News

Hackers target poorly secured Microsoft SQL and MySQL database servers to deploy the Gh0stCringe remote access trojans on vulnerable devices. Gh0stCringe, aka CirenegRAT, is a variant of Gh0st RAT malware that was most recently deployed in 2020 Chinese cyber-espionage operations but dates as far back as 2018. In a new report today by cybersecurity firm AhnLab, researchers …

Unsecured Microsoft SQL, MySQL servers hit by Gh0stCringe malware Read More »

A financially motivated threat actor has been observed deploying a previously unknown rootkit targeting Oracle Solaris systems with the goal of compromising Automatic Teller Machine (ATM) switching networks and carrying out unauthorized cash withdrawals at different banks using fraudulent cards. Threat intelligence and incident response firm Mandiant is tracking the cluster under the moniker UNC2891, …

Hackers Target Bank Networks with new Rootkit to Steal Money from ATM Machines Read More »

Google’s Threat Analysis Group (TAG) took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform (CVE-2021-40444) …

Google Uncovers ‘Initial Access Broker’ Working with Conti Ransomware Gang Read More »

The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content.” A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published on Wednesday, …

Phony Instagram ‘Support Staff’ Emails Hit Insurance Company Read More »

Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany. A multibillion supplier to key automotive companies like Toyota, Mercedes-Benz and Ford confirmed Monday that it was the target of a cyberattack over the weekend – confirmation that came after the Pandora …

Pandora Ransomware Hits Giant Automotive Supplier Denso Read More »

DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency. Israel’s Nation Cyber Directorate confirmed in a tweet on Monday that a denial-of-service (DDoS) attack against a telecommunications provider took down several government sites, as well as others not affiliated with the government. The incident led to the Directorate …

Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’ Read More »

Video game developer Ubisoft has confirmed that it suffered a ‘cyber security incident’ that caused disruption to its games, systems, and services. The announcement comes after multiple Ubisoft users had reported issues last week accessing their Ubisoft service. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, appears to be behind …

Ubisoft confirms ‘cyber security incident’, resets staff passwords Read More »

A cyberattack on Bridgestone Americas, one of the largest manufacturers of tires in the world, has been claimed by the LockBit ransomware gang. The threat actor announced that they will leak all data stolen from the company and launched a countdown timer, which is currently at less than three hours. Timer activated Bridgestone has tens …

Bridgestone Americas confirms ransomware attack, LockBit leaks data Read More »

The insidious Emotet botnet, which staged a return in November 2021 after a 10-month-long hiatus, is once again exhibiting signs of steady growth, amassing a swarm of over 100,000 infected hosts for perpetrating its malicious activities. “While Emotet has not yet attained the same scale it once had, the botnet is showing a strong resurgence …

Emotet Botnet’s Latest Resurgence Spreads to Over 100,000 Computers Read More »

A malicious campaign is installing RuRAT malware that provides remote access for compromised devices. The attackers are impersonating a venture capital firm wanting to invest money or purchase the victim’s site. Recently, BleepingComputer received a spear-phishing email from an IP address belonging to a U.K virtual server company. The email impersonated a venture capitalist interested in buying …

RuRAT Campaign Uses Innovative Lure to Target Potential Victims Read More »

A spear-phishing campaign has been identified targeting European government personnel helping Ukrainian refugees. The campaign is still ongoing and is being tracked as Asylum Ambuscade. According to Proofpoint, a nation-state actor is believed to have compromised a Ukrainian armed service member’s email account to target European government personnel aiding refugees fleeing Ukraine. The phishing messages included …

European Officials Aiding the Ukrainian Refugee Movement are Under Attack Read More »

Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. The company suspects this could have allowed “unauthorized access” to information about certain users on or before 2019. Based in New York City, Adafruit is a producer of open-source hardware components since 2005. The company designs, manufactures, and sells electronics products, tools, and accessories. …

Adafruit discloses data leak from ex-employee’s GitHub repo Read More »

​Mozilla has released Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0 to fix two critical zero-day vulnerabilities actively exploited in attacks. Both zero-day vulnerabilities are “Use-after-free” bugs, which is when a program tries to use memory that has been previously cleared. When threat actors exploit this type of bug, it can …

Mozilla Firefox 97.0.2 fixes two actively exploited zero-day bugs Read More »

The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company. The leak comes less than a week after Lapsus$ released a 20GB document archive from 1TB of data stolen from Nvidia GPU designer. Gang teases Samsung data leak In a …

Hackers leak 190GB of alleged Samsung data, source code Read More »

More than 71,000 employee credentials were stolen and leaked online following a data breach suffered by US chipmaker giant Nvidia last month. The Have I Been Pwned data breach notification service has added data belonging to 71,335 compromised accounts to its database on Wednesday. Have I Been Pwned says the stolen data contains “email addresses …

NVIDIA data breach exposed credentials of over 71,000 employees Read More »

The Security Service of Ukraine (SSU) said today “enemy” hackers are using compromised local government and regional authorities’ websites to push rumors that Ukraine surrendered and signed a peace treaty with Russia. SSU revealed this in a tweet further distributed by Ukraine’s State Service for Special Communication and Information Protection (SSSCIP) to Ukrainian Twitter users. “WARNING! ANOTHER FAKE! The enemy has broken into …

Ukraine says local govt sites hacked to push fake capitulation news Read More »

Cisco this week announced patches that address a couple of critical vulnerabilities in its Expressway Series and TelePresence Video Communication Server (VCS) unified communications products. Tracked as CVE-2022-20754 and CVE-2022-20755 and featuring a CVSS score of 9.0, the two security holes can be exploited by a remote, authenticated attacker to write files or execute code …

Cisco Patches Critical Vulnerabilities in Expressway, TelePresence VCS Products Read More »

The decryptor spilled by ContiLeaks won’t work with recent victims. Conti couldn’t care less: It’s still operating just fine. Still, the dump is a bouquet’s worth of intel. The pro-Ukraine member of the Conti ransomware gang who promised to eviscerate the extortionists after they pledged support for the Russian government has spilled yet more Conti guts: The …

Conti Ransomware Decryptor, TrickBot Source Code Leaked Read More »

Malicious Google Play apps have circumvented censorship by hiding trojans in software updates. The TeaBot banking trojan – also known as “Anatsa” – has been spotted on the Google Play store, researchers from Cleafy have discovered. The malware – designed to intercept SMS messages and login credentials from unwitting users – affected users of “more than …

TeaBot Trojan Haunts Google Play Store, Again Read More »

The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that’s found in a massive number of VoIP implementations. Some of the world’s most popular communication apps are using an open-source library riddled with newfound security holes. One thing this open-source, flawed library shares with the Apache Log4J …

RCE Bugs in Hugely Popular VoIP Apps: Patch Now! Read More »

The plants will shut down on Tuesday, halting about a third of the company’s global production. Toyota doesn’t know how long the 14 plants will be unplugged. What was potentially a cyberattack hit one of Toyota’s parts suppliers, causing the company to move to shut down about a third of the company’s global production tomorrow, …

Toyota to Close Japan Plants After Suspected Cyberattack Read More »

The Lapsus$ data extortion group has released what they claim to be data stolen from the Nvidia GPU designer. The cache is an archive that is almost 20GB large. While the U.S. chipmaker giant has yet to confirm a breach on its network, the threat actor has been active with messages about the alleged hack …

Hackers to NVIDIA: Remove mining cap or we leak hardware data Read More »

The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs – including crooks’ favorites, ProxyShell and ProxyLogon – as initial infection vectors. The ransomware gang known as “Cuba” is increasingly shifting to exploiting Microsoft Exchange vulnerabilities – including ProxyShell and ProxyLogon – as initial infection vectors, researchers have found. The group has likely been prying open …

Microsoft Exchange Bugs Exploited by ‘Cuba’ Ransomware Gang Read More »

Adobe updated its recent out-of-band security advisory to add another critical bug, while researchers put out a PoC for the one it emergency-fixed last weekend. Yet another zero-day bug has been discovered in the Magento Open Source and Adobe Commerce platforms, while researchers have created a working proof-of-concept (PoC) exploit for the recently patched CVE-2022-24086 …

New Critical RCE Bug Found in Adobe Commerce, Magento Read More »

After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware. TrickBot is a Windows malware platform that uses multiple modules for various malicious activities, including information stealing, …

Conti ransomware gang takes over TrickBot malware operation Read More »

Threat actors are infiltrating the increasingly popular collaboration app to attach malicious files to chat threads that drop system-hijacking malware. Threat actors are targeting Microsoft Teams users by planting malicious documents in chat threads that execute Trojans that ultimately can take over end-user machines, researchers have found. In January, researchers at Avanan, a Check Point …

Microsoft Teams Targeted With Takeover Trojans Read More »

A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview. Critical security vulnerabilities in Moxa’s MXview web-based network management system open the door to an unauthenticated remote code execution (RCE) as SYSTEM on any unpatched MXview server, researchers warned this week. …

Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa Read More »

A “deliberate and malicious” cyber-attack targeting Vodafone Portugal knocked mobile networks offline across the country this week. The incident, which started on Monday evening (February 7), suspended 4G and 5G networks for customers, as well as digital TV and SMS services. Vodafone said it has seen “no evidence” that customer data has been accessed or compromised due …

Cyber-attack at Vodafone Portugal knocks mobile network services offline Read More »

Threat actors have started distributing fake Windows 11 upgrade installers to users of Windows 10, tricking them into downloading and executing RedLine stealer malware. The timing of the attacks coincides with the moment that Microsoft announced Windows 11’s broad deployment phase, so the attackers were well-prepared for this move and waited for the right moment to maximize …

Fake Windows 11 upgrade installers infect you with RedLine malware Read More »

Aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays. The Swiss company provides services for cargo handling, security, maintenance, cleaning, and lounge hospitality for 310 airports in 50 countries. It handles 282 million passengers and 4.8 million tons of cargo every year, …

Swissport ransomware attack delays flights, disrupt operations Read More »

The company’s RV line of small-business routers contains 15 different security vulnerabilities, some unpatched, that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating. UPDATE Critical security vulnerabilities in Cisco’s Small Business RV Series routers could allow privilege escalation, remote code execution (RCE) with root privileges on …

Critical Cisco Bugs Open VPN Routers to Cyberattacks Read More »

Microsoft has added SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers’ email communication integrity and security. Redmond first announced MTA-STS’ introduction in September 2020, after revealing that it was also working on adding inbound and outbound support for DNSSEC (Domain Name System Security Extensions) and DANE for SMTP (DNS-based Authentication of Named Entities). “We have been validating …

Office 365 boosts email security against MITM, downgrade attacks Read More »

Hackers have exploited a vulnerability in the Wormhole cross-chain crypto platform to steal $326 million in cryptocurrency. Wormhole is a platform that allows users to transfer cryptocurrency across different blockchains. It does this by locking the original token in a smart contract and then minting a wrapped version of the stored token that can be transferred …

Wormhole cryptocurrency platform hacked to steal $326 million Read More »

The Conti gang strikes again, disrupting the nom-merchant’s supply chain and threatening supermarket shelves that could stay empty for weeks. KP Snacks, maker of the high-end Tyrrell’s and Popchips potato-chip brands, has suffered a ransomware attack that it said could affect deliveries to supermarkets through the end of March – at the earliest. The British …

KP Snacks Left with Crumbs After Ransomware Attack Read More »

A security researcher has publicly disclosed an exploit for a Windows local privilege elevation vulnerability that allows anyone to gain admin privileges in Windows 10. Using this vulnerability, threat actors with limited access to a compromised device can easily elevate their privileges to help spread laterally within the network, create new administrative users, or perform …

Windows vulnerability with new public exploits lets you become admin Read More »

The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims. Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits. Act fast if you have the goods and the moral equanimity, to make up to $400,000 for a …

Zerodium Spikes Payout for Zero-Click Outlook Zero-Days Read More »

QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics’ network has been crippled. Two Taiwanese companies were affected by separate ransomware incidents this week, forcing one to scramble to restore crippled systems and another to push out an emergency update to mitigate attacks on its customers. Delta …

Conti, DeadBolt Ransomwares Target Delta, QNAP Read More »

The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line. After remaining available for more than two weeks, a malicious two-factor authentication (2FA) application has been removed from Google Play — but not before it was downloaded more than 10,000 times. The app, which is fully functional …

2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play Read More »

Crypto.com has confirmed that a multi-million dollar cyber attack led to the compromise of around 400 of its customer accounts. Although, the company’s CEO stresses that customer funds are not at risk. With regards to daily trading volume, Crypto.com is reportedly the world’s third-largest cryptocurrency trading platform “on a mission to accelerate the world’s transition to cryptocurrency.” Crypto.com CEO: 400 …

Crypto.com confirms 483 accounts hacked, $34 million withdrawn Read More »

Researchers have discovered a critical vulnerability in the AWS Glue service, which could allow remote attackers to access sensitive data owned by large numbers of customers. Dubbed “Superglue” by the Orca Security Research Team, the bug was made possible by an internal misconfiguration within the service. AWS Glue is a serverless data integration service that allows …

AWS Patches Glue Bug That Put Customer Data at Risk Read More »

The latest Windows Server updates are causing severe issues for administrators, with domain controllers having spontaneous reboots, Hyper-V not starting, and inaccessible ReFS volumes until the updates are rolled back Yesterday, Microsoft released the Windows Server 2012 R2 KB5009624 update, the Windows Server 2019 KB5009557 update, and the Windows Server 2022 KB5009555 update as part …

New Windows Server updates cause DC boot loops, break Hyper-V Read More »

TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier to target more operating systems, macOS and Linux, in particular. The return of this malware strain was noticed last month, when threat actors used it in conjunction with the Log4Shell exploit to target vulnerable machines. Now, a report from Crowdstrike sheds more light on this …

TellYouThePass ransomware returns as a cross-platform Golang threat Read More »

A new multi-platform backdoor malware named ‘SysJoker’ has emerged in the wild, targeting Windows, Linux, and macOS with the ability to evade detection on all three operating systems. The discovery of the new malware comes from researchers at Intezer who first saw signs of its activity in December 2021 after investigating an attack on a …

New SysJoker backdoor targets Windows, macOS, and Linux Read More »

A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said. Attackers are using the “Comments” feature of Google Docs to send malicious links in a phishing campaign targeted primarily at Outlook users, researchers have discovered. Researchers from email collaboration and security …

Attackers Exploit Flaw in Google Docs’ Comments Feature Read More »

Apache, which name has been in the news for the past two weeks due to the severe vulnerability in the logging library, issued yet another update. This time, it has nothing to do with the Log4j vulnerability (dubbed Log4Shell). Apache issued the patch addressing two CVE-numbered flaws affecting the httpd server. According to the cybersecurity …

Apache found critical bugs in httpd web server Read More »

Microsoft is warning of continuing attempts by nation-state adversaries and commodity attackers to take advantage of security vulnerabilities uncovered in the Log4j open-source logging framework to deploy malware on vulnerable systems. “Exploitation attempts and testing have remained high during the last weeks of December,” Microsoft Threat Intelligence Center (MSTIC) said in revised guidance published earlier this week. “We have …

Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities Read More »

T-Mobile has suffered another cyberattack after being rocked by a massive data breach in August. This time around, attackers accessed “a small number of” customers’ accounts, according to documents posted by The T-Mo Report. According to the report, customers either fell victim to a SIM swapping attack (which could allow someone to bypass SMS-powered two-factor authentication), had personal plan information …

Another T-Mobile cyberattack reportedly exposed customer info and SIMs Read More »

Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution. Cyber criminals, under the moniker Aquatic Panda, are the latest advanced persistent threat group (APT) to exploit the Log4Shell vulnerability. Researchers from CrowdStrike Falcon OverWatch recently disrupted the threat actors using Log4Shell exploit tools on a …

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools Read More »

Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to “trivially and reliably” bypass a “myriad of foundational macOS security mechanisms” and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), the …

Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security Read More »

The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities. The Microsoft Azure App Service has a four-year-old vulnerability that could reveal the source code of web apps written in PHP, Python, Ruby or Node, researchers said, that were deployed using Local Git. The bug has …

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code Read More »

Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. A proof-of-concept tool has been published that leverages two Windows Active Directory bugs fixed last month that, when chained, can allow easy Windows domain takeover. In a Monday alert, Microsoft urged organizations to immediately …

Two Active Directory Bugs Lead to Easy Windows Domain Takeover Read More »

APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence. Another Zoho ManageEngine zero-day vulnerability is under active attack from an APT group, this time looking to override legitimate functions of servers running ManageEngine Desktop Central and elevate privileges — with an ultimate goal …

FBI: Another Zoho ManageEngine Zero-Day Under Active Attack Read More »

A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned. According to the National Crime Agency’s National Cyber Crime Unit in the U.K., nearly 586 million sets of credentials had been collected in a compromised cloud storage facility, free for the taking by any cybercrime …

Half-Billion Compromised Credentials Lurking on Open Cloud Server Read More »

Researchers have disclosed security vulnerabilities in handover, a fundamental mechanism that undergirds modern cellular networks, which could be exploited by adversaries to launch denial-of-service (DoS) and man-in-the-middle (MitM) attacks using low-cost equipment. The “vulnerabilities in the handover procedure are not limited to one handover case only but they impact all different handover cases and scenarios …

New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G Read More »

A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users’ contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge. The latest Joker malware was found in a messaging-focused app named Color Message (“com.guo.smscolor.amessage”), which …

Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store Read More »

The issues with Log4j continued to stack up as the Apache Software Foundation (ASF) on Friday rolled out yet another patch — version 2.17.0 — for the widely used logging library that could be exploited by malicious actors to stage a denial-of-service (DoS) attack. Tracked as CVE-2021-45105 (CVSS score: 7.5), the new vulnerability affects all versions of …

Apache Issues 3rd Patch to Fix New High-Severity Log4j Vulnerability Read More »

Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection. “This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability,” Matthew …

New Local Attack Vector Expands the Attack Surface of Log4j Vulnerability Read More »

A new JavaScript-based remote access Trojan (RAT) propagated via a social engineering campaign has been observed employing sneaky “fileless” techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion’s Adversarial Counterintelligence Team (PACT), the malware uses a resilient domain generation algorithm (DGA) to identify its command-and-control (C2) infrastructure and …

New Fileless Malware Uses Windows Registry as Storage to Evade Detection Read More »

Malicious actors are deploying a previously undiscovered binary, an Internet Information Services (IIS) webserver module dubbed “Owowa,” on Microsoft Exchange Outlook Web Access servers with the goal of stealing credentials and enabling remote command execution. “Owowa is a C#-developed .NET v4.0 assembly that is intended to be loaded as a module within an IIS web …

Hackers Using Malicious IIS Server Module to Steal Microsoft Exchange Credentials Read More »

Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to pummel unpatched systems with a variety of malware. The new vulnerability, assigned …

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges Read More »

The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said. The routers leveraged by the Mēris botnet in a massive distributed denial-of-service (DDoS) attack against Russia’s internet giant Yandex have also been the unwitting platform for numerous cyberattacks, researchers have found. …

How MikroTik Routers Became a Cybercriminal Target Read More »

The move delivers a blow to the hackers behind sophisticated attacks on government agencies, think tanks, and other organizations. MICROSOFT SAID IT has seized control of servers that a China-based hacking group was using to compromise targets that align with that country’s geopolitical interests. The hacking group, which Microsoft has dubbed Nickel, has been in Microsoft’s …

Microsoft Seizes Domains Used by a Chinese Hacking Group Read More »

The malware’s unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely. Google’s Threat Analysis Group (TAG) has disrupted the blockchain-enabled botnet known as Glupteba, which is made up of around 1 million compromised Windows and internet of things (IoT) devices. In tandem, Google also filed a lawsuit against the botnet’s operators. Glupteba, already …

Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators Read More »

Users looking to activate Windows without using a digital license or a product key are being targeted by tainted installers to deploy malware designed to plunder credentials and other information in cryptocurrency wallets. The malware, dubbed “CryptBot,” is an information stealer capable of obtaining credentials for browsers, cryptocurrency wallets, browser cookies, credit cards, and capturing …

Malicious KMSPico Windows Activator Stealing Users’ Cryptocurrency Wallets Read More »

Cryptocurrency trading platform BitMart has disclosed a “large-scale security breach” that it blamed on a stolen private key, resulting in the theft of more than $150 million in various cryptocurrencies. The breach is said to have impacted two of its hot wallets on the Ethereum (ETH) blockchain and the Binance smart chain (BSC). The company noted that …

Hackers Steal $200 Million Worth of Cryptocurrency Tokens from BitMart Exchange Read More »

Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data. The global pandemic has provided cover for all sorts of phishing scams over the past couple of years, and the rise in alarm over the spread of the latest COVID-19 variant, Omicron, is no exception. As public health professionals across …

Omicron Phishing Scam Already Spotted in UK Read More »

Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found. The ransomware business is booming, and feeble corporate security and a flourishing ransomware-as-a-service (RaaS) affiliate market are to blame, researchers say. Access to compromised networks is cheap, thanks to a rise in the number of initial-access brokers …

‘Double-Extortion’ Ransomware Damage Skyrockets 935% Read More »

Newer, More Capable Aberebot Banking Trojan Variant on Sale for $7,000 on Dark Web A new variant of the Aberebot banking malware, targeting 213 banking apps and nine crypto wallet apps in 22 countries, has been uncovered by researchers. Named Aberebot-2.0, the Telegram-based malware is the new version of the Aberebot Android banking Trojan discovered …

Report: Aberebot-2.0 Hits Banking Apps and Crypto Wallets Read More »

The long-lasting effects of the pandemic can still be seen today across many different industries. Multiple waves of infections are still currently happening in countries around the world, even though vaccination numbers are at their highest point. Healthcare services are still at their toes in battling the number of infections soaring day by day. Their …

Cybersecurity’s Influences Towards The Healthcare Industry Read More »

On Friday, the tech giant said its network was illegally accessed on November 11. Tech manufacturing giant Panasonic has confirmed that its network was accessed illegally this month during a cyberattack. In a statement released on Friday, the Japanese company said it was attacked on November 11 and determined that “some data on a file server had …

Panasonic Confirms Cyberattack and Data Breach Read More »

A major cyberattack recently struck Swedish retail giant IKEA with malicious actors targeting and phishing for internal mailboxes of employees of the company. According to BleepingComputer who accessed an internal alert email sent by IKEA, the retail giant suffered a reply-chain phishing attack. The attackers are leveraging stolen reply-chain emails to carry out the phishing …

IKEA Hit by Sophisticated Malware Attack Leveraging Internal Emails Read More »

A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named “Babadeda” that’s capable of bypassing antivirus solutions and stage a variety of attacks. “[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even LockBit ransomware,” …

Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable Read More »

Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords, and more were stolen. The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected. The additional affected companies are …

GoDaddy Breach Widens to Include Reseller Subsidiaries Read More »

Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a “massive eavesdrop campaign” without the users’ knowledge. The discovery of the flaws is the result of …

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally Read More »

A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices. Why would a game about a cat’s “cute diary” need permission to make phone calls or suss out your location? It doesn’t: “Cat cute diary” is one of 190 …

9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery Read More »

GoDaddy Managed WordPress hosting customers suffered a data breach. Passwords have been reset but effects may still be persist. Over one million GoDaddy hosting customers suffered a data breach in September 2021 that went unnoticed for two months. GoDaddy described the security event as a vulnerability. Security researchers indicate that the cause of the vulnerability …

Why GoDaddy Data Breach Of +1 Million Clients Is Worse Than Described Read More »

Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes. Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found. Researchers at Palo …

Common Cloud Misconfigurations Exploited in Minutes, Report Read More »

French firm Bureau Veritas, which specializes in laboratory testing, inspection and certification services, has reported a cyberattack that affected its cybersecurity system. The security breach was detected on 20 November. As a preventive measure, the company took all its servers and data offline for a temporary period. At present, further investigations and corrective procedures are …

Bureau Veritas hit by cyberattack on cybersecurity system Read More »

Pen Test Partners didn’t disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm. Sky, a U.K. broadband provider, left about 6 million customers’ underbellies exposed to attackers who could remotely sink their fangs into their home networks: a nice, …

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years Read More »

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible …

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells Read More »

Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as CVE-2021-34991 (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead to code execution with the highest …

Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models Read More »

The MICROP ransomware spreads via Google Drive and locally stored passwords. Secure email gateway (SEG) protections aren’t necessarily enough to stop phishing emails from delivering ransomware to employees, especially if the cybercrooks are using legitimate cloud services to host malicious pages. Researchers are raising the alarm over a phishing email kicking off a Halloween-themed MICROP …

Ransomware Phishing Emails Sneak Through SEGs Read More »

The bureau’s flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets’ networks. A threat actor has been exploiting a zero-day vulnerability in FatPipe’s virtual private network (VPN) devices as a way to breach companies and gain access to their internal networks, since …

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months Read More »

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple Fortinet FortiOS vulnerabilities …

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws Read More »

The FBI and Cybersecurity and Infrastructure Security Agency said they were aware of the fake emails sent from the FBI account, but declined to share more information. An apparently malicious hacker sent spam emails from an FBI email server Friday night to at least 100,000 people, an email spam watchdog group has found. The person’s …

Hacker sends spam to 100,000 from FBI email address Read More »

BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities. Newly surfaced malware that is difficult to detect and written in Google’s open-source programming language has the potential to exploit millions of routers and IoT devices, researchers have found. Discovered by researchers at AT&T AlienLabs, BotenaGo can exploit more than 30 different vulnerabilities to …

Millions of Routers, IoT Devices at Risk from New Open-Source Malware Read More »

Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services. Costco has discovered a payment card skimming device at one of its retail stores and has sent out notification letters informing customers that their card data may have been ripped off if …

Costco Confirms: A Data Skimmer’s Been Ripping Off Customers Read More »

The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials. A new business email compromise (BEC) campaign targeting Microsoft 365 users is using a range of sophisticated obfuscation tactics within phishing emails that can fool natural language processing filters and are undetectable to end users. …

Tiny Font Size Fools Email Filters in BEC Phishing Read More »

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of critical vulnerabilities affecting Philips Tasy electronic medical records (EMR) system that could be exploited by remote threat actors to extract sensitive personal data from patient databases. “Successful exploitation of these vulnerabilities could result in patients’ confidential data being exposed or extracted from Tasy’s database, give unauthorized …

Critical Flaws in Philips TASY EMR Could Expose Patient Data Read More »

A savvy campaign impersonating the cybersecurity company skated past Microsoft email security. Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims’ Microsoft Office 365 and Google email credentials. According to researchers at Armorblox, they spotted one such campaign lobbed at an unnamed global communications company, with nearly a thousand …

Proofpoint Phish Harvests Microsoft O365, Google Logins Read More »

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as CVE-2021-43267 (CVSS score: 9.8), the heap overflow vulnerability “can be exploited locally …

Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module Read More »

The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victims’ machines to steal credentials and personal info. A new Magecart threat actor is stealing people’s payment card info from their browsers using a digital skimmer that uses a unique form of evasion to bypass virtual machines (VM) …

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar Read More »

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from …

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access Read More »

A possible cyber attack against the healthcare system in the Canadian province of Newfoundland has disrupted services and forced the cancellation of some appointments, health authorities said on Monday. An investigation was underway to understand the nature and extent of the attack, which was detected on Saturday, health minister John Haggie told reporters. “This led …

Possible cyberattack disrupts healthcare services in Canadian province -minister Read More »

A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that’s semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed “Trojan Source attacks,” the technique “exploits subtleties in text-encoding standards such as Unicode to …

New ‘Trojan Source’ Technique Lets Hackers Hide Vulnerabilities in Source Code Read More »

Cybersecurity researchers disclosed details of what they say is the “largest botnet” observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users. Qihoo 360’s Netlab security team dubbed …

Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million Devices Read More »