Attackers Use Event Logs to Hide Malware

Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover for...

Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk

An unpatched Domain Name System DNS bug in a popular standard C library can allow attackers to mount DNS poisoning attacks against millions of IoT devices and routers to potentially take control of them, researchers have found. Researchers at Nozomi Networks Labs discovered the flaw affecting the...

Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’

While they have good intentions to foster mental health and spiritual wellness, the majority of mental-health and prayer apps can harm their users in other ways by exposing personal and intimate data due to a severe lack of security and privacy protections, researchers from Mozilla have found. Of...

Bad Actors Are Maximizing Remote Everything

The rise of remote work and learning opened new opportunities for many people – as we’ve seen by the number of people who have moved to new places or adapted to “workcations.” Cybercriminals are taking advantage of the same opportunities – just in a different way. Evaluating the prevalence of...

Deep Dive: Protecting Against Container Threats in the Cloud

Containers are self-contained pods representing complete, portable application environments. They contain everything an application needs to run, including binaries, libraries, configuration files and dependencies Docker and Amazon Elastic, for instance, are two of the more well-known offerings...

Security Turbulence in the Cloud: Survey Says…

Over the past 15 years, the cloud has blown business into a new age of networking, for solid reasons: Small businesses can get online fast, using the same tools as the big companies; large companies can scale up and down to match demand; and organizations of all sizes can quickly react to busines...

Cyberespionage APT Now Identified as Three Separate Actors

A threat group responsible for sophisticated cyberespionage attacks against U.S. utilities is actually comprised of three subgroups, all with their own toolsets and targets, that have been operating globally since 2018, researchers have found. TA410 is a cyberespionage umbrella group loosely link...

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub revealed details tied to last week’s incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. “We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in thei...

Cyberattacks Rage in Ukraine, Support Military Operations

Cyberattacks against Ukraine have been used strategically to support ground campaigns, with five state-sponsored advanced persistent threat APT groups behind attacks that began in February. According to research published by Microsoft on Wednesday, the APTs involved in the campaigns are...

Emotet is Back With New Tricks to Spread Malware

Emotet malware attacks are back after a 10-month “spring break” – with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. That new approach includes more targeted phishing attacks, different from the previous spray-and-pray campaigns, according to new research...

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...

Firms Push for CVE-Like Cloud Bug System

Big gaps exist in the 22-year-old Common Vulnerability and Exposures CVE system that do not address dangerous flaws in cloud services that drive millions of apps and backend services. Too often, cloud providers needlessly expose customers to risk by not sharing the details of bugs discovered on...

Nation-state Hackers Target Journalists with Goldbackdoor Malware

Sophisticated hackers believed to be tied to the North Korean government are actively targeting journalists with novel malware dubbed Goldbackdoor. Attacks have consisted of multistage infection campaign with the ultimate goal of stealing sensitive information from targets. The campaign is believ...

Lapsus$ Hackers Target T-Mobile

T-Mobile confirmed that the extortion group Lapsus$ gains access to their system “several weeks ago”. The telecom giant responded to a report by a journalist Brian Krebs, who accessed the internal chats from the private Telegram channel of the core Lapsus$ gang members. The company added that it...

Zero-Trust For All: A Practical Guide

While “zero-trust architecture” has become a buzz phrase, there’s plenty of confusion as to what it actually is. Is it a concept? A standard? A framework? An actual set of technology platforms? According to security experts, it’s best described as a fresh mindset for approaching cybersecurity...

Skeletons in the Closet: Security 101 Takes a Backseat to 0-days

Rarely a month goes by without the infosec industry being plagued by a new zero-day apocalypse. Most recently in December 2021, the world was swept by a series of vulnerabilities in Log4J – a popular logging system used by thousands of systems around the world. While writing this article, the...

Most Email Security Approaches Fail to Block Common Threats

On overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware. That’s according to a survey of business customers using Microsoft 365 for email commissioned by Cyren and conducted by Osterman Research...

Google: 2021 was a Banner Year for Exploited 0-Day Bugs

Google Project Zero reported 58 exploited zero-day vulnerabilities in 2021, a record in the short time the team of security researchers has been keeping tabs. In a year-in-review report on the number instances a zero-day bug has been exploited in the wild, researchers noted the number a twofold...

Rethinking Cyber-Defense Strategies in the Public-Cloud Age

The pandemic has fast-tracked migration to the public cloud, including Amazon Web Services, Google Compute Platform and Microsoft Azure. But the journey hasn’t exactly been smooth as silk: The great migration has brought a raft of complex security challenges, which have led to headline-grabbing...

‘CatalanGate’ Spyware Infections Tied to NSO Group

An unknown zero-click exploit in Apple’s iMessage was used by Israeli-based NSO Group to plant either Pegasus or Candiru malware on iPhones owned by politicians, journalists and activists. Citizen Lab, in collaboration with Catalan-based researchers, released the finding in a report on Monday tha...

Protect Your Executives’ Cybersecurity Amidst Global Cyberwar

It’s been roughly two months since Russia first launched its unprovoked invasion of Ukraine. Since then, the world has borne witness to unspeakable tragedy. While damaged and destroyed property can and will be rebuilt; the death and despair incurred by Ukrainians will leave a lasting imprint acro...

Cyberattackers Put the Pedal to the Medal: Podcast

Cyber-defenders have a lot on their plates: Rapid vulnerability exploitation. Ransomware-apalooza. Botnet infestations on the order never seen in the past. How can IT security teams effectively deal with the escalating volume of threats, especially as those threats become more sophisticated and...

Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web

Researchers have found financial and technological links between the Karakurt cybercriminal group and two high-profile ransomware actors that signal a shift in business operations and an expansion of opportunities for the threat actors to target victims, they said. Karakurt—a financially motivate...

Feds: APTs Have Tools That Can Take Over Critical Infrastructure

Threat actors have built and are ready to deploy tools that can take over a number of widely used industrial control system ICS devices, which spells trouble for critical infrastructure providers—particularly those in the energy sector, federal agencies have warned. In a joint advisory, the...

Feds Shut Down RaidForums Hacking Marketplace

U.S. law enforcement has shut down one of the largest cybercriminal online forums in the world and revealed the charges its Portuguese founder will face in federal court. However, the takedown is likely to only be a temporary blow to hackers, who will find other ways of buying and selling data...

Microsoft Zero-Days, Wormable Bugs Spark Concern

Microsoft has released patches for 128 security vulnerabilities for its April 2022 monthly scheduled update – ten of them rated critical including three wormable code-execution bugs that require no user interaction to exploit. There are also two important-rated zero-days that allow privilege...

Menswear Brand Zegna Reveals Ransomware Attack

High-end Italian fashion house Ermenegildo Zegna revealed on Monday that it was the target of a ransomware attack last August — and that it managed to recover its systems from back-up without paying a ransom. The Milan-based firm already had revealed on Aug. 6, 2021, that it became aware of...

Microsoft Takedown Domains Used in Cyberattack Against Ukraine

Microsoft seized seven domains it claims were part of ongoing cyberattacks by what it said are state-sponsored Russian advanced persistent threat actors that targeted Ukrainian-related digital assets. The company obtained court orders to take control of the domains it said were used by Strontium,...

Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’

Researchers have found the info-stealing Android malware Sharkbot lurking unsuspected in the depths of the Google Play store under the cover of anti-virus AV solutions. While analyzing suspicious applications on the store, the Check Point Research CPR team found what purported to be genuine AV...

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts

A server-side request forgery SSRF flaw in an API of a large financial technology fintech platform potentially could have compromised millions of bank customers, allowing attackers to defraud clients by controlling their bank accounts and funds, researchers have found. A team at Salt Security’s...

MacOS Malware: Myth vs. Truth – Podcast

Remember those ads with a sneezing guy in a suit who says he’s a PC and to stay away, he’s got that nasty virus that’s going around? “That’s OK,” says the young, hip guy in blue jeans: He’s a Mac. … as if any machine that runs code could possibly be immune to malware…? Boy, was that a stretch. Th...

Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info

Attackers are spoofing voice message notifications from WhatsApp in a malicious phishing campaign that uses a legitimate domain to spread an info-stealing malware, researchers have found. Researchers at cloud email security firm Armorblox discovered the malicious campaign targeting Office 365 and...

Authorities Fully Behead Hydra Dark Marketplace

German authorities have taken down the Hydra marketplace – a popular destination on the Dark Web for trading in illicit goods and services, including cyberattack tools and stolen data. This week, they were able to commandeer and take offline underpinning infrastructure such as servers, plus insta...

No-Joke Borat RAT Propagates Ransomware, DDoS

Attackers are using a newly released remote access trojan RAT to spread ransomware and distributed denial of service DDoS — in addition to the traditional RAT function of backdooring victims’ systems. Researchers at Cyble Research Labs discovered the RAT, which they dubbed Borat RAT because it us...

Apple Rushes Out Patches for 0-Days in MacOS, iOS

Apple rushed out patches for two zero-days affecting macOS and iOS Thursday, both of which are likely under active exploitation and could allow a threat actor to disrupt or access kernel activity. Apple released separate security updates for the bugs – a vulnerability affecting both macOS and iOS...

Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks

Ghostwriter – a threat actor previously linked with the Belarusian Ministry of Defense – has glommed onto the recently disclosed, nearly invisible “Browser-in-the-Browser” BitB credential-phishing technique in order to continue its ongoing exploitation of the war in Ukraine. In a Wednesday post,...

Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn

A pair of recent vulnerabilities found in the automaker ecosystem might not seem like a real danger taken separately. But experts warn a lack of attention on cybersecurity could plague “smart” car and electric vehicle systems — and users — in years to come, as the use of automotive technology...

QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug

Customers of Taiwan-based QNAP Systems are in a bit of limbo, waiting until the company releases a patch for an OpenSSL bug that the company has warned affects most of its network-attached storage NAS devices. The vulnerability can trigger an infinite loop that creates a denial-of-service DoS...

A Blockchain Primer and Bored Ape Headscratcher – Podcast

Why in the world would a collection of nonfungible token NFT gorilla avatars called the Bored Ape Yacht Club BAYC, run by 30-somethings using aliases like “Emperor Tomato Ketchup” and “No Sass” and adored by celebrities, spiral on up to a multibillion-dollar valuation …and, by the way, how can yo...

RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn

NOTE: This post is about the confirmed and patched vulnerability tracked as CVE-2022-22963. While the researchers at Sysdig refer to this Spring Cloud bug as “Spring4Shell,” it should be noted that there is some confusion as to what to call it, with another security firm referring to a different,...

Cyberattackers Target UPS Back-Up Power Devices in Mission-Critical Environments

Cyberattackers are targeting uninterruptible power supply UPS devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT...

Lapsus$ ‘Back from Vacation’

The Lapsus$ data extortionists are back from a week-long “vacation,” they announced on Telegram, posting 70GB worth of data purportedly stolen from software development giant Globant. “We are officially back from a vacation,” the gang wrote on their Telegram channel, posting images of exfiltrated...

Google Chrome Bug Actively Exploited as Zero-Day

Google has updated its Stable channel for the desktop version of Chrome, to address a zero-day security vulnerability that’s being actively exploited in the wild. The bug, tracked as CVE-2022-1096, is a type-confusion issue in the V8 JavaScript engine, which is an open-source engine used by Chrom...

MSHTML Flaw Exploited to Attack Russian Dissidents

A spearphishing campaign targeting Russian citizens and government entities that are not aligned with the actions of the Russian government is the latest in numerous threats that have emerged since Russia invaded the Ukraine in February. Researchers from MalwareBytes identified a campaign last we...

Log4JShell Used to Swarm VMware Servers with Miners, Backdoors

What researchers are calling a “horde” of miner bots and backdoors are using the Log4Shell bug to take over vulnerable VMware Horizon servers, with threat actors still actively waging some attacks. On Tuesday, Sophos reported that the remote code execution RCE Log4j vulnerability in the ubiquitou...

Exchange Servers Speared in IcedID Phishing Campaign

The ever-evolving banking trojan IcedID is back again with a phishing campaign that uses previously compromised Microsoft Exchange servers to send emails that appear to come from legitimate accounts. Attackers also are using stealthy new payload-delivery tactics to spread the modular malware...

Okta Says It Goofed in Handling the Lapsus$ Attack

On Friday, Okta – the authentication firm-cum-Lapsus$-victim – admitted that it “made a mistake” in handling the recently revealed Lapsus$ attack. The mistake: trusting that a service provider had told Okta everything it needed to know about an “unsuccessful” account takeover ATO at one of its...

Critical Sophos Security Bug Allows RCE on Firewalls

Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution. The flaw, tracked as CVE-2022-1040, is specifically an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall. It affects versio...

DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector

The U.S. Department of Justice DOJ has indicted four Russian government employees in connection to plots to cyber-fry critical infrastructure in the United States and beyond, including at least one nuclear power plant. The campaigns involved one of the most dangerous malwares ever encountered in...

Artificial Intelligence and Cybersecurity

Artificial Intelligence AI and Machine Learning ML are essentials in modern cybersecurity. Both can automated the process of analyzing internet content and categorize it while identifying and mitigating threats such as malware, ransomware, phishing and botnets. AI and ML technologies are constant...