Credential-Stuffing Attack Hits The North Face

The North Face has reset its customers’ passwords after attackers launched a credential-stuffing attack against the popular outdoor outfitter’s website. In a recent data-breach notification, the company told customers that it was alerted to “unusual activity involving its website,”...

Report: CISA Chief Expects White House to Fire Him

Top U.S. cybersecurity official Christopher Krebs said he expects to be fired by the Trump administration after he delivered a secure presidential election that didn’t go in the current administration’s favor. Krebs, the first and current director of the Department of Homeland Security’s DHS’s...

Cyberattackers Serve Up Custom Backdoor for Oracle Restaurant Software

ModPipe, a previously unknown backdoor, has been purpose-built to attack restaurant point-of-sale PoS solutions from Oracle. It’s notable for its unusual sophistication, according to researchers, evidenced by its multiple modules. The code is specifically taking aim at the Oracle MICROS Restauran...

Animal Jam Hacked, 46M Records Roam the Dark Web

The company behind the wildly popular kids’ game Animal Jam has announced that hackers stole a menagerie of account records during a breach of a third-party vendor’s server in October — more than 46 million of them, in fact. The company, WildWorks, said that it was unaware that the data had been...

Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys

The Dark Web/Darknet continues to be an environment for bad actors to share stolen credentials and discuss successful attacks. In fact, in recent weeks, personal information from places ranging from education organizations to voter databases in the U.S. have been found exposed. Although there hav...

Bugs in Critical Infrastructure Gear Allow Sophisticated Cyberattacks

Two security vulnerabilities in Schneider Electric’s programmable logic controllers PLCs could allow attackers to compromise a PLC and move on to more sophisticated critical infrastructure attacks. PLCs are key pieces of equipment in environments such as electric utilities and factories. They...

2 More Google Chrome Zero-Days Under Active Exploitation

Google is asking Chrome desktop users to prepare to update their browsers once again as two more zero-day vulnerabilities have been identified in the software. Both allow an unauthenticated, remote attacker to compromise an affected system via the web. And both are being actively exploited in the...

From Triton to Stuxnet: Preparing for OT Incident Response

From an irked former contractor in Australia sabotaging a sewage plant in 2000, to the more high-level 2017 Triton malware attacks on Saudi Arabian petrochemical plants, operational technology OT for critical infrastructure has increasingly been a cybersecurity concern. But now, the COVID-19...

Silver Peak SD-WAN Bugs Allow for Network Takeover

Silver Peak’s Unity Orchestrator, a software-defined WAN SD-WAN management platform, suffers from three remote code-execution security bugs that can be chained together to allow network takeover by unauthenticated attackers. SD-WAN is a cloud-based networking approach used by enterprises and...

Nvidia Warns Windows Gamers of GeForce NOW Flaw

Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices. GeForce NOW is the brand used by Nvidia for its cloud-based gaming servic...

Ragnar Locker Ransomware Gang Takes Out Facebook Ads in Key New Tactic

The Ragnar Locker ransomware group has decided to ratchet up the pressure on its latest high-profile victim, Italian liquor conglomerate Campari, by taking out Facebook ads threatening to release the 2TB of sensitive data it stole in a Nov. 3 attack – unless a $15 million ransom is paid in Bitcoi...

Minecraft Apps on Google Play Fleece Players Out of Big Money

Fans of the popular Minecraft video game are in the crosshairs of cybercriminals, who have loaded up Google Play with scam apps bent on fleecing players out of cash. According to researchers, the mobile apps for Android fool users into spending hundreds of dollars per month, by offering skins,...

High-Severity Cisco DoS Flaw Can Immobilize ASR Routers

A high-severity flaw in Cisco’s IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers ASR. The flaw stems from Cisco IOS XR, a train of Cisco Systems’ widely deployed Internetworking Operating System IOS. The OS powers the Cisco ASR 9000 serie...

COVID-19 Data-Sharing App Leaked Healthcare Worker Info

A platform used by healthcare workers in the Philippines designed to share data about COVID-19 cases contained multiple flaws that exposed healthcare worker data and could potentially could have leaked patient data. Vulnerabilities found in both the COVID-KAYA platform’s web and Android apps...

Microsoft Patch Tuesday Update Fixes 17 Critical Bugs

Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution RCE bugs. Twelve of Microsoft’s 17 critical patches were tied to RCE bugs. In all, 112 vulnerabilities were patched by Microsoft, with 93 rated important, and two rated low in...

Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs

A massive Intel security update this month addresses flaws across a myriad of products – most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges. These critical flaws exist in products related to Wireless Bluetooth – including...

Scalper-Bots Shake Down Desperate PS5, Xbox Series X Shoppers

It’s a big week for gamers across the globe, with imminent, dueling releases of Xbox Series X and PlayStation PS5. However, an army of retail bots threaten to drive prices up as much as three times the retail price, putting the coveted holiday gifts well out of reach of everyday fans. Retailers...

Apple to Deliver 'Privacy Labels' for Apps, Revealing Data-Sharing Details

After years of complaints about over-permissioned apps that collect, use and share private user information, Apple will be making developer privacy policies more transparent for consumers. Starting Dec. 8, iOS and macOS developers will be required to provide detailed information about how their...

Ghimob Android Banking Trojan Targets 153 Mobile Apps

A new banking trojan has been discovered targeting Android users, with the capabilities to spy on 153 mobile apps from various banks, cryptocurrencies and exchanges. Researchers describe the banking trojan, called Ghimob, as a “full-fledged spy in your pocket” that can be accessed remotely by its...

Microsoft Teams Users Under Attack in 'FakeUpdates' Malware Campaign

Attackers are using ads for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies’ networks with malware. Microsoft is warning its customers about the so-called “FakeUpdates” campaigns in a non-public security advisory, according to a report in Bleeping...

Trump Site Alleging AZ Election Fraud Exposes Voter Data

A security flaw on a website set up to gather evidence of in-person voter fraud in Arizona would have opened the door for SQL injection and other attacks. The bug, found on a site set up by Trump campaign called dontpressthegreenbutton.com, was discovered by cybersecurity pro Todd Rossin, almost ...

Cyberattack on UVM Health Network Impedes Chemotherapy Appointments

The University of Vermont UVM health network is scrambling to recover its systems after a cyberattack led to widespread delays in patient appointments – including chemotherapy appointments, as well as mammograms and biopsies. The UVM Health Network is a six-hospital, home-health and hospice syste...

Ultimate Member Plugin for WordPress Allows Site Takeover

A WordPress plugin installed on more than 100,000 sites has three critical security bugs that each allow privilege escalation – and potentially full control over a target WordPress site. The plugin, called Ultimate Member, allows web admins to add user profiles and membership areas to their web...

Microsoft Exchange Attack Exposes New xHunt Backdoors

Two never-before-seen Powershell backdoors have been uncovered, after researchers recently discovered an attack on Microsoft Exchange servers at an organization in Kuwait . The activity is tied back to the known xHunt threat group, which was first discovered in 2018 and has previously launched an...

Millions of Hotel Guests Worldwide Caught Up in Mass Data Leak

A widely used hotel reservation platform has exposed 10 million files related to guests at various hotels around the world, thanks to a misconfigured Amazon Web Services S3 bucket. The records include sensitive data, including credit-card details. Prestige Software’s “Cloud Hospitality” is used b...

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Welcart e-Commerce is a free WordPress plugin that has more than...

Feds Seize $1B in Bitcoin from Silk Road

The feds have seized its largest stash ever of Bitcoin, originating from the notorious Silk Road underground marketplace. The federal coffers are now $1 billion richer. Silk Road was known for the place to go to broker illegal drugs, murder-for-hire, child pornography and malware – such as passwo...

Campari Site Suffers Ransomware Hangover

Italian spirits brand Campari has restored its company website following a recent ransomware attack. According to the ransom note, the group behind the breach used Ragnar Locker to encrypt most of Campari’s servers and was holding the data hostage for $15 million in Bitcoin. Campari Group is behi...

Gitpaste-12 Worm Targets Linux Servers, IoT Devices

Researchers have uncovered a new worm targeting Linux based x86 servers, as well as Linux internet of things IoT devices that are based on ARM and MIPS CPUs. Of note, the malware utilizes GitHub and Pastebin for housing malicious component code, and has at least 12 different attack modules...

Apple Patches Bugs Tied to Previously Identified Zero-Days

Apple has patched three previously identified zero-day vulnerabilities in its iPhone, iPod and iPad devices potentially related to a spate of related flaws recently discovered by the Google Project Zero team that also affect Google Chrome and Windows. Apple this week released iOS 14.2 and iPadOS...

Gaming Giant Capcom Hit By Ragnar Locker Ransomware: Report

Video game giant Capcom has reportedly been hit by a ransomware attack that affected access to certain systems – including email and file servers – and encrypted 1 terabyte TB of sensitive data. The Japanese video game developer and publisher has developed a number of multi-million selling game...

Zoom Snooping: How Body Language Can Spill Your Password

You’ve heard of Zoom Bombing, but have you heard of Zoom Snooping? Researchers contend they can extract keystroke data from participants in a video call simply by tracking shoulder movements. A recently published study warns malicious actors might use the technique to decipher personal passwords...

Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched

Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said Proof-of-Concept PoC exploit...

Malspam Campaign Milks Election Uncertainty

Threat actors have taken advantage of the ongoing uncertainty around the 2020 U.S. election to unleash a new malspam campaign aimed at spreading the Qbot trojan. Criminals behind Qbot resurfaced the day after the election with a wave of spam emails that attempt to lure victims with messages...

Mysterious APT Leaves Curious ‘KilllSomeOne’ Clue

Researchers are scratching their heads when it comes to unmasking a new advanced persistent threat APT group targeting non-governmental organizations in the Southeast Asian nation Myanmar formerly Burma. Based on crude messages, such as “KilllSomeOne”, used in attack code strings, coupled with...

GrowDiaries Exposes Emails, Passwords of 1.4M Cannabis Growers

A database linked to GrowDiaries, an online community of cannabis growers, has exposed more than a million users’ email addresses, passwords, IP address records and posts. GrowDiaries is a robust online community of cannabis growing enthusiasts from around the world, where they can share tips,...

Google Forms Abused to Phish AT&T Credentials

Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims’ credentials. The forms masquerade as login pages from more than 25 different companies, brands and government agencies. So far, 265 different Google Forms used in these attacks have been...

Toymaker Mattel Hit by Ransomware Attack

Top toymaker Mattel revealed it was a victim of a ransomware attack that successfully encrypted some data and temporarily crippled a limited number of business functions. The disclosure was part of a U.S. Securities Exchange Commission SEC disclosure filed in late October. Mattel reported the...

VMware Issues Updated Fix For Critical ESXi Flaw

VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. Wednesday’s VMware advisory said updated patch versions were available after it was discovered the previous patch, released Oct. 20, did not completely address the vulnerability. That’...

Code42 Incydr Series: Why Most Companies Can’t Stop Departing Employee Data Theft

Here’s the single clearest sign of insider risk: an employee’s resignation letter. A 2019 study found that 72% of employees take company data when they leave, according to Infosecurity Magazine. Fortunately, you don’t need fancy technology to figure out who these risky users are — they tell you!...

Police to Livestream Ring Camera Footage of Mississippi Residents

UPDATE Police in Mississippi are testing a program in which they can livestream video footage from private security cameras – including Ring doorbell cameras – installed at private homes and businesses. The program in Jackson, Miss., to use the Ring door cameras as part of surveillance efforts, i...

Oracle Solaris Zero-Day Attack Revealed

A previously known threat group, called UNC1945, has been compromising telecommunications companies and targeting financial and professional consulting industries, by exploiting a security flaw in Oracle’s Solaris operating system. Researchers said that the group was exploiting the bug when it wa...

APT Groups Finding Success with Mix of Old and New Tools

Advanced persistent threat APT groups continue to use the fog of intense geopolitics to supercharge their campaigns, but beyond these themes, actors are developing individual signature tactics for success. That’s according to Kaspersky’s most recent APT trends report for Q3 2020, which found that...

34M Records from 17 Companies Up for Sale in Cybercrime Forum

A whopping 34 million user records have materialized on an underground sales forum, which cybercriminals claim are gleaned from 17 different corporate data breaches. According to reports, the data appeared late last week, and the theft appears to be the work of a single person or group. The...

Two Chrome Browser Updates Plug Holes Actively Targeted by Exploits

Flaws in Google’s Chrome desktop and Android-based browsers were patched Monday in an effort to prevent known exploits from being used by attackers. Two separate security bulletins issued by Google warned that it is aware of reports that exploits for both exist in the wild. Google’s Project Zero...

Adobe Warns Windows, MacOS Users of Critical Acrobat and Reader Flaws

Adobe has fixed critical-severity flaws tied to four CVEs in the Windows and macOS versions of its Acrobat and Reader family of application software services. The vulnerabilities could be exploited to execute arbitrary code on affected products. These critical flaws include a heap-based buffer...

Media Comms Giant Says Ransomware Hit Will Cost Millions

Media communications giant Isentia is reporting that its coffers will be emptied of as much as $6 million $8.5 million AUS in the wake of a ransomware attack last week. The company is a media-intelligence and data-analytics firm headquartered in Australia, with a presence throughout Southeast Asi...

Oracle Rushes Emergency Fix for Critical WebLogic Server Flaw

Oracle has released a rare out-of-band patch for a remote code-execution flaw in several versions of its WebLogic server. The vulnerability CVE-2020-14750 has a CVSS base score of 9.8 out of 10, and is remotely exploitable without authentication meaning it may be exploited over a network without...

$100M Botnet Scheme Lands Cybercriminal 8 Years in Jail

Authorities have sentenced a hacker to eight years in prison for trafficking stolen personally identifiable information PII and online banking credentials resulting in losses totaling over $100 million. Aleksandr Brovko, 36, formerly of the Czech Republic, pleaded guilty in February to conspiracy...

Survey: Cybersecurity Skills Shortage is ‘Bad,’ But There’s Hope

More than half of cybersecurity professionals in a recent survey — 57 percent — reported that the cybersecurity skills shortage is either “bad” or “very bad” at their companies. That’s according to a recent survey and whitepaper published by Trustwave, which also outlined a prescription for...