NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware

Two of NVIDIA’s code-signing certificates were part of the Feb. 23 Lapsus$ Group ransomware attack the company suffered – certificates that are now being used to sign malware so malicious programs can slide past security safeguards on Windows machines. The Feb. 23 attack saw 1TB of data bleed fro...

Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape

Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively exploited in the wild as zero days. Both are use-after-free bugs, which are memory-corruption issues that occur when an application continues to...

Massive Meris Botnet Embeds Ransomware Notes from REvil

Hey webop\geeks, you\are\already\dead, a note claiming to be left by the REvil ransomware gang declared, embedded into the attack itself as a string of text in the URL for the extortion demand. Imperva reported the interesting twist on Friday – one of several it’s seen in the evolution of...

Free HermeticRansom Ransomware Decryptor Released

A free decryptor is out to unlock a ransomware found piggybacking on the HermeticWiper data wiper malware that ESET and Broadcom’s Symantec discovered targeting machines at financial, defense, aviation and IT services outfits in Ukraine, Lithuania and Latvia last week. The fact that there was...

Phishing Campaign Targeted Those Aiding Ukraine Refugees

Cyberattackers used a compromised Ukrainian military email address to phish EU government employees who’ve been involved in managing the logistics of refugees fleeing Ukraine, according to a new report. Ukraine has been at the center of an unprecedented wave of cyberattacks in recent weeks and...

Russia Leaks Data From a Thousand Cuts–Podcast

Information about nuclear plants and air force capabilities. Conti ransomware gang crooks conjecturing that the National Security Agency NSA was maybe behind the mysterious, months-long TrickBot lull. Doxxed data about 120K Russian soldiers. Those are just some of the sensitive, valuable data...

Securing Data With a Frenzied Remote Workforce–Podcast

The baby upchucks. The dog loudly informs you that she’s detected a budding squirrel armageddon. Your department’s Zoom meeting starts in four minutes. The Bank of Fezziwig texts: If you haven’t enabled online banking, click here. What. Do. You. DO?!? It doesn’t matter that you’ve been working...

TeaBot Trojan Haunts Google Play Store, Again

The TeaBot banking trojan – also known as “Anatsa” – has been spotted on the Google Play store, researchers from Cleafy have discovered. The malware – designed to intercept SMS messages and login credentials from unwitting users – affected users of “more than 400 banking and financial apps,...

Conti Ransomware Decryptor, TrickBot Source Code Leaked

The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The latest dump includes source code for Conti ransomware, TrickBot malware, a decryptor and the gang’s...

RCE Bugs in Hugely Popular VoIP Apps: Patch Now!

Some of the world’s most popular communication apps are using an open-source library riddled with newfound security holes. One thing this open-source, flawed library shares with the Apache Log4J logging library fiasco that started in December: It’s ubiquitous. The library, PJSIP – an open-source...

RCE Bugs in WhatsApp, Other Hugely Popular VoIP Apps: Patch Now!

WhatsApp and BlueJeans are just two of the world’s most popular communication apps that are using an open-source library riddled with newfound security holes. One thing this open-source, flawed library shares with the Apache Log4J logging library fiasco that started in December: It’s ubiquitous...

Daxin Espionage Backdoor Ups the Ante on Chinese Malware

The Daxin malware is taking aim at hardened government networks around the world, according to researchers, with the goal of cyberespionage. The Symantec Threat Hunter team noticed the advanced persistent threat APT weapon in action in November, noting that it’s “the most advanced piece of malwar...

Ukraine Hit with Novel ‘FoxBlade’ Trojan Hours Before Invasion

“As tanks rolled into Ukraine, so did malware,” summarized humanitarian author Andreas Harsono, referring to the novel malware that Microsoft has named FoxBlade. On Monday, the company reported that its Threat Intelligence Center MSTIC had detected cyberattacks launched against Ukraine’s digital...

Microsoft Accounts Targeted by Russian-Themed Credential Harvesting

While legitimate concerns abound about the Russian-Ukrainian conflict sparking a far-reaching cyberwarfare conflagration around the globe, small-time crooks are also ramping up their efforts amid the crisis. Phishing emails to Microsoft users warning of Moscow-led account hacking have started to...

Ukraine-Russia Cyber Warzone Splits Cyber Underground

The Russia-Ukraine cyber warzone has split the Conti ransomware gang into warring factions, leading to a Ukrainian member spilling 60,000 of the group’s internal chat messages online. On Monday, vx-underground – an internet collection of malware source code, samples and papers that’s generally...

Toyota to Close Japan Plants After Suspected Cyberattack

What was potentially a cyberattack hit one of Toyota’s parts suppliers, causing the company to move to shut down about a third of the company’s global production tomorrow, the company announced on Monday. Toyota doesn’t know how long the 14 plants will be unplugged. The closure will mean that the...

TrickBot Takes a Break, Leaving Researchers Scratching Their Heads

The group behind the TrickBot malware is back after an unusually long lull between campaigns, according to researchers — but it’s now operating with diminished activity. They concluded that the pause could be due to the TrickBot gang making a large operational shift to focus on partner malware,...

Microsoft Exchange Server Bugs Exploited by ‘Cuba’ Ransomware Gang

The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found. The group has likely been prying open these chinks in victims’ armor as early as last August,...

6 Cyber-Defense Steps to Take Now to Protect Your Company

The headlines feel like Groundhog Day, if each of Bill Murray’s repeated days grew increasingly threatening: Ransomware attacks rise again. Ransomware attacks up over last quarter. Ransomware attacks tower over previous year. You get the idea. And yet again, a new report from Ivanti sends a clear...

White House Denies Mulling Massive Cyberattacks Against Russia

The White House has denied reports that President Biden has been presented with an arsenal of ways to launch massive cyberattacks against Russia – attacks designed to disrupt the country’s ability to sustain its military operations in Ukraine. NBC News on Thursday reported that the options includ...

The Harsh Truths of Cybersecurity in 2022, Part Two

In part one of this series, I outlined some harsh truths of cybersecurity in 2022 and the first three of the top six steps you should take to ensure resiliency against today’s most pervasive threat—ransomware. Here, I’ll cover the remaining three: But first, let’s take a quick step back. It used ...

Zenly Social-Media App Bugs Allow Account Takeover

Zenly, a social app from Snap that allows users to see the locations of friends and family on a live map, contains a pair of vulnerabilities that could endanger those being tracked. According to the Checkmarx Security Research Team, the bugs are a user-data exposure vulnerability and an...

Microsoft App Store Sizzling with New ‘Electron Bot’ Malware

A backdoor malware that can take over social-media accounts – including Facebook, Google and Soundcloud – has infiltrated Microsoft’s official store by cloning popular games such as Temple Run or Subway Surfer. The backdoor, dubbed Electron Bot, gives attackers complete control over compromised...

Web Filtering & Compliances for Wi-Fi Providers

The demand for public Wi-Fi is increasing constantly due to the increase of smartphone owners and remote workers. Researchers at VPNMentor say that there are approximately 549 million Wi-Fi hotspots worldwide. Another survey by Semantic found that 87 percent of U.S. consumers have used the readil...

Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins

A sophisticated phishing campaign directed at a “major, publicly traded integrated payments solution company located in North America” made use of DocuSign and a compromised third party’s email domain to skate past email security measures, researchers said. The campaign spread seemingly innocuous...

The Art of Non-boring Cybersec Training–Podcast

Log4j, ransomware, cloud vulnerabilities, phishing: Cyber threats are manifold. They all pale, however, in comparison to the security black holes that walk around on two legs. Studies have shown that nearly all successful breaches stem from human error, be it failure to install security patches...

Samsung Screwed Up Encryption on 100M Phones

Samsung shipped an estimated 100 million smartphones with botched encryption, including models ranging from the 2017 Galaxy S8 on up to last year’s Galaxy S21. Researchers at Tel Aviv University found what they called “severe” cryptographic design flaws that could have let attackers siphon the...

Sextortion Rears Its Ugly Head Again

A new French-language sextortion campaign is making the rounds, researchers warn. As noted by Sophos researchers in a Monday report, sextortion is one of the oldest tricks in the book, but its popularity has waned in recent years due to effective cybersecurity, law enforcement crackdowns and the...

Creaky Old WannaCry, GandCrab Top the Ransomware Scene

What’s old in ransomware is new again. Or, more accurately, never really went away. New analysis shows that for a years-old malware, WannaCry is still a viciously active pest. The self-propagating ransomware cryptoworm that’s been parasitizing victims since 2017 was the top most detected ransomwa...

Gaming, Banking Trojans Dominate Mobile Malware Scene

The number of cyberattacks launched against mobile users was down last year, researchers have found — but don’t pop the champagne just yet. The decline was offset by jacked-up, more sophisticated, more nimble mobile nastiness. In a Monday report, Kaspersky said that its researchers have observed ...

Cyberattackers Cook Up Employee Personal Data Heist for Meyer

Meyer Corp., maker of Farberware and the largest cookware and bakeware distributor in the U.S., has begun notifying 2,747 employees that a cyberattack that occurred on Oct. 25 compromised their personal data. Meyer filed a notice with the state of Maine disclosing the breach, which it discovered ...

Xenomorph Malware Burrows into Google Play Users, No Facehugger Required

An Android trojan dubbed Xenomorph has nested in Google Play, already racking up more than 50,000 downloads from the official app store, researchers warned. For anyone who downloaded the “Fast Cleaner” app, it’s time to nuke it from orbit. According to a ThreatFabric analysis, Xenomorph has a...

NFT Investors Lose $1.7M in OpenSea Phishing Attack

Over the weekend, hackers stole millions of dollars worth of non-fungible tokens NFTs belonging to 17 members of the OpenSea NFT marketplace. On Saturday, a small number of OpenSea users noticed their NFTs were missing. NFTs are digital tokens on the blockchain that represent ownership over virtu...

New Critical RCE Bug Found in Adobe Commerce, Magento

Yet another zero-day bug has been discovered in the Magento Open Source and Adobe Commerce platforms, while researchers have created a working proof-of-concept PoC exploit for the recently patched CVE-2022-24086 vulnerability that came under active attack and forced Adobe to push out an emergency...

Severe WordPress Plug-In UpdraftPlus Bug Threatens Backups

The WordPress plug-in “UpdraftPlus” was patched on Wednesday to correct a vulnerability that left sensitive backups at risk, potentially exposing personal information and authentication data. UpdraftPlus is a tool for creating, restoring and migrating backups for WordPress files, databases,...

Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code

Footage of opposition leaders calling for the assassination of Iran’s Supreme Leader ran on several of the nation’s state-run TV channels in late January after a state-sponsored cyber-attack on Iranian state broadcaster IRIB. The incident – one of a series of politically motivated attacks in Iran...

Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators

There’s a new, still-under-development, Golang-based botnet called Kraken with a level of brawn that belies its youth: It’s using the SmokeLoader malware loader to spread like wildfire and is already raking in a tidy USD $3,000/month for its operators, researchers report. Though its name may soun...

Ukrainian DDoS Attacks Should Put US on Notice–Researchers

On Tuesday, institutions central to Ukraine’s military and economy were hit with a wave of denial-of-service DoS attacks, which sparked an avalanche of headlines around the world. The strike itself had limited impact — but the larger implications for critical infrastructure beyond the Ukraine are...

Microsoft Teams Targeted With Takeover Trojans

Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found. In January, researchers at Avanan, a Check Point Company, began tracking the campaign, which drops...

Kill Cloud Risk: Get Everybody to Stop Fighting Over App Security - Podcast

Brought to you by Uptycs. Underwriters of Threatpost podcasts do not assert any editorial control over content. Applications are cybercriminals’ favorite ways to crack open targeted organizations. Yet no single team or process can assure the rollout of safe cloud applications. From code design to...

TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands

Cyberattackers are targeting 60 different high-profile companies with the TrickBot malware, researchers have warned, with many of those in the U.S. The goal is to attack those companies’ customers, according to Check Point Research CPR, which are being cherry-picked for victimization. According t...

Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry

Emotionally vulnerable and willing to offer up any information that lands the gig, job seekers are prime targets for social engineering campaigns. And with the “Great Resignation” in full swing, cybercriminals are having an easy time finding their next victim. Just since Feb. 1, analysts have...

High-Severity RCE Bug Found in Popular Apache Cassandra Database

Researchers have shared details about a now-patched, high-severity security bug in the Apache Cassandra open-source NoSQL distributed database that’s easy to exploit and, if left unpatched, could enable attackers to gain remote code execution RCE. The bug, which involves how Cassandra creates...

Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers

VMware has issued a critical security update to address issues in its ESXi, Fusion and Workstation products, including VMware Cloud Foundation versions. Exploitation could give attackers access to workloads inside organizations’ virtual environments. The bugs have a range of 5.3 to 8.4 out of 10 ...

Emotet Now Spreading Through Malicious Excel Files

The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found. Researchers at Palo Alto Networks Unit 42 have observed a new infection approach for the high-volume malware, which is known to modify and change its...

SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming

SquirrelWaffle – the newish malware loader that first showed up in September – once again got its scrabbly little claws into an unpatched Microsoft Exchange server to spread malspam with its tried-and-true trick of hijacking email threads. That’s the same-old, same-old, as in, a SquirrelWaffle...

Chrome Zero-Day Under Active Attack: Patch ASAP

Google on Monday issued 11 security fixes for its Chrome browser, including a high-severity zero-day bug that’s actively being jumped on by attackers in the wild. In a brief update, Google described the weakness, tracked as CVE-2022-0609, as a use-after-free vulnerability in Chrome’s Animation...

TA2541: APT Has Been Shooting RATs at Aviation for Years

Researchers have identified an advanced persistent threat APT group responsible for a series of cyberespionage and spyware attacks against the aviation, aerospace, transportation and defense industries since at least 2017 that feature high-volume email campaigns using industry-specific lures. The...

BlackByte Tackles the SF 49ers & US Critical Infrastructure

The San Francisco 49ers were recently kneecapped by a BlackByte ransomware attack that temporarily discombobulated the NFL team’s corporate IT network on the Big Buffalo Wing-Snarfing Day itself: Superbowl Sunday. BlackByte – a ransomware-as-a-service RaaS gang that leases its ransomware to...

‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware

The developer of several popular mods for the Cities: Skylines city-building game has been banned after malware was discovered hidden in their wares. The modder, who goes by the handle Chaos as well as Holy Water, reportedly tucked an automatic updater into several mods that enabled the author to...