Europol Warns COVID-19 Vaccine Rollout Vulnerable to Fraud, Theft

With the promise of a widely available COVID-19 vaccine on the horizon, Europol, the European Union’s law-enforcement agency, has issued a warning about the rise of vaccine-related Dark Web activity. The agency joins a chorus of security professionals that have concerns about widespread attacks o...

'Free' Cyberpunk 2077 Downloads Lead to Data Harvesting

The hotly anticipated videogame title Cyberpunk 2077 comes out on Dec. 10, inspiring breathless countdowns from gaming publications and enthusiasts across the globe. As with all things zeitgeisty, cybercriminals are looking to cash in on the excitement, with scams that offer “free copies” while...

Insider Report: Healthcare Security Woes Balloon in COVID-Era

In 2020, the healthcare industry began a massive shift, as legacy cybersecurity issues merged with new security challenges spurred on by the spread of COVID-19. Even before the pandemic, the medical arena wrestled with major cybersecurity challenges, including insecure medical devices, protecting...

Chinese Breakthrough in Quantum Computing a Warning for Security Teams

China’s top quantum-computer researchers have reported that they have achieved quantum supremacy, i.e., the ability to perform tasks a traditional supercomputer cannot. And while it’s a thrilling development, the inevitable rise of quantum computing means security teams are one step closer to...

Healthcare in Crisis: Diagnosing Cybersecurity Shortcomings in Unprecedented Times

When the COVID-19 pandemic first hit the U.S. hard in March, the Elmhurst Hospital was forced into a logistical nightmare. It was a grim sign of the times, as the Queens, N.Y. hospital was flooded with hundreds of sick patients, with one medical resident describing conditions as “apocalyptic”,...

QNAP High-Severity Flaws Plague NAS Systems

QNAP Systems is warning of high-severity flaws that plague its top-selling network attached storage NAS devices. If exploited, the most severe of the flaws could allow attackers to remotely take over NAS devices. NAS devices are systems that consist of one or more hard drives that are constantly...

RansomExx Ransomware Gang Dumps Stolen Embraer Data: Report

Hackers have dumped sensitive company data that was stolen during a ransomware attack last month on aircraft manufacturer Embraer. The compromised data appeared on a new dark web site created to publish leaked information, according to a published report. The move appears to be a revenge for the...

Making Sense of the Security Sensor Landscape

We have a serious sensor problem in the cybersecurity world. And it’s bad. Particularly when it comes to network intrusion detection and prevention sensors IDS/IPS. It seems like many security operations center SOC teams have completely given up on them being effective. But is the problem with...

High-Severity Chrome Bugs Allow Browser Hacks

Google has updated its Chrome web browser, fixing four bugs with a severity rating of “high” and eight overall. Three are use-after-free flaws, which could allow an adversary to generate an error in the browser’s memory, opening the door to a browser hack and host computer compromise. On Friday,...

Novel Online Shopping Malware Hides in Social-Media Buttons

A payment card-skimming malware that hides inside social-media buttons is making the rounds, compromising online stores as the holiday shopping season gets underway. According to researchers at Sansec, the skimmer hides in fake social-media buttons, purporting to allow sharing on Facebook, Twitte...

VMware Rolls a Fix for Formerly Critical Zero-Day Bug

VMware has patched a zero-day bug that was disclosed in late November – an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems. VMware has also revised the CVSS severity rating for the bug to “important,” down from critical. T...

Vancouver Metro Disrupted by Egregor Ransomware

The threat actors behind the Egregor ransomware are showing a prolificacy in their early months of activity. On the heels of targeting struggling U.S. retailer Kmart, the Egregor gang also disrupted the Vancouver metro system with a ransomware attack. Translink, the Canadian city’s public...

Kmart, Latest Victim of Egregor Ransomware – Report

Retail stalwart Kmart has suffered a ransomware attack at the hands of the Egregor gang, according to a report. The incident has encrypted devices and servers connected to the company’s networks, knocking out back-end services, according to BleepingComputer. The outlet obtained the purported rans...

TrickBot Returns with a Vengeance, Sporting Rare Bootkit Functions

The TrickBot malware has morphed once again, this time implementing functionality designed to inspect the UEFI/BIOS firmware of targeted systems. It marks a serious resurgence following an October takedown of the malware’s infrastructure by Microsoft and others. The Windows Unified Extensible...

DeathStalker APT Spices Things Up with PowerPepper Malware

The DeathStalker advanced persistent threat APT group has a hot new weapon: A highly stealthy backdoor that researchers have dubbed PowerPepper, used to spy on targeted systems. DeathStalker offers mercenary, espionage-for-hire services targeting the financial and legal sectors, according to...

Reverse Engineering Tools: Evaluating the True Cost

When sourcing software for business needs, what criteria should you follow? Price typically tops the list. And sure, free software, like the Linux OS, delivers cost savings, stability, flexibility and ongoing development. No argument there. But when it comes to decompilers, which are used for...

Cyberattacks Target COVID-19 Vaccine 'Cold-Chain' Orgs

A sophisticated, global phishing campaign has been targeting the credentials of organizations associated with the COVID-19 “cold-chain” – companies that ensure the safe preservation of vaccines by making sure they are stored and transported in temperature-controlled environments. The phishing...

As Modern Mobile Enables Remote Work, It Also Demands Security

Smartphones, tablets, collaboration apps and other modern framework tools are critical to maintaining productivity remotely, but they also demand an integrated security strategy purpose-built for mobile devices. The coronavirus pandemic has completely upended the way we work, educate and socializ...

Clop Gang Gallops Off with 2M Credit Cards from E-Land

The Clop ransomware group is at it again. On Thursday, the gang claimed that it stole 2 million credit cards from South Korean retailer E-Land over a one-year period, in a campaign that culminated with a ransomware attack on the company’s headquarters in November. Operators of Clop ransomware...

Code42 Incydr Series: Honing in on high-risk users with Code42 Incydr

The crux of the insider threat challenge is that everyone can be a risk. That’s why most security teams are focusing on gaining broader and deeper visibility into all file activity — especially the surge in remote, off-network activity. But this doesn’t mean that security teams should discount...

Google Play Apps Remain Vulnerable to High-Severity Flaw

UPDATE Researchers are warning that several popular Google Play applications – including mobile browser app Edge – have yet to push out an important update addressing a high-severity vulnerability in the Google Play Core Library. The vulnerability exists in Google Play Core Library, which is...

Spotify Wrapped 2020 Rollout Marred by Pop Star Hacks

In the midst of its popular Spotify Wrapped 2020 playlist rollout of the year’s most popular songs, the streaming service is grappling with a security breach, which affected the pages of some of its biggest stars, including Lana Del Rey, Dua Lipa, Future, Pop Smoke and others. Spotify is the most...

Think-Tanks Under Attack by Foreign APTs, CISA Warns

The Cybersecurity and Infrastructure Security Agency CISA and the FBI have issued a warning on what they say are persistent, continued cyberattacks by advanced persistent threat APT actors targeting U.S. think-tanks. The attackers are looking to steal sensitive information, acquire user credentia...

Xerox DocuShare Bugs Allow Data Leaks

Xerox issued a fix for two vulnerabilities impacting its market-leading DocuShare enterprise document management platform. The bugs, if exploited, could expose DocuShare users to an attack resulting in the loss of sensitive data. On Wednesday, the Cybersecurity and Infrastructure Security Agency...

Turla's 'Crutch' Backdoor Leverages Dropbox in Espionage Attacks

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat APT espionage group. The malware, which researchers call “Crutch,” is able to bypass security measures by abusing legitimate tools –...

Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data

Sophisticated cybercriminals have been trying to steal COVID-19 vaccine research – and researchers say there’s more of that to come going into 2021. Intellectual property theft will join ransomware, cloud-stored patient data theft and advanced phishing efforts as the main hallmarks of...

Microsoft Revamps ‘Invasive’ M365 Feature After Privacy Backlash

Microsoft has announced what it calls a more privacy-friendly version of its Productivity Score enterprise feature, following backlash from security experts who condemned it as a “full-fledged workplace surveillance tool.” The Productivity Score feature, which was launched as part of the Microsof...

DNS Filtering: A Top Battle Front Against Malware and Phishing

Peter Lowe With the proliferation of malicious websites, domain name system DNS filtering has been adopted as an effective method for blacklisting content and blocking out suspicious webpages. Peter Lowe, security researcher with DNSFilter, talks to Cody Hackett on this week’s Threatpost Podcast...

iPhone Bug Allowed for Complete Device Takeover Over the Air

Details tied to a stunning iPhone vulnerability were disclosed by noted Google Project Zero researcher Ian Beer. Apple patched the vulnerability earlier this year. But few details, until now, were known about the bug that could have allowed a threat actor to completely take over any iPhone within...

Misconfigured Docker Servers Under Attack By Xanthe Malware

Researchers have discovered a Monero cryptomining botnet they call Xanthe, which has been exploiting incorrectly configured Docker API installations in order to infect Linux systems. Xanthe was first discovered in a campaign that employed a multi-modular botnet, as well as a payload that is a...

Android Messenger App Still Leaking Photos, Videos

The GO SMS Pro Android app has published two new versions on Google Play since a major security weakness was disclosed in November – but neither fixes the original issue, leaving 100 million users at risk for privacy violations, researchers said. Meanwhile, a raft of exploitation tools have been...

Cayman Islands Bank Records Exposed in Open Azure Blob

A Cayman Island investment firm has removed years of backups, which up until recently were easily available online thanks to a misconfigured Microsoft Azure blob. The blob’s single URL led to vast stores of files including personal banking information, passport data and even online banking PINs —...

Zoom Impersonation Attacks Aim to Steal Credentials

A new Zoom-themed phishing attack is circulating through email, text and social media messages, aiming to steal credentials for the videoconferencing service. The Better Business Bureau BBB warned last week that the attack uses Zoom’s logo, and in a message tells recipients that their Zoom accoun...

Electronic Medical Records Cracked Open by Unpatched OpenClinic Bugs

Four vulnerabilities have been discovered in the OpenClinic application for sharing electronic medical records. The most concerning of them would allow a remote, unauthenticated attacker to read patients’ personal health information PHI from the application. OpenClinic is an open-source health...

Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout

Just in time for a busy online holiday shopping season, the Magecart gang has come up with a new credit-card skimming technique for hijacking PayPal transactions during checkout. A security researcher who identifies himself as Affable Kraut discovered the technique, which uses...

Post-Cyberattack, UVM Health Network Still Picking Up Pieces

More than a month after a cyberattack hit the University of Vermont UVM health network, the organization is still working to recover its systems. The UVM health network is a six-hospital, home-health and hospice system, which encompasses more than 1,000 physicians, 2,000 nurses and other clinicia...

Conti Gang Hits IoT Chipmaker Advantech with $14M Ransom Demand

Advantech, the chip manufacturer, has confirmed that it received a ransom note from a Conti ransomware operation on Nov. 26 demanding 750 Bitcoin, which translates into about $14 million, to decrypt compromised files and delete the data they stole. Just to let Advantech know they weren’t bluffing...

Digitally Signed Bandook Trojan Reemerges in Global Spy Campaign

A wave of targeted cyberattack campaigns bent on espionage is cresting around the globe, using a strain of a 13-year old backdoor trojan named Bandook. According to Check Point Research, Bandook was last spotted being used in 2015 and 2017/2018, in the “Operation Manul” and “Dark Caracal”...

MacOS Users Targeted By OceanLotus Backdoor

A macOS backdoor variant has been uncovered that relies of multi-stage payloads and various updated anti-detection techniques. Researchers linked it to the OceanLotus advanced persistent threat APT group. The Vietnam-backed OceanLotus also known as APT 32 has been around since at least 2013, and...

Pandemic, A Driving Force in 2021 Financial Crime

Financial cybercrime in 2021 is set to evolve, researchers say, with extortion practices becoming more widespread, ransomware gangs consolidating and advanced exploits being used more effectively to target victims. That’s according to key predictions from Kaspersky. Researchers said the drastic...

2021 Healthcare Cybersecurity Priorities: Experts Weigh In

Healthcare cybersecurity is in triage mode. As systems are stretched to the limits by COVID-19 and technology becomes an essential part of everyday patient interactions, hospital and healthcare IT departments have been left to figure out how to make it all work together, safely and securely. Most...

TurkeyBombing Puts New Twist on Zoom Abuse

Millions of family and friends, forced to spend Thanksgiving socially distant, are being targeted by cybercriminals as they turn to video platforms like Zoom to virtually be together. In this ongoing attack, cybersecurity experts warn, victims are targeted with a Zoom-related and...

Cybersecurity Predictions for 2021: Robot Overlords No, Connected Car Hacks Yes

Predicting the future is always an iffy proposition. There’s the Nostradamus route, making predictions so cryptic and vague they could mean just about anything. Or you can go the TV psychic route and throw a handful of darts at the wall, highlighting the ones that stick and hope everyone ignores...

ThreatList: Cyber Monday Looms – But Shoppers Oblivious to Top Retail Threats

Despite being concerned about the security risks behind online shopping, consumers lack knowledge about some of the biggest retail risks – with more than half unaware of digital credit-card skimming threats posed by the Magecart group. In a new report this week, RiskIQ found that a full 64 percen...

Federated Learning: A Therapeutic for what Ails Digital Health

For researchers and physicians the mountains of data hospitals and healthcare systems hold could be a goldmine for artificial intelligence and machine learning, but data privacy concerns and regulations have kept scientists from being able to harness that information to improve outcomes. Now...

Changing Employee Security Behavior Takes More Than Simple Awareness

Security awareness rarely leads to sustained behavior change on its own, according to a recent analysis – meaning that organizations need to proactively develop a robust “human-centered” security program to reduce the number of security incidents associated with poor security behavior. According ...

Major BEC Phishing Ring Cracked Open with 3 Arrests

Three men suspected of participating in a massive business email compromise BEC ring have been arrested in Lagos, Nigeria. A joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation resulted in the arrest of the Nigerian nationals, believed to be responsible for distributing...

Critical MobileIron RCE Flaw Under Active Attack

Advanced persistent threat APT groups are actively exploiting a vulnerability in mobile device management security solutions from MobileIron, a new advisory warns. The issue in question CVE-2020-15505 is a remote code-execution flaw. It ranks 9.8 out of 10 on the CVSS severity scale, making it...

How to Update Your Remote Access Policy – And Why You Should Now

For close to two decades, organizations have allowed privileged employees to work remotely by offering remote access solutions as a part of the daily work environment. But until recently, working remotely was more of a luxury than a necessity. With the rise of COVID-19, many organizations moved...

Laser-Based Hacking from Afar Goes Beyond Amazon Alexa

Imagine someone hacking into an Amazon Alexa device using a laser beam and then doing some online shopping using that person account. This is a scenario presented by a group of researchers who are exploring why digital home assistants and other sensing systems that use sound commands to perform...