Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts

Scammers are taking full advantage of the launch of Google’s new TikTok competitor, YouTube Shorts, which has turned out to be an awesome tool for feeding billions of engaged viewers stolen content. That content is being used to run rackets like promoting adult dating websites, hustling diet pill...

New York AG Warns 17 Firms of Credential Attacks

New York Attorney General Letitia James reported 1.1 million credentials tied to 17 “well known” state businesses were compromised in recent cyberattacks. According to the alert, many of the firms were unaware that that their customer’s passwords had been compromised. The bulletin was issued...

Phishers Rip Off High-Profile EA Gamers

Electronic Arts EA has attributed a recent series of takeovers of high-profile accounts of FIFA Ultimate Team players to “human error” within its customer experience team, some of whom apparently fell prey to a socially engineered phishing attack. After a number of top traders of FIFA’s Ultimate...

Here’s REALLY How to Do Zero-Trust Security

Zero-trust is without a doubt the new buzzword of cybersecurity, and a trend that has dominated discussions around the security priorities of both public and private-sector organizations over the past several years. It’s an approach that treats each and every user, device, application and workloa...

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days. The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows...

MacOS Bug Could Let Creeps Snoop On You

Microsoft on Monday released details about a bug in macOS that Apple fixed last month – named “powerdir” – that could let attackers hijack apps, install their own nasty apps, use the microphone to eavesdrop or grab screenshots of whatever’s displayed on your screen. The vulnerability allows...

WordPress Bugs Exploded in 2021, Most Exploitable

Last year brought forth much more than a Ben Affleck-Jennifer Lopez reunion – analysts found the number of exploitable WordPress plugin vulnerabilities exploded. Researchers from RiskBased Security reported they found the number of WordPress Plugin vulnerabilities rose by triple digits in 2021...

FIN7 Mails Malicious USB Sticks to Drop Ransomware

Ransomware gangs are mailing malicious USB drives, posing as the U.S. Department of Health and Human Services HHS and/or Amazon to target the transportation, insurance and defense industries for ransomware infection, the FBI warned on Friday. In a security alert sent to organizations, the FBI sai...

‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS

A brand-new multiplatform malware, likely distributed via malicious npm packages, is spreading under the radar with Linux and Mac versions going fully undetected in VirusTotal, researchers warned. The Windows version, according to a Tuesday writeup from Intezer, has only six detections as of this...

Critical SonicWall NAC Vulnerability Stems from Apache Mods

Rapid7 has offered up more details on a SonicWall critical flaw that allows for unauthenticated remote code execution RCE on affected devices, noting that it arises from tweaks that the vendor made to the Apache httpd server. The bug CVE-2021-20038 is one of five vulnerabilities discovered in its...

Millions of Routers Exposed to RCE by USB Kernel Bug

Millions of popular end-user routers are at risk of remote code execution RCE due to a high-severity flaw in the KCodes NetUSB kernel module. The module enables remote devices to connect to routers over IP and access any USB devices such as printers, speakers, webcams, flash drives and other...

URL Parsing-Library Bugs Allow DoS, RCE, Spoofing & More

Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service DoS conditions, information leaks and remote code execution RCE in various web applications, researchers are warning. The bugs were found in third-party web...

Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High

2021 dragged itself to a close under a Log4Shell-induced blitzkrieg. With millions of Log4j-targeted attacks clocking in per hour since the flaw’s discovery last month, there’s been a record-breaking peak of 925 cyberattacks a week per organization, globally. The number comes out of a Monday repo...

EoL Systems Stonewalling Log4j Fixes for Fed Agencies

Last month, federal agencies were given a Christmas Eve deadline – Dec. 24 – to address the “extremely concerning” Log4j and other vulnerabilities. Nobody said it would be easy. Besides the difficulty of tracking down all instances of the ubiquitous Apache logging library, the job of patching the...

Cyberattackers Hit Data of 80K Patients at Fertility Centers of Illinois

The protected health information of nearly 80,000 patients of Fertility Centers of Illinois FCI may have been pawed over by cyber intruders following a cyberattack. FCI runs four clinics across Illinois. According to the U.S. Department of Health and Human Services HHS Office for Civil Rights’ da...

3.7M FlexBooker Records Dumped on Hacker Forum

A threat group that identifies itself as Uawrongteam is dumping data stolen from FlexBooker – a popular online appointment scheduling tool for booking services ranging from counseling to haircuts – on a cybercriminal forum. FlexBooker sent a notification to its users, explaining that its Amazon A...

QNAP: Get NAS Devices Off the Internet Now

Get your internet-exposed, network-attached storage NAS devices off the internet now, Taiwanese manufacturer QNAP warns: Ransomware and brute-force attacks are widely targeting all network devices. “The most vulnerable victims will be those devices exposed to the Internet without any protection,”...

Log4J-Related RCE Flaw in H2 Database Earns Critical Warning

Researchers discovered a bug related to the Log4J logging library vulnerability, which in this case opens the door for an adversary to execute remote code on vulnerable systems. However, this flaw does not pose the same risk as the previously identified in Log4Shell, they said. JFrog security...

Activision Files Unusual Lawsuit over Call of Duty Cheat Codes

Activision, publisher of the enormously popular gaming franchise Call of Duty, has taken an extraordinary step to try and shut down cheat software by suing the popular site EngineOwning EO. EO develops and sells software tools to players looking for an edge. EO cheats for Call of Duty include...

Google Voice Authentication Scam Leaves Victims on the Hook

Fluffy is missing. You post your lost pet’s photo online, hoping that some good Samaritan will find Fluffy, listing your phone number and crossing your fingers. You get a text or email from somebody who thinks they’ve found Fluffy – or, say, somebody who wants to buy that scruffy old couch you...

Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover

A security vulnerability in VMware’s Cloud Foundation, ESXi, Fusion and Workstation platforms could pave the way for hypervisor takeover in virtual environments – and a patch is still pending for some users. The issue affects a wide swath of the virtualization specialist’s portfolio and affects...

Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying

In the world of mobile malware, simply shutting down a device can often wipe out any bad code, given that persistence after rebooting is a challenge for traditional malicious activity. But a new iPhone technique can hijack and prevent any shut-down process that a user initiates, simulating a real...

Attackers Exploit Flaw in Google Docs’ Comments Feature

Attackers are using the “Comments” feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers have discovered. Researchers from email collaboration and security firm Avanan, a CheckPoint company, first observed “a new, massive wave of...

1.1M Compromised Accounts Found at 17 Major Companies

There have been more than 1.1 million online accounts compromised in a series of credential-stuffing attacks against 17 different companies, according to a New York State investigation. Credential-stuffing attacks, such as last year’s attack on Spotify, use automated scripts to try high volumes o...

‘Elephant Beetle’ Lurks for Months in Networks

Researchers have identified a threat group that’s been quietly siphoning off millions of dollars from financial- and commerce-sector companies, spending months patiently studying their targets’ financial systems and slipping in fraudulent transactions amongst regular activity. The Sygnia Incident...

Broward Breach Highlights Healthcare Supply-Chain Problems

This week’s announcement by Florida’s Broward Health System that the most intimate medical data of 1,357,879 of its patients was breached in the fall should serve as a warning that the healthcare software supply chain will be a juicy target for cybercriminals as we head into 2022, researchers war...

Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails

A security vulnerability that would allow malicious attackers to send email from Uber’s network appears to be closed – but users could have been swindled already. The easy-to-find bug has been hanging around for years, ready to take Uber’s customers for a ride of a very different sort. According ...

FTC to Go After Companies that Ignore Log4j

The Federal Trade Commission FTC will muster its legal muscle to pursue companies and vendors that fail to protect consumer data from the risks of the Log4j vulnerabilities, it warned on Tuesday. “The FTC intends to use its full legal authority to pursue companies that fail to take reasonable ste...

‘Malsmoke’ Exploits Microsoft’s E-Signature Verification

Threat actors are exploiting Microsoft’s digital signature verification to steal user credentials and other sensitive information by delivering the ZLoader malware, which previously has been used to distribute Ryuk and Conti ransomware, researchers have found. Researchers at Check Point Research...

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library. “We have...

SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More

Gaming giant SEGA Europe recently discovered that its sensitive data was being stored in an unsecured Amazon Web Services AWS S3 bucket during a cloud-security audit, and it’s sharing the story to inspire other organizations to double-check their own systems. Researcher Aaron Phillips with VPN...

Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites

UPDATE A supply-chain campaign infecting Sotheby’s real-estate websites with data-stealing skimmers was recently observed being distributed via a Brightcove cloud-video platform instance. According to Palo Alto Networks’ Unit 42 division, researchers noticed that most of the activity affected...

Purple Fox Rootkit Dropped by Malicious Telegram Installers

A malicious Telegram instant-messaging app installer scurries past a slew of antivirus AV engines to deliver Purple Fox malware, evading detection by separating the attack into bite-sized morsels that fly under the radar. In a Monday report, Minerva Labs said that the attack evades detection by A...

McMenamins Data Breach Affects 12 Years of Employee Info

A ransomware attack on the McMenamins dining and hospitality empire in the Pacific Northwest came along with a data breach covering 12 years of employee data, the organization has confirmed. The Dec. 12 incident – which some have attributed to the Conti gang – forced McMenamins to shut down vario...

Portugal Media Giant Impresa Crippled by Ransomware AttackMedia Giant Impresa Crippled by Ransomware Attack

Media giant Impresa, which owns the largest television station and newspaper in Portugal, was crippled by a ransomware attack just hours into 2022. The suspected ransomware gang behind the attack goes by the name Lapsus$. The attack included Impresa-owned website Expresso newspaper and television...

What the Rise in Cyber-Recon Means for Your Security Strategy

As we move into 2022, bad actors are ramping up their reconnaissance efforts to ensure more successful and more impactful cyberattacks. And that means more zero-day exploits are on the horizon. When seen through an attack chain such as the MITRE ATT&CK framework, campaigns are frequently discusse...

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group APT to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a vulnerable VMware installation during...

Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. TL; DR ------ Analysis of...

Cryptomining Attack Exploits Docker API Misconfiguration Since 2019

Hackers behind a cryptomining campaign have managed to avoid detection since 2019. The attacks exploited misconfigured Docker APIs that allowed them to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency, researchers said. The attack technique is...

5 Cybersecurity Trends to Watch in 2022

No one could have predicted the sheer chaos the cybersecurity industry would experience over the course of 2021. Record-annihilating numbers of ransomware attacks, SolarWinds’ supply-chain havoc and most recently, the discovery of Log4j by…Minecraft gamers. All of it would have sounded too wild f...

That Toy You Got for Christmas Could Be Spying on You

Many adults found it charming when Mattel upgraded its classic Fisher-Price Chatter telephone for its 60th anniversary in October with actual Bluetooth capabilities, so grownups, too, can use it — and for actual mobile phone calls. But flaws in the way the toy pairs with Bluetooth means that othe...

2021 Wants Another Chance (A Lighter-Side Year in Review)

Dear everybody who’s developed stress-related hives over the ever-evolving Log4Shell cluster-muck: 2021 has asked us to convey its apologies. And it hastens to add, “Awww, geez, c’mon, it wasn’t all bad.” Indeed, amid all of the serious cybersecurity developments, the year also brought us...

Global Cyberattacks from Nation-State Actors Posing Greater Threats

The macro-trend I’m most alarmed by today is the fact that attackers don’t seem to care about getting caught anymore. We have seen an increase in temerity of attacks by nation-states, such as the Russian attack on SolarWinds, and seen their attack tactics shift from targeted, stealthy operations...

The 5 Most-Wanted Threatpost Stories of 2021

As 2021 draws to a close, and the COVID-19 pandemic drags on, it’s time to take stock of what resonated with our 1 million+ monthly visitors this year, with an eye to summing up some hot trends gleaned from looking at the most-read stories on the Threatpost site. While 2020 was all about...

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code

The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The bug has almost certainly been exploited in the wild as a zero-day, according to an analys...

Telegram Abused to Steal Crypto-Wallet Credentials

Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found. Researchers at the SafeGuard Cyber’s Division Seven threat...

‘Spider-Man: No Way Home’ Download Installs Cryptominer

Global buzz around the release of Spider-Man: No Way Home is making tons of online noise – an ideal environment for cybercriminals to spread a Monero cryptominer disguised as a download of the newly released film. A torrent download of Spider-Man: No Way Home is circulating, infected with a...

PYSA Emerges as Top Ransomware Actor in November

PYSA, which is also known by Mespinoza, has overtaken Conti as the top ransomware threat group for the month of November. It joined Lockbit, which has dominated the space since August. According to NCC Group’s November insights on the ransomware sector, PYSA increased its market share with a 50...

All in One SEO Plugin Bug Threatens 3M Websites with Takeovers

A popular WordPress SEO-optimization plugin, called All in One SEO, has a pair of security vulnerabilities that, when combined into an exploit chain, could leave website owners open to site takeover. The plugin is used by more than 3 million websites. An attacker with an account with the site –...

Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS

Don’t duck at the latest mention of Apache: Two critical bugs in its HTTP web server – HTTPD – need to be patched pronto, lest they lead to attackers triggering denial of service DoS or bypassing your security policies. Apache, the open-source software foundation behind the Log4J logging library...