News

IKEA Hit by Sophisticated Malware Attack Leveraging Internal Emails

A major cyberattack recently struck Swedish retail giant IKEA with malicious actors targeting and phishing for internal mailboxes of employees of the company. According to BleepingComputer who accessed an internal alert email sent by IKEA, the retail giant suffered a reply-chain phishing attack. The attackers are leveraging stolen reply-chain emails to carry out the phishing …

IKEA Hit by Sophisticated Malware Attack Leveraging Internal Emails Read More »

Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable

A new malware campaign has been discovered targeting cryptocurrency, non-fungible token (NFT), and DeFi aficionados through Discord channels to deploy a crypter named “Babadeda” that’s capable of bypassing antivirus solutions and stage a variety of attacks. “[T]his malware installer has been used in a variety of recent campaigns to deliver information stealers, RATs, and even LockBit ransomware,” …

Crypto Hackers Using Babadeda Crypter to Make Their Malware Undetectable Read More »

GoDaddy Breach Widens to Include Reseller Subsidiaries

Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords, and more were stolen. The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress were also affected. The additional affected companies are …

GoDaddy Breach Widens to Include Reseller Subsidiaries Read More »

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally

Multiple security weaknesses have been disclosed in MediaTek system-on-chips (SoCs) that could have enabled a threat actor to elevate privileges and execute arbitrary code in the firmware of the audio processor, effectively allowing the attackers to carry out a “massive eavesdrop campaign” without the users’ knowledge. The discovery of the flaws is the result of …

Eavesdropping Bugs in MediaTek Chips Affect 37% of All Smartphones and IoT Globally Read More »

9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery

A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices. Why would a game about a cat’s “cute diary” need permission to make phone calls or suss out your location? It doesn’t: “Cat cute diary” is one of 190 …

9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery Read More »

Why GoDaddy Data Breach Of +1 Million Clients Is Worse Than Described

GoDaddy Managed WordPress hosting customers suffered a data breach. Passwords have been reset but effects may still be persist. Over one million GoDaddy hosting customers suffered a data breach in September 2021 that went unnoticed for two months. GoDaddy described the security event as a vulnerability. Security researchers indicate that the cause of the vulnerability …

Why GoDaddy Data Breach Of +1 Million Clients Is Worse Than Described Read More »

Common Cloud Misconfigurations Exploited in Minutes, Report

Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes. Poorly configured cloud services can be exploit by threat actors in minutes and sometimes in under 30 seconds. Attacks include network intrusion, data theft and ransomware infections, researchers have found. Researchers at Palo …

Common Cloud Misconfigurations Exploited in Minutes, Report Read More »

Bureau Veritas hit by cyberattack on cybersecurity system

French firm Bureau Veritas, which specializes in laboratory testing, inspection and certification services, has reported a cyberattack that affected its cybersecurity system. The security breach was detected on 20 November. As a preventive measure, the company took all its servers and data offline for a temporary period. At present, further investigations and corrective procedures are …

Bureau Veritas hit by cyberattack on cybersecurity system Read More »

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years

Pen Test Partners didn’t disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm. Sky, a U.K. broadband provider, left about 6 million customers’ underbellies exposed to attackers who could remotely sink their fangs into their home networks: a nice, …

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years Read More »

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells

Cybersecurity researchers have uncovered as many as 11 malicious Python packages that have been cumulatively downloaded more than 41,000 times from the Python Package Index (PyPI) repository, and could be exploited to steal Discord access tokens, passwords, and even stage dependency confusion attacks. The Python packages have since been removed from the repository following responsible …

11 Malicious PyPI Python Libraries Caught Stealing Discord Tokens and Installing Shells Read More »

Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models

Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as CVE-2021-34991 (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office (SOHO) routers can lead to code execution with the highest …

Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models Read More »

Ransomware Phishing Emails Sneak Through SEGs

The MICROP ransomware spreads via Google Drive and locally stored passwords. Secure email gateway (SEG) protections aren’t necessarily enough to stop phishing emails from delivering ransomware to employees, especially if the cybercrooks are using legitimate cloud services to host malicious pages. Researchers are raising the alarm over a phishing email kicking off a Halloween-themed MICROP …

Ransomware Phishing Emails Sneak Through SEGs Read More »

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months

The bureau’s flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets’ networks. A threat actor has been exploiting a zero-day vulnerability in FatPipe’s virtual private network (VPN) devices as a way to breach companies and gain access to their internal networks, since …

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months Read More »

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple Fortinet FortiOS vulnerabilities …

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws Read More »

Hacker sends spam to 100,000 from FBI email address

The FBI and Cybersecurity and Infrastructure Security Agency said they were aware of the fake emails sent from the FBI account, but declined to share more information. An apparently malicious hacker sent spam emails from an FBI email server Friday night to at least 100,000 people, an email spam watchdog group has found. The person’s …

Hacker sends spam to 100,000 from FBI email address Read More »

Millions of Routers, IoT Devices at Risk from New Open-Source Malware

BotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities. Newly surfaced malware that is difficult to detect and written in Google’s open-source programming language has the potential to exploit millions of routers and IoT devices, researchers have found. Discovered by researchers at AT&T AlienLabs, BotenaGo can exploit more than 30 different vulnerabilities to …

Millions of Routers, IoT Devices at Risk from New Open-Source Malware Read More »

Costco Confirms: A Data Skimmer’s Been Ripping Off Customers

Big-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services. Costco has discovered a payment card skimming device at one of its retail stores and has sent out notification letters informing customers that their card data may have been ripped off if …

Costco Confirms: A Data Skimmer’s Been Ripping Off Customers Read More »

Tiny Font Size Fools Email Filters in BEC Phishing

The One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials. A new business email compromise (BEC) campaign targeting Microsoft 365 users is using a range of sophisticated obfuscation tactics within phishing emails that can fool natural language processing filters and are undetectable to end users. …

Tiny Font Size Fools Email Filters in BEC Phishing Read More »

Critical Flaws in Philips TASY EMR Could Expose Patient Data

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of critical vulnerabilities affecting Philips Tasy electronic medical records (EMR) system that could be exploited by remote threat actors to extract sensitive personal data from patient databases. “Successful exploitation of these vulnerabilities could result in patients’ confidential data being exposed or extracted from Tasy’s database, give unauthorized …

Critical Flaws in Philips TASY EMR Could Expose Patient Data Read More »

Proofpoint Phish Harvests Microsoft O365, Google Logins

A savvy campaign impersonating the cybersecurity company skated past Microsoft email security. Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims’ Microsoft Office 365 and Google email credentials. According to researchers at Armorblox, they spotted one such campaign lobbed at an unnamed global communications company, with nearly a thousand …

Proofpoint Phish Harvests Microsoft O365, Google Logins Read More »

Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel’s Transparent Inter Process Communication (TIPC) module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as CVE-2021-43267 (CVSS score: 9.8), the heap overflow vulnerability “can be exploited locally …

Critical RCE Vulnerability Reported in Linux Kernel’s TIPC Module Read More »

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar

The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victims’ machines to steal credentials and personal info. A new Magecart threat actor is stealing people’s payment card info from their browsers using a digital skimmer that uses a unique form of evasion to bypass virtual machines (VM) …

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar Read More »

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access

Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems. Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from …

Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access Read More »

Possible cyberattack disrupts healthcare services in Canadian province -minister

A possible cyber attack against the healthcare system in the Canadian province of Newfoundland has disrupted services and forced the cancellation of some appointments, health authorities said on Monday. An investigation was underway to understand the nature and extent of the attack, which was detected on Saturday, health minister John Haggie told reporters. “This led …

Possible cyberattack disrupts healthcare services in Canadian province -minister Read More »

New ‘Trojan Source’ Technique Lets Hackers Hide Vulnerabilities in Source Code

A novel class of vulnerabilities could be leveraged by threat actors to inject visually deceptive malware in a way that’s semantically permissible but alters the logic defined by the source code, effectively opening the door to more first-party and supply chain risks. Dubbed “Trojan Source attacks,” the technique “exploits subtleties in text-encoding standards such as Unicode to …

New ‘Trojan Source’ Technique Lets Hackers Hide Vulnerabilities in Source Code Read More »

Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million Devices

Cybersecurity researchers disclosed details of what they say is the “largest botnet” observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users. Qihoo 360’s Netlab security team dubbed …

Researchers Uncover ‘Pink’ Botnet Malware That Infected Over 1.6 Million Devices Read More »

Microsoft warns of rise in password sprays targeting cloud accounts

The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. Password spraying is a type of brute force attack where the attackers attempt to gain access to large lists of accounts using a small number of commonly used passwords. …

Microsoft warns of rise in password sprays targeting cloud accounts Read More »

Ransomware Has Disrupted Almost 1,000 Schools in the US This Year

There have been more than 70 ransomware attacks affecting around 1,000 U.S. schools this year, and it may get worse before it gets better. 2021 has been the year of ransomware.  Some high-profile ransomware attacks, like the Colonial Pipeline hack that halted distribution of gas on the East Coast of the U.S. or meat supplier JBS, have made …

Ransomware Has Disrupted Almost 1,000 Schools in the US This Year Read More »

Cyberattack Cripples Iranian Fuel Distribution Network

The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens. An attack on the fuel distribution chain in Iran reportedly forced the shutdown of a network of filling stations Tuesday, leaving motorists stranded at pumps across the country and unable to fill …

Cyberattack Cripples Iranian Fuel Distribution Network Read More »

BSSN Admits Site Hacked by Defaced Attack

Spokesman for the National Cyber and Crypto Agency (BSSN), Anton Setiawan admitted that his website had been hacked this morning. According to him, there is no data concerning the public interest has been affected from the hack. “Yes, that’s right, there is no (public data). Only malware data for research purposes,” Anton said when confirmed, …

BSSN Admits Site Hacked by Defaced Attack Read More »

Threat Actors Abuse Discord to Push Malware

The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs–across its network of 150 million users, putting corporate workplaces at risk. Threat actors are abusing the core features of the popular Discord digital communication platform to persistently deliver various types of malware—in particular remote access trojans (RATs) that can …

Threat Actors Abuse Discord to Push Malware Read More »

KPAI Data Leaks Allegedly Covering Minors’ Identity

The issue of data leakage from the Indonesian Child Protection Commission (KPAI) has attracted the attention of cyber security experts. The data includes the identities of minors, which underscores their vulnerability to online predators. In the middle of this week, KPAI came into the spotlight after a number of screenshots from the Raid Forums hacker …

KPAI Data Leaks Allegedly Covering Minors’ Identity Read More »

Aussie cyber spies to control critical infrastructure during ransomware attacks

The new bill, if passed, will allow cyberwarfare operatives to take over control of critical infrastructure under attack. Australia’s top cyber spies are set to gain greater powers in the event of ransomware or other cyber attacks on critical infrastructure. The Australian Signals Directorate (ASD), a government agency in charge of cyber warfare and information …

Aussie cyber spies to control critical infrastructure during ransomware attacks Read More »

VPN Exposes Data for 1M Users, Leading to Researcher Questioning

Experts warn that virtual private networks are increasingly vulnerable to leaks and attack. Free virtual private network (VPN) service Quickfox, which provides access to Chinese websites from outside the country, exposed the personally identifiable information (PII) of more than a million users in just the latest high-profile VPN security failure. The incident has some security …

VPN Exposes Data for 1M Users, Leading to Researcher Questioning Read More »

Fresh APT Harvester Reaps Telco, Government Data

The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics. A previously unseen advanced persistent threat (APT) group dubbed Harvester by researchers is attacking telcos, IT companies and government-sector targets in a campaign that’s been ongoing since June. According to a Symantec analysis, the group sports a veritable …

Fresh APT Harvester Reaps Telco, Government Data Read More »

Multiple cyberattack attempts on Israeli hospitals thwarted, officials say

National Cyber Directorate and Health Ministry say ‘early assessments and a quick response’ stopped the attacks over weekend; Hillel Yaffe’s systems still being restored. A wave of attempted cyberattacks targeting Israeli hospitals and health centers were thwarted over the weekend, the National Cyber Directorate and Health Ministry announced Sunday. “Early assessments and a quick response …

Multiple cyberattack attempts on Israeli hospitals thwarted, officials say Read More »

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack

Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones. On Wednesday, Verizon’s Visible – an all-digital, uber-cheap wireless carrier – confirmed what customers have been complaining about on Reddit and Twitter all week: …

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack Read More »

Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug

The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a “great” flaw that can be used for jailbreaks and local privilege escalation. Apple on Monday rushed out a security update for iOS 15.0.2 and iPadOS 15.0.2 to fix a remote code-execution (RCE) zero-day vulnerability that’s being actively exploited. …

Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug Read More »

Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack

Microsoft on Tuesday rolled out security patches to contain a total of 71 vulnerabilities in Microsoft Windows and other software, including a fix for an actively exploited privilege escalation vulnerability that could be exploited in conjunction with remote code execution bugs to take control over vulnerable systems. Two of the addressed security flaws are rated Critical, 68 …

Update Your Windows PCs Immediately to Patch New 0-Day Under Active Attack Read More »

OVER 14,000 GMAIL USERS FALL VICTIM TO RUSSIAN GOVERNMENT-SPONSORED PHISHING CAMPAIGN

Through a letter sent via email, Google has notified some 14,000 Gmail users that during the past months they could have been the target of a sophisticated spear phishing campaign operated by a hacking group identified as APT28. The letter is signed by Shane Huntley, director of the Google Threat Analysis Group. Huntley emphasizes the fact that these alerts do not mean …

OVER 14,000 GMAIL USERS FALL VICTIM TO RUSSIAN GOVERNMENT-SPONSORED PHISHING CAMPAIGN Read More »

Brewer’s Token Gaffe Causes Massive PII Breach

An authentication error left the personal data of hundreds of thousands of BrewDog customers and Equity for Punks shareholders exposed for a year and a half.  The gaffe involving an API bearer token was discovered by researchers at security consulting and testing company Pen Test Partners.  “Every mobile app user was given the same hard-coded API Bearer Token, …

Brewer’s Token Gaffe Causes Massive PII Breach Read More »

Intuit warns QuickBooks customers of ongoing phishing attacks

Intuit has warned QuickBooks customers that they are targeted by an ongoing phishing campaign impersonating the company and trying to lure potential victims with fake renewal charges. The company said it received reports from customers that they were emailed and told that their QuickBooks plans had expired. “This email did not come from Intuit. The sender is not …

Intuit warns QuickBooks customers of ongoing phishing attacks Read More »

Someone hijacked a Navy warship’s Facebook account so they could livestream ‘Age of Empires’

The official Facebook page for the USS KIDD (DDG-100) appears to have been hijacked by someone who really just wants to play “Age of Empires”. For the last several days, someone has been having a lot of fun playing the classic 1997 strategy game “Age of Empires.” Normally, that wouldn’t be news (the game is …

Someone hijacked a Navy warship’s Facebook account so they could livestream ‘Age of Empires’ Read More »

5-Year Breach May Have Exposed Billions of Text Messages

The attack affected Syniverse, a major telecom company that annually routes billions of text messages for hundreds of mobile carriers. Major telecommunications provider Syniverse, which routes billions of text messages each year for providers including AT&T, Verizon, and T-Mobile, has revealed it is the victim of a five-year-long security breach that may have exposed millions …

5-Year Breach May Have Exposed Billions of Text Messages Read More »

Twitch Leak Included Emails, Passwords in Clear Text: Researcher

A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails; employees’ emails; and more. Twitch users, if you haven’t changed your password yet, go. Now. Do it. Your email and password may already have been leaked – unhashed, unencrypted, in cleartext. Researchers have been …

Twitch Leak Included Emails, Passwords in Clear Text: Researcher Read More »

ATO attacks increased 307% between 2019 and 2021

Sift released a report which details the evolving methods fraudsters employ to launch account takeover (ATO) attacks against consumers and businesses. The report details a sophisticated fraud ring that sought to overwhelm e-commerce merchants by innovating upon typical credential stuffing campaigns. Specifically, the fraud ring, dubbed Proxy Phantom, used a massive cluster of connected, rotating IP addresses …

ATO attacks increased 307% between 2019 and 2021 Read More »

3.1M Neiman Marcus Customer Card Details Breached

Experts say the detection delay of 17 months is a colossal security blunder by the retailer.  Dallas-based Neiman Marcus Group is known worldwide as the go-to luxury retailer for the well-heeled. But their reputation for impeccable quality just took a big hit with revelations that the company was breached by an attacker back in May …

3.1M Neiman Marcus Customer Card Details Breached Read More »

Apple Pay with Visa Hacked to Make Payments via Locked iPhones

Researchers have demonstrated that someone could use a stolen, locked iPhone to pay for thousands of dollars of goods or services, no authentication needed. An attacker who steals a locked iPhone can use a stored Visa card to make contactless payments worth up to thousands of dollars without unlocking the phone, researchers are warning. The …

Apple Pay with Visa Hacked to Make Payments via Locked iPhones Read More »

Baby’s Death Alleged to Be Linked to Ransomware

Access to heart monitors disabled by the attack allegedly kept staff from spotting blood & oxygen deprivation that led to the baby’s death. A U.S. hospital paralyzed by ransomware in 2019 will be defending itself in court in November over the death of a newborn, allegedly caused by the cyberattack. As the Wall Street Journal reported on Thursday, the …

Baby’s Death Alleged to Be Linked to Ransomware Read More »

OWASP Top 10 risks get update, highlighting insecure design — injection no longer on top

Just in time for OWASP’s 20th anniversary last week, the Open Web Application Security Project’s Top 10 list of critical security risks has received its first update since 2017. The OWASP Top 10 were first released in 2003 and serve as a foundation for various compliance and security tools. To come up with the 2021 …

OWASP Top 10 risks get update, highlighting insecure design — injection no longer on top Read More »

UK umbrella payroll firm GiantPay confirms it was hit by ‘sophisticated’ cyber-attack

Giant Group, the umbrella company that has thousands of contractors on its books, has been targeted by a “sophisticated” cyber-attack that floored systems and left workers out in the cold, the biz has now confirmed. The attack happened last Wednesday (September 22) and forced the outfit – known to many as Giant Pay – to …

UK umbrella payroll firm GiantPay confirms it was hit by ‘sophisticated’ cyber-attack Read More »

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence. The threat actors behind the notorious SolarWinds supply-chain attacks have dispatched new malware to steal data and maintain persistence on victims’ networks, researchers have found. Researchers from the Microsoft Threat Intelligence Center …

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor Read More »

Google Issues Warning For 2 Billion Chrome Users

Chrome users beware, just days after I warned attacks on Google’s browser are increasing, another critical hack has been confirmed. Google published the news in a new blog post, where it revealed Chrome’s 11th ‘zero day’ exploit of the year has been found (CVE-2021-37973) and it affects Linux, macOS and Windows users. A zero-day classification means hackers …

Google Issues Warning For 2 Billion Chrome Users Read More »

2021 has broken the record for zero-day hacking attacks

A zero-day exploit—a way to launch a cyberattack via a previously unknown vulnerability—is just about the most valuable thing a hacker can possess. These exploits can carry price tags north of $1 million on the open market. And this year, cybersecurity defenders have caught the highest number ever, according to multiple databases, researchers, and cybersecurity companies who …

2021 has broken the record for zero-day hacking attacks Read More »

Latest crypto hack sees $12.7m ‘wrapped’ bitcoin stolen from pNetwork

A hacker has stolen $12.7m (£9.3m) in bitcoin from crypto transfer platform pNetwork.  pNetwork said in a tweet late on Sunday: “We’re sorry to inform the community that an attacker was able to leverage a bug in our codebase and attack pBTC on BSC, stealing 277 BTC (most of its collateral).” It said that all …

Latest crypto hack sees $12.7m ‘wrapped’ bitcoin stolen from pNetwork Read More »

Pair of Google Chrome Zero-Day Bugs Actively Exploited

The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year. Google has addressed two zero-day security bugs that are being actively exploited in the wild. As part of the internet giant’s latest stable channel release (version 93.0.4577.82 for Windows, Mac and Linux), it fixed 11 total vulnerabilities, all …

Pair of Google Chrome Zero-Day Bugs Actively Exploited Read More »

Cyber arms dealer exploits new Apple iPhone software vulnerability that affects most versions, watchdog group says

A cyber surveillance company based in Israel developed a tool to break into Apple iPhones with a never-before-seen technique that has been in use since at least February, internet security watchdog group Citizen Lab said on Monday. The discovery is important because of the critical nature of the vulnerability, which requires no user interaction and affects all …

Cyber arms dealer exploits new Apple iPhone software vulnerability that affects most versions, watchdog group says Read More »

Unpatched Apple Zero-Day in macOS Finder Allows Code Execution

All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS. A zero-day security vulnerability in Apple’s macOS Finder system could allow remote attackers to trick users into running arbitrary commands, according to …

Unpatched Apple Zero-Day in macOS Finder Allows Code Execution Read More »

Yandex Pummeled by Potent Meris DDoS Botnet

Record-breaking distributed denial of service attack targets Russia’s version of Google – Yandex. Technical details tied to a record-breaking distributed-denial-of-service (DDoS) attack against Russian internet behemoth Yandex are surfacing as the digital dust settles. A massive botnet, dubbed Mēris, is believed responsible, flooding Yandex with millions of HTTP requests for webpages at the same time. …

Yandex Pummeled by Potent Meris DDoS Botnet Read More »

MyRepublic Data Breach Raises Data-Protection Questions

The incident raises considerations for security for critical data housed in third-party infrastructure, researchers say. Almost 79,400 MyRepublic mobile subscribers have been caught up in a data breach that exposed a range of personal information, the company has confirmed. The Singapore-based ISP and mobile provider said that an “unauthorized data access incident” took place on …

MyRepublic Data Breach Raises Data-Protection Questions Read More »

Stolen Credentials Led to Data Theft at United Nations

Threat actors accessed the organization’s proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks. A threat actor used stolen credentials from a United Nations employee to breach parts of the UN’s network in April and steal critical data, a spokesman for the intergovernmental organization …

Stolen Credentials Led to Data Theft at United Nations Read More »

Thousands of Fortinet VPN Account Credentials Leaked

They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit. Credentials pilfered from 87,000 unpatched Fortinet SSL-VPNs have been posted online, the company has confirmed. Or then again, maybe the number is far greater. On Wednesday, BleepingComputer reported that it’s been in touch with …

Thousands of Fortinet VPN Account Credentials Leaked Read More »

McDonald’s Email Blast Includes Password to Monopoly Game Database

Usernames, passwords for database sent in prize redemption emails. McDonald’s UK Monopoly VIP game kicked off at the end of August, and a recent round of emails sent to winners of the game’s various prizes included more than a coupon for free fries. The franchise accidentally inserted passwords for a McDonald’s server that hosted information …

McDonald’s Email Blast Includes Password to Monopoly Game Database Read More »

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise

A chain of exploits could allow a malicious Azure user to infiltrate other customers’ cloud instances within Microsoft’s container-as-a-service offering. A critical security vulnerability allowing attackers to perform cross-account container takeover in Microsoft’s public cloud, dubbed “Azurescape”, has been uncovered by researchers. The issue exists in Azure Container Instances (ACI), which is Microsoft’s container-as-a-service (CaaS) …

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise Read More »

Cyber Attack Fears – Kiwibank, ANZ, NZ Post, MetService Back Online After CERT Flags Cyberattacks

The Government’s Computer Emergency Response Team (CERT NZ) is monitoring a cyber security attack which appeared to take down a number of major organisation’s websites this morning. Kiwibank, ANZ, NZ Post and MetService. NZ Police all acknowledged that their sites were slow at times. All came back online around midday, but CERT NZ posted a …

Cyber Attack Fears – Kiwibank, ANZ, NZ Post, MetService Back Online After CERT Flags Cyberattacks Read More »

IoT Attacks Skyrocket, Doubling in 6 Months

The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets. The first six months of 2021 have seen a more than 100-percent growth in cyberattacks against internet-of-things (IoT) devices, researchers have found. According to a Kaspersky analysis of its telemetry from honeypots …

IoT Attacks Skyrocket, Doubling in 6 Months Read More »

Kiwis lockdown Friday workday disrupted by cyber attack

Thousands of New Zealanders’ Friday afternoon workflow was interrupted today when their internet connection cut out due to a cyber attack on a main internet provider. Internet infrastructure provider Vocus – which operates Orcon, Slingshot, Flip, and Stuff Fibre internet connections – was hit with a DDoS attack which took its internet down for about …

Kiwis lockdown Friday workday disrupted by cyber attack Read More »

Brute-Force Attacks Target Inboxes for Gift Card Data

Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data. Threat actors are compromising up to 100,000 inboxes daily in a campaign that targets gift card and customer-loyalty program data in hopes of reselling it or cashing in on freebies, a security researcher has found. The …

Brute-Force Attacks Target Inboxes for Gift Card Data Read More »

FIN7 Capitalizes on Windows 11 Release in Latest Gambit

The financially motivated group looked to steal payment-card data from a California-based point-of-sale service provider. The FIN7 financial cybercrime gang is back, delivering JavaScript backdoors using Word documents themed around the next version of Windows. That’s according to researchers at Anomali, who observed a recent campaign from the group that leveraged six different docs, all …

FIN7 Capitalizes on Windows 11 Release in Latest Gambit Read More »

Series of Data Leaks Cases of Government’s Health Data

Several cases of alleged leaks of the government’s health data have occurred in Indonesia. The most recent one is the alleged data leak in Indonesia’s Health Alert Card or eHAC application managed by the Ministry of Health before it was merged into the PeduliLindung application. A number of information technology experts have reminded the government …

Series of Data Leaks Cases of Government’s Health Data Read More »

Indonesia’s Ministry of Health Calls Data Leak in Old Version of eHAC, Saves Important User Information

The Ministry of Health of Indonesia (Kemenkes) has finally raised its voice regarding the data leakage of the users of eHAC application. As a result, it is estimated that the data belonging to 1.3 million users are vulnerable to being accessed by anyone. Head of the Ministry of Health’s Data and Information Center, dr. Anas …

Indonesia’s Ministry of Health Calls Data Leak in Old Version of eHAC, Saves Important User Information Read More »

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform

HPE joins Apple in warning customers of a high-severity Sudo vulnerability. Hewlett Packard Enterprise (HPE) is warning a vulnerability in Sudo, an open-source program used within its Aruba AirWave management platform, could allow any unprivileged and unauthenticated local user to gain root privileges on a vulnerable host. Rated high in severity, HPE warns the Sudo flaw …

HPE Warns Sudo Bug Gives Attackers Root Privileges to Aruba Platform Read More »

LockBit Gang to Publish 103GB of Bangkok Air Customer Data

The airline announced the breach on Thursday, and the ransomware gang started a countdown clock the next day. The LockBit ransomware gang has apparently struck again, having purportedly stolen 103GB worth of files from Bangkok Airways and promising to release them tomorrow, on Tuesday. A Dark Web intelligence firm calling itself DarkTracer (apparently a separate …

LockBit Gang to Publish 103GB of Bangkok Air Customer Data Read More »

Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping

The bug (CVE-2021-33766) is an information-disclosure issue that could reveal victims’ personal information, sensitive company data and more. A serious security vulnerability in Microsoft Exchange Server that researchers have dubbed ProxyToken could allow an unauthenticated attacker to access and steal emails from a target’s mailbox. Microsoft Exchange uses two websites; one, the front end, is …

Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping Read More »

Protergo Holds Webinar, Discussing Data Leakage in Indonesia

26 Agustus 2021 In a post on the RaidForums website on Tuesday, an unnamed user said they were selling a collection of 460,000 documents compiled from the user data of over two million BRI Life clients for $7,000. The post was accompanied by a 30 minute video of the documents, which included bank account details, …

Protergo Holds Webinar, Discussing Data Leakage in Indonesia Read More »

F5 Bug Could Lead to Complete System Takeover

The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode. Application delivery and networking firm F5 released a baker’s dozen of 13 fixes for high-severity bugs, including one that could lead to complete system takeover and hence is boosted …

F5 Bug Could Lead to Complete System Takeover Read More »

New Hampshire Town Loses $2.3M in Taxpayer Money to Cyberattack

“It’s really a gut punch, that’s for sure,” Select Board member William Kennedy said Monday The town of Peterborough, New Hampshire, said Monday that it has lost $2.3 million in taxpayer dollars as the result of a cyberattack. “It pains us to inform the residents and taxpayers of Peterborough that, like so many other towns …

New Hampshire Town Loses $2.3M in Taxpayer Money to Cyberattack Read More »

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange …

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws Read More »

Google Issues Warning For 2 Billion Chrome Users

Google Chrome has over two billion users worldwide and dominates the web browser market. But this also makes it the prime target of hackers and now Google has issued its fourth urgent upgrade warning in two months.  In an official blog post, Google has revealed seven ‘High’ rated security threats have been discovered in Chrome with the …

Google Issues Warning For 2 Billion Chrome Users Read More »

U.S. State Department reportedly hit by a cyberattack in recent weeks

The U.S. State Department was hit by a cyberattack and notifications of a potentially serious breach were made by the Department of Defense Cyber Command, a Fox News reporter said on Saturday. A knowledgeable source told Reuters the State Department has not experienced significant disruptions and has not had its operations impeded in any way. Fox …

U.S. State Department reportedly hit by a cyberattack in recent weeks Read More »

North Korean APT Hackers Attack Victims Using MS IE & Edge Browser Exploits

Researchers uncovered a new browser-based attackers from the infamous North Korean APT Hackers groups targeting the victims with the different browser exploits names as “BLUELIGHT“. InkySquid, a threat group based on North Korea and the groups broadly known as monikers ScarCruft and APT37 have recently attacked the South Korean website (www.dailynk[.]com) that is focused on …

North Korean APT Hackers Attack Victims Using MS IE & Edge Browser Exploits Read More »

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. “The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors,” SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of …

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups Read More »

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop

A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices. Security researchers have discovered a critical flaw that affects tens of millions of internet-of-things (IoT) devices – one that exposes live video and audio streams to …

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop Read More »

T-Mobile confirms it was hacked after customer data posted online

T-Mobile has confirmed “unauthorized access” to its systems, days after a portion of customer data was listed for sale on a known cybercriminal forum. The U.S. cell giant, which last year completed a $26 billion merger with Sprint, confirmed an intrusion but that it has “not yet determined that there is any personal customer data involved.” …

T-Mobile confirms it was hacked after customer data posted online Read More »

Black Hat: Novel DNS Hack Spills Confidential Corp Data

Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53’s DNS service and Google Cloud DNS. LAS VEGAS – Amazon and Google patched a domain name service (DNS) bug that allowed attackers to snoop on the confidential networking settings of companies – revealing computer and employee names along with office locations and exposed …

Black Hat: Novel DNS Hack Spills Confidential Corp Data Read More »

QR Code Scammers Get Creative with Bitcoin ATMs

Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology’s trust relationship with users. With the use of QR codes rising, so, too, are the numbers of scams that aim to take advantage of them. Researchers warned that threat actors …

QR Code Scammers Get Creative with Bitcoin ATMs Read More »

Kaseya’s ‘Master Key’ to REvil Attack Leaked Online

The decryptor is of little use to other companies hit in the spate of attacks unleashed before the notorious ransomware group went dark, researchers said. Someone has leaked the master decryption key that Kaseya used to unlock the files encrypted by a REvil ransomware attack on the company that affected customers across 22 countries last month. However, …

Kaseya’s ‘Master Key’ to REvil Attack Leaked Online Read More »

‘Glowworm’ Attack Turns Power Light Flickers into Audio

Researchers have found an entirely new attack vector for eavesdropping on Zoom and other virtual meetings. Virtual meetings are vulnerable to a new, exotic attack called Glowworm, which measures an audio output device’s LED power light changes and converts them to audio reproductions — allowing cyberattackers to listen to sensitive conversations. As an increasing amount …

‘Glowworm’ Attack Turns Power Light Flickers into Audio Read More »

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System

A cyber attack that derailed websites of Iran’s transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called “Meteor.” The campaign — dubbed “MeteorExpress” — has not been linked to any previously identified threat group or to additional attacks, …

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System Read More »

New Android Malware Uses VNC to Spy and Steal Passwords from Victims

A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. Dubbed “Vultur” due to its use of Virtual Network Computing (VNC)’s remote screen-sharing technology to gain full visibility on targeted users, the …

New Android Malware Uses VNC to Spy and Steal Passwords from Victims Read More »

UC San Diego Health Breach Tied to Phishing Attack

Employee email takeover exposed personal, medical data of students, employees and patients. Authorities at the University of California San Diego Health reported a phishing attack lead to a major breach of its network, which allowed an adversary to gain access to sensitive patient, student and employee data. A Wednesday notice from UCSD Health explains the attack occurred …

UC San Diego Health Breach Tied to Phishing Attack Read More »

Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities

Majority of top vulnerabilities targeted last year were disclosed in the past two years, agencies from the United States, United Kingdom, and Australia have said, with Microsoft Office CVE dating from 2017. At the end of almost seven months in 2021, one of the 30 most exploited vulnerabilities dates from 2017, according to the US …

Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities Read More »

Indonesia’s BRI Life probes reported data leak of 2 million users

BRI Life, the insurance arm of Indonesia’s Bank Rakyat Indonesia (BRI) (BBRI.JK), said on Tuesday it was investigating claims that the personal details of over two million of its customers had been advertised for sale by unidentified hackers. Hudson Rock, a cybercrime monitoring firm, told Reuters that it had found evidence which showed that multiple computers …

Indonesia’s BRI Life probes reported data leak of 2 million users Read More »

iOS 14.7.1: Apple Issues Urgent iPhone Update With Important Security Fixes

Apple has just issued iOS 14.7.1—an urgent update that comes with an “important” security fix for an issue that is already being used by adversaries to attack iPhones. For this reason, the iPhone maker says the iOS 14.7.1 update is urgent, and it is “recommended for all users.” The issue patched in iOS 14.7.1 is a vulnerability …

iOS 14.7.1: Apple Issues Urgent iPhone Update With Important Security Fixes Read More »

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems

An infamous cross-platform crypto-mining malware has continued to refine and improve upon its techniques to strike both Windows and Linux operating systems by setting its sights on older vulnerabilities, while simultaneously latching on to a variety of spreading mechanisms to maximize the effectiveness of its campaigns. “LemonDuck, an actively updated and robust malware that’s primarily …

Microsoft Warns of LemonDuck Malware Targeting Windows and Linux Systems Read More »

Microsoft shares mitigations for new PetitPotam NTLM relay attack

Microsoft has released mitigations for the new PetitPotam NTLM relay attack that allows taking over a domain controller or other Windows servers. PetitPotam is a new method that can be used to conduct an NTLM relay attack discovered by French security researcher Gilles Lionel (Topotam). This method was disclosed this week along with a proof-of-concept …

Microsoft shares mitigations for new PetitPotam NTLM relay attack Read More »

Cyber attack disrupts major South African port operations

Some movement of cargo impacted.A cyber attack has disrupted container operations at the South African port of Cape Town, an email seen by Reuters on Thursday said. Durban, the busiest shipping terminal in sub-Saharan Africa, was also affected, three sources with direct knowledge of the matter told Reuters. Cape Town Harbour Carriers Association said in …

Cyber attack disrupts major South African port operations Read More »

Memory Corruption Issues Lead 2021 CWE Top 25

The MITRE Common Weakness Enumeration (CWE) team’s latest list of most dangerous software flaws includes several that shot up in significance since 2020. Memory corruption errors remain one of the most common and dangerous weaknesses in modern software. The MITRE-operated Homeland Security Systems Engineering and Development Institute put the issue on top of its latest …

Memory Corruption Issues Lead 2021 CWE Top 25 Read More »