Air-Gap Attack Turns Memory Modules into Wi-Fi Radios

Super-secure air-gapped computers are vulnerable to a new type of attack that can turn a PC’s memory module into a modified Wi-Fi radio, which can then transmit sensitive data at 100 bits-per-second wirelessly to nearly six feet away. Noted air-gap researcher Mordechai Guri created the...

RubyGems Packages Laced with Bitcoin-Stealing Malware

RubyGems, an open-source package repository and manager for the Ruby web programming language, has taken two of its software packages offline after they were found to be laced with malware. RubyGems provides a standard format for distributing Ruby programs and libraries in the service of building...

Cryptologists Crack Zodiac Killer's 340 Cipher

A remote team of three hobbyist cryptologists have solved one of the Zodiac Killer’s cipher after a half century. And while the name of the elusive serial killer remains hidden, the breakthrough represents a triumph for cryptology and the basic building blocks of cybersecurity — access control an...

3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons

Twenty-eight popular extensions for Google Chrome and Microsoft Edge browsers may contain malware and likely should be uninstalled by the more than 3 million people that already have downloaded them, security researchers said Thursday. Extensions for the browsers that potentially could pose a...

Code42 Incydr Series: Bringing Shadow IT into the light with Code42 Incydr

Shadow IT is hardly a hidden threat to security professionals. Gartner was warning, way back in 2016, that 1 in 3 successful attacks experienced by enterprises would come from the use of unsanctioned apps by 2020. Code42’s Data Exposure Report just about proves Gartner’s prediction, showing that...

Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor

Commodity malware backdoor SystemBC has evolved to now automate a number of key activities, as well as use the anonymizing Tor platform. These overarching changes make it both easier for cybercriminals to deploy the backdoor, as well as cloak the destination of the command-and-control C2 traffic...

The SolarWinds Perfect Storm: Default Password, Access Sales and More

SECOND UPDATE A perfect storm may have come together to make SolarWinds such a successful attack vector for the global supply-chain cyberattack discovered this week. Researchers said that includes its use of a default password “SolarWinds123” that gave attackers an open door into its...

Sextortionist Campaign Targets iOS, Android Users with New Spyware

New spyware is targeting iOS and Android frequenters of adult mobile sites by posing as a secure messaging application in yet another twist on sextortionist scams. The spyware, dubbed Goontact, targets users of escort-service sites and other sex-oriented services – particularly in Chinese-speakin...

Subway Sandwich Loyalty-Card Users Suffer Ham-Handed Phishing Scam

Count the Subway sandwich faithful among the latest victims of cybercriminals. Researchers at Sophos discovered a phishing campaign aimed at Subway loyalty-card members in the U.K. and Ireland, in an attempt to trick them into downloading malware. The campaign wasn’t particularly impressive,...

Easy WP SMTP Security Bug Can Reveal Admin Credentials

Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said. Easy WP SMTP allows users to configure and send all outgoing emails via a SMTP server, so that they don’t end up in the...

Gitpaste-12 Worm Widens Set of Exploits in New Attacks

The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices. First discovered in a round of late-October attacks that targeted Linux-based servers and internet-of-things IoT...

Firefox Patches Critical Mystery Bug, Also Impacting Google Chrome

A Mozilla Foundation update to the Firefox web browser, released Tuesday, tackles one critical vulnerability and a handful of high-severity bugs. The update, released as Firefox version 84, is also billed by Mozilla as boosting the browser’s performance and adding native support for macOS hardwar...

45 Million Medical Images Left Exposed Online

More than 45 million medical images—and the personally identifiable information PII and personal healthcare information PHI associated with them–have been left exposed online due to unsecured technology that’s typically used to store, send and receive medical data, new research has found. A team...

Agent Tesla Keylogger Gets Data Theft and Targeting Update

Six-year-old keylogger malware called Agent Tesla has been updated again, this time with expanded targeting and improved data exfiltration features. Agent Tesla first came into the scene in 2014, specializing in keylogging designed to record keystrokes made by a user in order to exfiltrate data...

Millions of Unpatched IoT, OT Devices Threaten Critical Infrastructure

Thousands of organizations remain at risk from the URGENT/11 and CDPwn collections of vulnerabilities, which affect operational technology OT gear and internet of things IoT, respectively. Unfortunately, there has been a rampant lack of patching, researchers said. According to researchers at Armi...

Ransomware and IP Theft: Top COVID-19 Healthcare Security Scares

Healthcare cybersecurity threats have been under the spotlight this past year, in particular with the rise of COVID-19 and the budgetary and resource strains that has put on hospitals. Beau Woods, a Cyber Safety Innovation Fellow with the Atlantic Council, founder and CEO of Stratigos Security an...

Spotify Changes Passwords After Another Data Breach

Spotify has alerted users that some of their registration data was inadvertently exposed to a third-party business partner, including emails addresses, preferred display names, passwords, gender and dates of birth. This is at least the third breach in less than a month for the world’s largest...

Ex-Cisco Employee Convicted for Deleting 16K Webex Accounts

A man has been sentenced to two years in jail after being convicted of hacking Cisco’s Webex collaboration platform in an insider-threat case brought to the U.S. District Court in California. Sudhish Kasaba Ramesh, 31, admitted that he broke into Cisco’s cloud infrastructure in 2018, hosted on...

DHS Among Those Hit in Sophisticated Cyberattack by Foreign Adversaries – Report

The U.S. Department of Homeland Security DHS, plus the Treasury and Commerce departments, have been hacked in an attack related to the FireEye compromise last week, according to reports. In addition, defense contractors and enterprises were caught up in the attack, FireEye said, which was carried...

Microsoft Office 365 Credentials Under Attack By Fax 'Alert' Emails

Researchers are warning of a coordinated phishing attack that targeted “numerous” enterprise organizations last week. The attackers behind the attack leveraged hundreds of compromised, legitimate email accounts in order to target organizations with emails, which pretended to be document delivery...

New Windows Trojan Steals Browser Credentials, Outlook Files

Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities– from collecting browser credentials to targeting Outlook files. The trojan, called PyMicropsia due to it being built with Python has been...

Security Issues in PoS Terminals Open Consumers to Fraud

Researchers are detailing widespread security issues in point-of-sale PoS terminals – specifically, three terminal device families manufactured by vendors Verifone and Ingenico. Click to register. The issues, which have been disclosed to the vendors and since patched, open several popular PoS...

Adrozek Malware Delivers Fake Ads to 30K Devices a Day

A persistent malware campaign called Adrozek has been using an evolved browser modifier to deliver fraudulent ads to search-engine pages, according to Microsoft. At its peak in August, Adrozek was observed on more than 30,000 devices each day, researchers found, affecting multiple browsers. The...

PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers

An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution RCE vulnerability to compromise database servers. The malware is unusual and completely novel in a host of ways, researchers said. According to researchers at Palo...

Feds: K-12 Cyberattacks Dramatically on the Rise

The feds have warned that cyberattacks on the K-12 education sector are ramping up alarmingly. In an alert from the FBI and the Cybersecurity and Infrastructure Security Agency CISA, officials said that data from the Multi-State Information Sharing and Analysis Center MS-ISAC shows that in August...

Facebook Shutters Accounts Used in APT32 Cyberattacks

Facebook has shut down several accounts and Pages on its platform, which were used to launch phishing and malware attacks by two cybercriminal groups: APT32 in Vietnam and an unnamed threat group based in Bangladesh. Click to register. The social-media giant said it has removed both groups’ abili...

Defending the Intelligent Edge from Evolving Attacks

Cybercriminals keep their fingers on the pulse of potential new attack vectors at all times, looking for their next opportunity. They are currently moving significant resources to target and exploit emerging network-edge environments, such as the cloud and remote workers, rather than just targeti...

Pfizer COVID-19 Vaccine Targeted in EU Cyberattack

Criminals haven’t given up on stealing COVID-19 vaccine data. Yet another cyberattack has been launched — this time, threat actors were able to break into the European Medicines Agency EMA server and access documentation about the vaccine candidate from Pfizer and BioNTech. The breach is just...

MoleRats APT Returns with Espionage Play Using Facebook, Dropbox

The MoleRats advanced persistent threat APT has developed two new backdoors, both of which allow the attackers to execute arbitrary code and exfiltrate sensitive data, researchers said. They were discovered as part of a recent campaign that uses Dropbox, Facebook, Google Docs and Simplenote for...

PLEASE_READ_ME Ransomware Attacks 85K MySQL Servers

Researchers are warning on an active ransomware campaign that’s targeting MySQL database servers. The ransomware, called PLEASEREADME, has thus far breached at least 85,000 servers worldwide – and has posted at least 250,000 stolen databases on a website for sale. MySQL is an open-source relation...

Zero-Click Wormable RCE Vulnerability in Cisco Jabber Gets Fixed, Again

Cisco Systems released an updated patch for a critical vulnerability in its video and instant messaging platform Jabber, originally patched in September. The cross-site scripting bug could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and...

Cyber Monday is Every Monday: Securing the 'New Normal'

Derek Manky Though eCommerce threats are usually only top-of-mind during the holiday shopping season, researchers have been on high alert when it comes to cybercriminal activity in the retail space during all of 2020, due to troves of new shoppers and stores going online. That’s according to Dere...

Misery of Ransomware Hits Hospitals the Hardest

Despite hospitals being on the front lines during the pandemic, bad actors have continued to target them with ransomware. In addition to wreaking havoc on operational processes in medical facilities at the worst possible time, the attacks have evolved to threaten patient safety. In September,...

Critical Steam Flaws Could Let Gamers Crash Opponents’ Computers

Game developer Valve has fixed critical four bugs in its popular Steam online game platform. If exploited, the flaws could allow a remote attacker to crash an opponent’s game client, take over the computer – and hijack all computers connected to a third-party game server. Steam is utilized by mor...

Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020

2020 is shaping up to be a banner year for software vulnerabilities, leaving security professionals drowning in a veritable sea of patching, reporting and looming attacks, many of which they can’t even see. A trio of recent reports tracking software vulnerabilities over the past year underscore t...

SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign

The SideWinder advanced persistent threat APT group has mounted a fresh phishing and malware initiative, using recent territory disputes between China, India, Nepal and Pakistan as lures. The goal is to gather sensitive information from its targets, mainly located in Nepal and Afghanistan...

COVID-19 Vaccine Cyberattacks Steal Credentials, Spread Zebrocy Malware

Cybercriminals are tapping into the impending rollout of COVID-19 vaccines with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns. Security researchers with KnowBe4 said that the recent slew of vaccine-related cyberattacks leverage the widespread medi...

D-Link Routers at Risk for Remote Takeover from Zero-Day Flaw

Buggy firmware opens a number of D-Link VPN router models to zero-day attacks. The flaws, which lack a complete vendor fix, allow adversaries to launch root command injection attacks that can be executed remotely and allow for device takeover. Impacted are D-Link router models DSR-150, DSR-250,...

Google Patches Critical Wi-Fi and Audio Bugs in Android Handsets

Google patched ten critical bugs as part of its December Android Security Bulletin. The worst of the bugs was tied to the Android media framework component and gives attacker remote control of vulnerable handsets. Google did not reveal the technical specifics of the critical flaw, tracked as...

FireEye Cyberattack Compromises Red-Team Security Tools

Cybersecurity firm FireEye has been hit in what CEO Kevin Mandia described as a highly targeted cyberattack. The attacker targeted and was able to access certain Red Team assessment tools that the company uses to test its customers’ security. Mandia on Tuesday said that based on the techniques an...

Divers Pull Rare Surviving WWII Enigma Cipher Machine from Bottom of the Baltic

German divers for the environmental group World Wildlife Fund were searching the ocean floor for abandoned nets threatening marine wildlife. What they found instead is a treasured piece of computing history, a World War II-era German Enigma crypto machine, sunk to the bottom of the Baltic Sea to...

Microsoft Wraps Up a Lighter Patch Tuesday for the Holidays

Microsoft has addressed 58 CVEs nine of them critical for its December 2020 Patch Tuesday update. This brings the computing giant’s patch tally to 1,250 for the year – well beyond 2019’s 840. This month’s security bugs affect Microsoft Windows, Edge EdgeHTML-based, ChakraCore, Microsoft Office an...

Apple Manufacturer Foxconn Confirms Cyberattack

Foxconn Technology Group confirmed Tuesday that a November cyberattack knocked some of its U.S. operations offline. The incident is reportedly a ransomware attack carried out by a cybergang attempting to extort $34 million from the global manufacturing powerhouse. “We can confirm that an...

The Remote-Work Transition Shifts Demand for Cyber Skills

The mass migration to remote working has forced chief information security officers to rethink what “secure” means and to re-prioritize the skillsets needed within their information-security teams. This creates challenges for companies — but also creates wide-open opportunities for those willing ...

Critical, Unpatched Bug Opens GE Radiological Devices to Remote Code Execution

A pair of critical vulnerabilities have been discovered in dozens of GE Healthcare radiological devices popular in hospitals, which could allow an attacker to gain access to sensitive personal health information PHI, alter data and even shut the machine’s availability down. The flaws affect 100...

Adobe Warns Windows, macOS Users of Critical-Severity Flaws

Adobe Systems has stomped out critical-severity flaws across its Adobe Prelude, Adobe Experience Manager and Adobe Lightroom applications. If exploited, the serious vulnerabilities could lead to arbitrary code execution. Overall, Adobe issued patches for flaws tied to one important-rated and thre...

Spearphishing Attack Spoofs Microsoft.com to Target 200M Office 365 Users

A spearphishing attack is spoofing Microsoft.com to target 200 million Microsoft Office 365 users in a number of key vertical markets, including financial services, healthcare, manufacturing and utility providers. Researchers at Ironscales discovered the campaign targeting several thousand...

'Amnesia:33' TCP/IP Flaws Affect Millions of IoT Devices

Researchers – as well as the U.S. Cybersecurity Infrastructure Security Agency CISA – are warning of a set of serious vulnerabilities affecting TCP/IP stacks. The flaws impact millions of internet-of-things IoT devices and embedded systems, including smart thermometers, smart plugs and printers...

NSA Warns: Patched VMware Bug Under Active Attack

Active attacks against a flaw in VMware’s Workspace One Access continue, three days after the vendor patched the vulnerability and urged customers to fix the bug classified as a zero-day at the time. Now the U.S. National Security Agency NSA has escalated concerns and on Monday warned that foreig...

Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping

Researchers have discovered new samples of a previously discovered Android malware, which is believed to be linked to the APT39 Iranian cyberespionage threat group. The new variant comes with new surveillance capabilities – including the ability to snoop on victims’ Skype, Instagram and WhatsApp...