. Yet, many companies that paid the ransom failed to receive a decryption key, in a survey issued Monday. In fact, pandemic-themed phishing scams, a sustained onslaught of ransomware attacks and the rise of a remote...

Fake Forcepoint Chrome Extension Hacks Windows Users

Cybercriminals have been using a novel approach to exfiltrate data that involves directly injecting malicious Google Chrome extensions onto victims’ Windows machines via the abuse of Google’s cloud synching function. The goal of the recently-identified campaign is to manipulate data in internal w...

WestRock Ransomware Attack Hinders Packaging Production

WestRock – the second-largest packaging company in the U.S. – continues to restore its systems, two weeks after it discovered it was the victim of a ransomware attack. WestRock, which has more than 320 manufacturing facilities globally, creates packaging supplies for a bevy of high-profile client...

Industrial Networks See Sharp Uptick in Hackable Security Holes

It’s on: Adversaries, CISOs and researchers are all simultaneously involved in a frantic race to find cybersecurity vulnerabilities hiding within industrial networks, according to the latest Biannual ICS Risk and Vulnerability report from Claroty. The report analyzed all publicly disclosed...

Unpatched WordPress Plugin Security Bug Hits 50K

A security bug in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites, could allow for malicious JavaScript injection on a victim website. The latest WordPress plugin security vulnerability is a cross-site request forgery CSRF to stored cross-site scripting XSS problem in...

Google Chrome Zero-Day Afflicts Windows, Mac Users

Google is warning of a zero-day vulnerability in its V8 open-source web engine that’s being actively exploited by attackers. A patch has been issued in version 88 of Google’s Chrome browser — specifically, version 88.0.4324.150 for Windows, Mac and Linux. This update will roll out over the coming...

Ransomware Attacks Hit Major Utilities

Two state-owned utility companies in Brazil suffered separate ransomware attacks in the past week, forcing them to shut down some operations and services temporarily, In one case, sensitive data was stolen and dumped online, including network access logins and engineering plans. Centrais Eletrica...

Android Devices Prone to New Botnet’s DDoS Onslaught

Researchers are warning a new botnet is recycling the Mirai malware framework and is now targeting Android devices in order to launch distributed denial-of-service DDoS attacks. The botnet is dubbed Matryosh after a Matryoshka Russian nesting doll due to many of its functions being “nested” in...

Spotify Suffers Second Credential-Stuffing Cyberattack

Spotify streaming music aficionados are in the crosshairs of yet another credential-stuffing cyberattack, just three months after the last one. The service has forced password resets for impacted users. Cybercriminals carrying out credential-stuffing take advantage of people who reuse the same...

Nespresso Smart Cards Brewed with Weak Security

Researchers have demonstrated how to outsmart Nespresso Pro machines that use certain smart cards, hacking them to dispense coffee on-demand. Nespresso produces a range of coffees and machines for personal and professional use. Some of the commercial machines accept Mifare Classic stored-value...

Critical Cisco Flaws Open VPN Routers Up to RCE Attacks

Cisco is rolling out fixes for critical holes in its lineup of small-business VPN routers. The flaws could be exploited by unauthenticated, remote attackers to view or tamper with data, and perform other unauthorized actions on the routers. The flaws exist in the web-based management interface of...

Microsoft Office 365 Attacks Sparked from Google Firebase

A phishing campaign bent on stealing Microsoft login credentials is using Google Firebase to bypass email security measures in Microsoft Office 365, researchers said. Researchers at Armorblox uncovered invoice-themed emails sent to at least 20,000 mailboxes that purport to share information about...

Clearview Facial-Recognition Technology Ruled Illegal in Canada

Canadian authorities have found that the collection of facial-recognition data by Clearview AI is illegal because it violates federal and provincial privacy laws, representing a win for individuals’ privacy and potentially setting a precedent for other legal challenges to the controversial...

Emotet's Takedown: Have We Seen the Last of the Malware?

Sherrod DeGrippo, senior director of threat research and detection with Proofpoint, shares insights on the global law enforcement and private-sector takedown of the major cybercrime tools such as Emotet. Last fall, agencies targeted TrickBot’s infrastructure to disrupt the prolific malware, and...

Second SolarWinds Attack Group Breaks into USDA Payroll — Report

There had been hints that a second group of malicious actors may have exploited a SolarWinds bug to install the Supernova backdoor — notably, there was a conclusion by Microsoft back in December that this was the case. Now, sources told Reuters that there’s indeed evidence that a separate advance...

New Malware Hijacks Kubernetes Clusters to Mine Monero

Researchers have discovered never-before-seen malware, dubbed Hildegard, that is being used by the TeamTNT threat group to target Kubernetes clusters. While Hildegard, initially detected in January 2021, is initially being used to launch cryptojacking operations, researchers believe that the...

Five Critical Android Bugs Patched, Part of Feb. Security Bulletin

Google patched five critical bugs in its Android operating system as part of its February Security Bulletin. Two of the flaws were remote code execution vulnerabilities found within the Android media framework and system. Three additional critical Qualcomm bugs were reported by Google and patched...

SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover

Three serious vulnerabilities have been found in SolarWinds products: Two in the Orion User Device Tracker and one in the Serv-U FTP for Windows product. The most severe of these could allow trivial remote code execution with high privileges. The SolarWinds Orion platform is the network managemen...

TrickBot Continues Resurgence with Port-Scanning Module

The TrickBot trojan is continuing its bounce-back from an autumn takedown, recently adding a network-scanning module that uses the Masscan open-source tool to look for open ports. Masscan is a mass TCP/IP port scanner, which can scan the entire internet in under five minutes according to its...

Crypto Crook Hired Steven Seagal to Promote Scam, Now Faces Charges

Hundreds of investors in a fake cryptocurrency scam were bilked out of $11 million by John DeMarr, who advised them to invest in fake cryptocurrency “Bitcoiin,” took their money and spent it on a Porsche, jewelry and upgrades to his home, a criminal complaint from the Department of Justice allege...

Tiny Kobalos Malware Bedevils Supercomputers to Steal Logins

A tiny-sized malware that packs a big punch has been targeting supercomputers, especially those used in academia and scientific enterprises. It allows initial access for a variety of follow-on attacks, including credential theft – and potentially data exfiltration or cryptomining. That’s accordin...

Magento Web Skimmers Piggyback in Ongoing Costway Website Compromise

Two web skimmers have been discovered on the payment webpages of Costway, one of the top retailers in North America and Europe, which sells appliances, furniture and more. The skimmers are targeting consumers’ credit-card payment details. In a twist, researchers say one of these web skimmers is...

Agent Tesla Trojan 'Kneecaps' Microsoft's Anti-Malware Interface

Researchers have identified new versions of the Agent Tesla remote access trojan RAT that target the Windows anti-malware interface used by security vendors to protect PCs from attacks. The newly discovered variants have also adopted new obfuscation capabilities, raising the stakes for businesses...