Identity Theft Spikes Due to COVID-19 Relief

Cases of identity theft in the United States doubled in 2020, mainly due to cybercriminals taking advantage of people affected economically by COVID-19 who filed to receive government benefits. This is according to the Federal Trade Commission FTC, which received about 1.4 million reports of...

Wind River ‘Security Incident’ Affects SSNs, Passport Numbers

Wind River Systems, which develops embedded system software, on Friday warned of a “security incident” that had exposed personnel records. One or more files were downloaded from the company’s network on or around September 29, it said. Affected data included information maintained within the...

Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers

Advanced persistent threat APT group Lebanese Cedar has compromised at least 250 public-facing servers since early 2020, researchers said, with its latest malware. The group has added new features to its custom “Caterpillar” webshell and the “Explosive RAT” remote access trojan RAT, both of which...

SolarWinds Hack Prompts Congress to Put NSA in Encryption Hot Seat

Members of Congress are demanding the U.S. National Security Agency NSA reveal what it knows about the 2015 Juniper Networks supply-chain delivery breach. In a letter sent by U.S. Senator Ron Wyden and nine additional members of Congress, the lawmakers demand a full account of the NSA-designed...

Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code

The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code. The security vulnerability is a heap-buffer overflow bug in Libgcrypt 1.9.0...

Gaming Software Supply-Chain Attack Installs Spyware

Researchers allege, attackers have compromised the update mechanism of NoxPlayer, which is software that allows gamers to run Android apps on their PCs or Macs. They then installed malware onto victims’ devices with surveillance-related capabilities. NoxPlayer is developed by BigNox, which is a...

WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites

Developers of a plugin, used by WordPress websites for building pop-up ads for newsletter subscriptions, have issued a patch for a serious flaw. The vulnerability could be exploited by attackers to send out newsletters with custom content, or to delete or import newsletter subscribers. The plugin...

Microsoft 365 Becomes Haven for BEC Innovation

Two fresh business email compromise BEC tactics have emerged onto the phishing scene, involving the manipulation of Microsoft 365 automated email responses in order to evade email security filters. In one case, scammers are targeting victims by redirecting legitimate out-of-office OOO replies fro...

Industrial Gear at Risk from Fuji Code-Execution Bugs

Industrial control software ICS from Fuji Electric is vulnerable to several high-severity arbitrary code-execution security bugs, according to a federal warning. Authorities are warning the flaws could allow physical attacks on factory and critical-infrastructure equipment. Fuji Electric’s Tellus...

Apple iOS 14 Thwarts iMessage Attacks With BlastDoor System

In an effort to prevent attacks from being launched via its iMessage feature, Apple has debuted a security service called BlastDoor in iOS 14, its current mobile operating system version. First detailed in an analysis this week by Google Project Zero’s Samuel Groß, BlastDoor acts as a “tightly...

Lazarus Affiliate ‘ZINC’ Blamed for Campaign Against Security Researcher

Microsoft has attributed a recently discovered campaign to target security researchers with custom malware through elaborate socially-engineered attacks to an APT group affiliated with North Korea-linked Lazarus Group. Google’s Threat Analysis Group TAG on Monday already sounded a warning about t...

Rocke Group’s Malware Now Has Worm Capabilities

Researchers have identified an updated malware variant used by the cybercrime gang Rocke Group that targets cloud infrastructures with crypto-jacking attacks. The malware is called Pro-Ocean, which was first discovered in 2019, and has now been beefed-up with “worm” capabilities and rootkit...

Utah Ponders Making Online ‘Catfishing’ a Crime

Legislature introduced in Utah means it could soon be illegal there to pretend to be someone else when engaging in certain types of deceptive activities on the internet, a practice known as “catfishing.” The Online Impersonation Prohibition up for debate this week in the Utah House of...

LogoKit Simplifies Office 365, SharePoint 'Login' Phishing Pages

A newly-uncovered phishing kit, dubbed LogoKit, eliminates headaches for cybercriminals by automatically pulling victims’ company logos onto the phishing login page. This gives attackers the tools needed to easily mimic company login pages, a task that can sometimes be complex. Cybercriminals hav...

Mimecast Confirms SolarWinds Hack as List of Security Vendor Victims Snowball

The Mimecast certificate compromise reported earlier in January is part of the sprawling SolarWinds supply-chain attack, the security firm has confirmed. Mimecast joins other cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys in being targeted in...

TeamTNT Cloaks Malware With Open-Source Tool

The TeamTNT threat group has added a new detection-evasion tool to its arsenal, helping its cryptomining malware skirt by defense teams. The TeamTNT cybercrime group is known for cloud-based attacks, including targeting Amazon Web Services AWS credentials in order to break into the cloud and use ...

NetWalker Ransomware Suspect Charged; Tor Site Seized

Hot on the heels of the Emotet takedown announced Wednesday, the NetWalker ransomware has also been partially disrupted by an international police action. The Department of Justice said Wednesday that it has brought charges “against a Canadian national in relation to NetWalker ransomware attacks,...

Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming

Disconnecting devices from the internet is no longer a solid plan for protecting them from remote attackers. A new version of a known network-address translation NAT slipstreaming attack has been uncovered, which would allow remote attackers to reach multiple internal network devices, even if tho...

Sudo Bug Gives Root Access to Mass Numbers of Linux Systems

A doozy of a bug that could allow any local user on most Linux or Unix systems to gain root access has been uncovered — and it had been sitting there for a decade, researchers said. The bug was found in Sudo, a utility built into most Unix and Linux operating systems that lets a user without...

ADT Security Camera Flaws Open Homes to Eavesdropping

UPDATE Researchers have publicly disclosed security flaws found in ADT-owned LifeShield security cameras, which, if exploited, could have allowed a local attacker to eavesdrop on victims’ conversations or tap into a live video feed. The LifeShield brand is owned by security giant ADT. Specificall...

Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline

UPDATE The virulent malware known as Emotet – one of the most prolific malware strains globally – has been dealt a blow thanks to a takedown by an international law-enforcement consortium. Meanwhile, the NetWalker ransomware has also been subjected to partial disruption, according to the U.S...

Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update

Apple continues to put out potential security fires by patching zero-day vulnerabilities, releasing an emergency update this week to patch three more recently discovered in iOS after a major software update in November already fixed three that were being actively exploited. The newly patched bugs...

Nvidia Squashes High-Severity Jetson DoS Flaw

Nvidia has patched three vulnerabilities affecting its Jetson lineup, which is a series of embedded computing boards designed for machine-learning applications, in things like autonomous robots, drones and more. A successful exploit could potentially cripple any such gadgets leveraging the affect...

DanaBot Malware Roars Back into Relevancy

Researchers are warning that a new fourth version of the DanaBot banking trojan has surfaced after months of mysteriously going quiet. The latest variant, still under analysis by researchers, is raising concerns given the number of past DanaBot effective campaigns. From May 2018 to June 2020,...

23M Gamer Records Exposed in VIPGames Leak

VIPGames.com, a free platform with a total of 56 available classic board and card games like Hearts, Crazy Eights, Euchre, Dominoes, Backgammon and others, has exposed the personal data of tens of thousands of users. In all, more than 23 million records for more than 66,000 users were left expose...

Criminal, Domestic Violence Case Info Exposed in Cook County Leak

A non-password protected database, belonging to a county in Illinois, exposed 323,000 court records for at least four months, according to researchers. The database exposed the names of various people involved in sensitive criminal, domestic-abuse or child-custody court cases. Researchers from...

Nefilim Ransomware Gang Hits Jackpot with Ghost Account

A Nefilim ransomware attack that locked up more than 100 systems stemmed from the compromise of an unmonitored account belonging to an employee who had died three months previously, researchers said. Nefilim a.k.a. Nemty is a ransomware strain that emerged in 2020, with its operators adopting the...

North Korea Targets Security Researchers in Elaborate 0-Day Campaign

Hackers linked to North Korea are targeting security researchers with an elaborate social-engineering campaign that sets up trusted relationships with them — and then infects their organizations’ systems with custom backdoor malware. That’s according to Google’s Threat Analysis Group TAG, which...

TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks

A vulnerability in the popular TikTok short-form video-sharing platform could have allowed attackers to easily compile users’ phone numbers, unique user IDs and other data ripe for phishing attacks. TikTok, owned by ByteDance, has more than 800 million active users worldwide. The vulnerability,...

Breaking Down Joe Biden's $10B Cybersecurity 'Down Payment'

President Joe Biden laid out a series of cybersecurity initiatives last week at his inauguration, including earmarking $10 billion for various cybersecurity defense initiatives. Those included hiring key security personnel to support for the Cybersecurity Infrastructure Security Agency CISA. The...

Outgoing FCC Chair Issues Final Security Salvo Against China

Outgoing Federal Communications Chair Ajit Pai has issued a final warning about Chinese telcos at the end of a tenure spent cracking down on companies like Huawei, ZTE and China Telecom. Pai, a former telecommunications industry lobbyist and in-house counsel for Verizon, told Reuters that managin...

2.28M MeetMindful Daters Compromised in Data Breach

More than 2.28 million members of the online dating site MeetMindful have reportedly been caught up in a wide-ranging data breach that exposes everything from Facebook tokens to physical characteristics. The ShinyHunters hacking group has stolen and published the personally identifiable PII data ...

Cisco DNA Center Bug Opens Enterprises to Remote Attack

A cross-site request forgery CSRF vulnerability in the Cisco Digital Network Architecture DNA Center could open enterprise users to remote attack and takeover. The flaw, tracked as CVE-2021-1257, exists in the web-based management interface of the Cisco DNA Center, which is a centralized...

SonicWall Breach Stems from ‘Probable’ Zero-Days

UPDATE SonicWall is investigating “probable” zero-day flaws in its remote access security products that have been targeted by “highly-sophisticated” attackers. The company says it is investigating the attack and will update customers within 24 hours. The security company said it is currently...

Microsoft Edge, Google Chrome Roll Out Password Protection Tools

Two major browsers –Microsoft Edge and Google Chrome – are rolling out default features, which they say will better help notify users if their password has been compromised as part of a breach or database exposure. Edge and Chrome’s moves signify a bigger push by browsers to solve the big “passwo...

Amazon Kindle RCE Attack Starts with an Email

Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root – paving the way for siphoning money from unsuspecting users. Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices...

ADT Tech Hacks Home-Security Cameras to Spy on Women

Former ADT employee Telesforo Aviles took note when there were attractive women at a home he serviced in the Dallas area. Then he would add his personal email address to their accounts so he could have around-the-clock access to their most private moments, according to the U.S. Attorneys’ Office...

Discord-Stealing Malware Invades npm Packages

Three malicious software packages have been published to npm, a code repository for JavaScript developers to share and reuse code blocks. The packages represent a supply-chain threat given that they may be used as building blocks in various web applications; any applications corrupted by the code...

Ransomware Attackers Publish 4K Private Scottish Gov Agency Files

On the heels of a ransomware attack against the Scottish Environmental Protection Agency SEPA, attackers have now reportedly published more than 4,000 files stolen from the agency – including contracts and strategy documents. After hitting SEPA on Christmas Eve with the attack, cybercriminals...

Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks

Cybercriminals can exploit Microsoft Remote Desktop Protocol RDP as a powerful tool to amplify distributed denial-of-service DDoS attacks, new research has found. Attackers can abuse RDP to launch UDP reflection/amplification attacks with an amplification ratio of 85.9:1, principal engineer Rolan...

Einstein Healthcare Network Announces August Breach

Einstein Health Network, a Pennsylvania-based company operating medical rehab, outpatient and primary care centers, announced a breach of its employee email system, which exposed patient personal and medical information. The company waited more than five months to make the compromise public...

SQL Server Malware Tied to Iranian Software Firm, Researchers Allege

Researchers have made new discoveries surrounding the source of a previously-uncovered cryptomining operation that has targeted internet-facing database servers. The campaign, dubbed MrbMiner, was discovered in September 2020 downloading and installing a cryptominer on thousands of SQL servers...

Google Forms Set Baseline For Widespread BEC Attacks

A threat actor has been sending thousands of emails to organizations, in what researchers warn is a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise BEC attack. So far, researchers have observed thousands of messages being sent to companies since...

Google Searches Expose Stolen Corporate Credentials

Attackers behind a recently discovered phishing campaign have unintentionally left more than 1,000 stolen credentials available online via simple Google searches, researchers have found. The campaign, which began in August 2020, used e-mails that spoof notifications from Xerox scans to lure victi...

Critical Cisco SD-WAN Bugs Allow RCE Attacks

Cisco is warning of multiple, critical vulnerabilities in its software-defined networking for wide-area networks SD-WAN solutions for business users. Cisco issued patches addressing eight buffer-overflow and command-injection SD-WAN vulnerabilities. The most serious of these flaws could be...

NVIDIA Gamers Face DoS, Data Loss from Shield TV Bugs

NVIDIA has newly disclosed three security vulnerabilities in the NVIDIA Shield TV, which could allow denial of service, escalation of privileges and data loss. The NVIDIA Shield TV is a set-top gadget that acts as a hub for the smart home, streams PC games from a gaming PC to a TV; and allows loc...

Malwarebytes Hit by SolarWinds Attackers

Malwarebytes is the latest discovered victim of the SolarWinds hackers, the security company said – except that it wasn’t targeted through the SolarWinds platform. “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor,” it...

Investment Scammers Prey on Dating App Users, Interpol Warns

Cybercriminals are taking advantage of a surge in dating app users with a sophisticated fraud scheme, which convinces victims to join in on an investment opportunity – and ultimately drains their wallets. The social isolation of the COVID-19 pandemic is driving many to online interactions – notab...

Google Research Pinpoints Security Soft Spot in Multiple Chat Platforms

Google Project Zero researcher Natalie Silvanovich outlined what she believes is a common theme when it comes to serious vulnerabilities impacting leading chat platforms. The research, published Tuesday, identifies a common denominator within chat platforms, called “calling state machine”, which...

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

Researchers have uncovered a set of flaws in dnsmasq, popular open-source software used for caching Domain Name System DNS responses for home and commercial routers and servers. The set of seven flaws are comprised of buffer overflow issues and flaws allowing for DNS cache-poisoning attacks also...