‘Dark Herring’ Billing Malware Swims onto 105M Android Devices

Nearly 500 malicious apps lurking on the Google Play Store have successfully installed Dark Herring malware — a cash-stealer intended to add sneaky charges onto mobile carrier bills — on more than 100 million Android devices across the globe. That’s quite a school of fish. Dark Herring malware wa...

New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense

As we enter into a new year full of uncertainty, one thing for cybersecurity practitioners remains true: You have a strategic advantage over adversaries. It may sound obvious to say, but they’re launching attacks against you, within your environment, which you control – giving you a fundamental...

Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox

Over the last couple of months, the Zix Threat Research team has observed threat actors using new tactics to spoof logistics and supply-chain companies, hoping for an easy compromise. As we have seen throughout the COVID-19 pandemic, cybercriminals are flourishing in these times of upheaval, due ...

Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’

UPDATE Every major Linux distribution has an easily exploited memory-corruption bug that’s been lurking for 12 years – a stunning revelation that’s likely to be followed soon by in-the-wild exploits, researchers warn. Successful exploitation gives full root access to any unprivileged user. The...

Threat Actors Blanket Androids with Flubot, Teabot Campaigns

Researchers have discovered a raft of active campaigns delivering the Flubot and Teabot trojans through a variety of delivery methods, with threat actors using smishing and malicious Google Play apps to target victims with fly-by attacks in various regions across the globe. Researchers from...

Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet

A massive Minecraft tournament styled after the Netflix blockbuster Squid Game known, of course, as “SquidCraft” apparently inspired a distributed denial of service DDoS attack that took down the sole and state-owned internet service provider in Andorra. Internet-freedom monitoring company...

Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin

Ozzy Osbourne and his famously enterprising wife and manager, Sharon, decided to launch a new non-fungible token NFT collection called CryptoBatz — but the rollout was clouded. Scammers quickly found they could use an abandoned vanity Discord URL to drain potential buyers’ crypto wallets...

Segway Hit by Magecart Attack Hiding in a Favicon

Segway, maker of the iconic – and much-spoofed – personal motorized transporter familiar from guided city tours everywhere, has been serving up a nasty credit-card harvesting skimmer via its website that’s likely linked to Magecart Group 12. That’s according to Malwarebytes, which noted that “We...

MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks

A new family of cyber-espionage malware targeting macOS and delivered via a Safari exploit was used against politically active, pro-democracy residents of Hong Kong, in August watering-hole attacks initially discovered by Google TAG, researchers said on Tuesday. The watering-hole attacks – which...

AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover

The WordPress content management system CMS is offering admins more headaches this week, thanks to a pair of disparate but concerning security problems in add-ons for the platform. The first issue affects the WordPress AdSanity plugin. It’s a critical security vulnerability that could allow remot...

BRATA Android Trojan Updated with ‘Kill Switch’ that Wipes Devices

New variants of the BRATA banking trojan have been targeting global Android devices since November with advanced features, including the ability to wipe devices after stealing user data, tracking devices via GPS, and novel obfuscation techniques, researchers have found. The remote access trojan...

Linux Servers at Risk of RCE Due to Critical CWP Bugs

Researchers have discovered two critical bugs in Control Web Panel CWP – a popular web hosting management software used by 200,000+ servers – that could allow for remote code execution RCE as root on vulnerable Linux servers. CWP, formerly known as CentOS Web Panel, is an open-source Linux contro...

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

Malicious files doctored up to look like legitimate content related to the Israeli-Palestine conflict are being used to target prominent Palestinians, as well as activists and journalists in Turkey, with spyware. That’s according to a disclosure from Zscaler, which attributes the cyberattacks to...

Surge in Malicious QR Codes Sparks FBI Alert

Menus, event ticket sales, quick site access — QR codes have become a common way to interact as a result of the COVID-19 pandemic. But the smart little matrix bar codes are easily tampered with and can be used to direct victims to malicious sites, the FBI warned in an alert. QR codes are the...

Dark Souls 3 Servers Shut Down Due to Critical RCE Bug

There’s a dangerous remote-code execution RCE bug in the Dark Souls video game that could let attackers brick the PCs of online players. The flaw could allow attackers to do pretty much anything: As Kaspersky researchers explained on Monday, the bug “allows an attacker to execute almost any progr...

Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers

A new .NET malware packer being used to deliver a variety of remote access trojans RATs and infostealers has a fixed password named after Donald Trump, giving the new find its name, “DTPacker.” DTPacker was discovered by researchers at Proofpoint who, since 2020, have observed it being used by...

The Internet’s Most Tempting Targets

The number of exposed assets keeps climbing, but existing security strategies aren’t keeping up. Attack surfaces are getting more complex, and the excruciatingly hard part is figuring out where to focus. For every 1,000 assets on an attack surface, there is often only one that’s truly interesting...

Merck Awarded $1.4B Insurance Payout over NotPetya Attack

Unsealed court records show pharmaceutical giant Merck was awarded a $1.4 billion payout last month on its property insurance policy, for losses the company suffered because of the 2017 NotPetya cyberattacks. Merck’s cyber-insurance company, International Indemnity, was claiming the losses fell...

20K WordPress Sites Exposed by Insecure Plugin REST-API

More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting XSS bug discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing custom emails. The new vulnerability...

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges

McAfee has patched two high-severity vulnerabilities in a component of its McAfee Enterprise product that attackers can use to escalate privileges, including up to SYSTEM. According to McAfee’s bulletin, the bugs are in versions prior to 5.7.5 of McAfee Agent, which is used in McAfee Endpoint...

Spyware Blitzes Compromise, Cannibalize ICS Networks

Attackers are targeting industrial enterprises with spyware campaigns that hunt for corporate credentials so they can be used both for financial gain and to cannibalize compromised networks to propagate future attacks, researchers have found. The campaigns use off-the-shelf spyware but are unique...

2FA Bypassed in $34.6M Crypto.com Heist

Early Thursday morning, Crypto.com acknowledged that it had lost $34.65 million worth of cash, Bitcoin and Ethereum after getting ransacked in an attack that slipped fat transactions past two-factor authentication 2FA. Users had complained over the weekend that their accounts had been drained:...

Critical Cisco StarOS Bug Grants Root Access via Debug Mode

Cisco released a security update warning about a handful of vulnerabilities lurking in its networking technology, led by a critical bug in the company’s StarOS debug services. Cisco pushed out a fix for its Cisco StarOS Software on Wednesday. Jan. 19. In its advisory, the company said that the fl...

Microsoft: Attackers Tried to Login to SolarWinds Serv-U Via Log4j Bug

Attackers are trying to log in to SolarWinds Serv-U file-sharing software via attacks exploiting the Log4j flaws. This is a confusing story: Initially, Microsoft had warned on Wednesday that attackers were exploiting a previously undisclosed vulnerability in the SolarWinds Serv-U file-sharing...

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs

A security vulnerability in Apple’s browsers for macOS, iOS and iPadOS can lead to information disclosure, researchers have warned. Apple has just marked the issue as “resolved,” but it will take some time for the fixes to roll out, they said, so users should implement mitigations. According to...

Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data

The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ “highly vulnerable” people. The data was stolen from a program used to reunite family members split apart by war, disaster or migration. “While we don’t know who is responsible for this...

SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack

Fortune 500 integrated services firm R.R.Donnelley & Sons RRD is the latest victim of the hacking collective known as the Conti Group. According to regulatory disclosures RRD was the victim of a network breach that resulted in stolen data in December. RRD, a global firm with 33,000 employees,...

Destructive Wiper Targeting Ukraine Aimed at Eroding Trust

Russia is positioned for a hot-war attack on Ukraine that the Biden administration warned could come “at any point” — but the country is already suffering an attack of a different kind. A sweeping malware campaign remains ongoing, which experts agree is intended to permanently disrupt organizatio...

Box 2FA Bypass Opens User Accounts to Attack

UPDATE A security hole in Box, the cloud-based file-sharing service, paved the way for busting its multifactor authentication MFA, researchers said – and it’s the second such MFA bypass they have discovered in the service so far. Clearly, the stakes are high – gaining access to a Box account coul...

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks

The mobile app that all attendees and athletes of the upcoming Beijing Winter Olympics must use to manage communications and documentation at the event has a “devastating” flaw in the way it encrypts data that can allow for man-in-the-middle attacks that access sensitive user information,...

Cloned Dept. of Labor Site Hawks Fake Government Contracts

A new phishing campaign is targeting aspiring government vendors with an invitation to bid on various fake federal projects with the U.S. Department of Labor. Emails branded to look like legitimate communications from the DoL contain malicious links that, rather than leading to a government...

Will 2022 Be the Year of the Software Bill of Materials?

Here, have a can of soup. Nah, we don’t know what’s in it. Could be 30 percent insect parts, could be seasoned with rat hair, who can say? The ingredients keep changing anyway. Just pour it into your network and pray. That, unfortunately, is the current state of cybersecurity: a teeth-grinding...

The Log4j Vulnerability Puts Pressure on the Security World

It’s not my intention to be alarmist about the Log4j vulnerability CVE-2021-44228, known as Log4Shell, but this one is pretty bad. First of all, Log4j is a ubiquitous logging library that is very widely used by millions of computers. Second, the director of the U.S. Cybersecurity & Infrastructure...

Cybercriminals Actively Target VMware vSphere with Cryptominers

Organizations running sophisticated virtual networks with VMware’s vSphere service are actively being targeted by cryptojackers, who have figured out how to inject the XMRig commercial cryptominer into the environment, undetected. Uptycs’ Siddharth Sharma has released research showing threat acto...

New ‘White Rabbit’ Ransomware May Be New FIN8 Tool

A new ransomware family, White Rabbit, chewed through a local U.S. bank last month — and it may be connected to the financially motivated advanced persistent threat APT group known as FIN8, researchers said. In a Tuesday report, Trend Micro researchers said that this twicky wabbit knows how to...

Critical ManageEngine Desktop Server Bug Opens Orgs to Malware

A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central MSP platforms could allow authentication bypass, the company has warned. The bug CVE-2021-44757 could allow a remote user to “perform unauthorized actions in the server,” according to the company’s Mond...

Organizations Face a ‘Losing Battle’ Against Vulnerabilities

After a banner year for vulnerabilities and cyberattacks in 2021, organizations believe they are fighting a “losing battle” against security vulnerabilities and threats, “despite the billions of dollars spent collectively on cybersecurity technology,” according to an annual security report from...

Top Illicit Carding Marketplace UniCC Abruptly Shuts Down

A top underground market for buying and selling stolen credit-card details, UniCC, has announced it’s shutting down operations. The site accounted for about 30 percent of carding scam business and, since it was launched in 2013, handled about $358 million in cryptocurrency transactions, according...

Real Big Phish: Mobile Phishing & Managing User Fallibility

According to a recent survey from Ivanti, nearly three-quarters 74 percent of IT professionals reported that their organizations have fallen victim to a phishing attack – and 40 percent of those happened in the last month alone. Increasingly, mobile phishing is the culprit. What’s more, nearly ha...

Critical Cisco Contact Center Bug Threatens Customer-Service Havoc

A critical security bug affecting Cisco’s Unified Contact Center Enterprise UCCE portfolio could allow privilege-escalation and platform takeover. Cisco UCCE is an on-premises customer-service platform capable of supporting up to 24,000 customer-service agents using channels that include inbound...

‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites

Cyberattackers brought down around 70 Ukrainian government websites on Friday, defacing the site of the foreign ministry with a message to “Be afraid and expect the worst.” The huge attack hit on Friday, unfolding hours after Russia and Western allies wrapped up fruitless talks intended to...

Russian Security Takes Down REvil Ransomware Gang

At the request of U.S. authorities. Russia’s Federal Security Service FSB has swooped in to “liquidate” the REvil ransomware gang, it said on Friday. According to local reports, the country’s main security agency raided 25 locations in Leningrad, Lipetsk, Moscow and St. Petersburg, seizing assets...

Three Plugins with Same Bug Put 84K WordPress Sites at Risk

Researchers have discovered three WordPress plug-ins with the same vulnerability that allows an attacker to update arbitrary site options on a vulnerable site and completely take it over. Exploiting the flaw does require some action from the site administrator, however. On Nov. 5, 2021, the...

Microsoft Yanks Buggy Windows Server Updates

Microsoft has yanked the Windows Server updates it issued on Patch Tuesday after admins found that the updates had critical bugs that break three things: They trigger spontaneous boot loops on Windows servers that act as domain controllers, break Hyper-V and render ReFS volume systems unavailable...

North Korean APTs Stole ~$400M in Crypto in 2021

Vast amounts of cash sloshing around in cryptocurrency markets are proving irresistible for cybercriminals and scammers of all kinds. From basic financial pump-and-dump schemes to straight-up nation-state cybertheft, nascent crypto markets, and their investors – often with dubious understanding o...

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran

U.S. Cyber Command has confirmed that MuddyWater – an advanced persistent threat APT cyberespionage actor aka Mercury, Static Kitten, TEMP.Zagros or Seedworm that’s historically targeted government victims in the Middle East – is an Iranian intelligence outfit. The link has been suspected, and no...

New GootLoader Campaign Targets Accounting, Law Firms

Once prolific spreaders of REvil ransomware, the GootLoader malware gang has pivoted to actively targeting employees of law and accounting firms with malicious downloads. The Threat Response Unit from eSentire issued an alert about having over the past three weeks observed GootLoader attacks on...

Adobe Cloud Abused to Steal Office 365, Gmail Credentials

Attackers are leveraging Adobe Creative Cloud to target Office 365 users with malicious links that appear to be coming legitimately from Cloud users but instead direct victims to a link that steals their credentials, researchers have discovered. Researchers from Avanan, a Check Point company, fir...

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft

Remote Desktop Protocol RDP pipes have a security bug that could allow any standard, unprivileged Joe-Schmoe user to access other connected users’ machines. If exploited, it could lead to data-privacy issues, lateral movement and privilege escalation, researchers warned. Insider attackers could,...

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign

Cyberattackers are abusing Amazon Web Services AWS and Azure Cloud services to deliver a trio of remote access trojans RATs, researchers warned – all aimed at hoovering up sensitive information from target users. According to an analysis from Cisco Talos, threat actors have been pushing out...