2.5 million people were affected, in a breach that could spell more trouble down the line. This article has been indexed from Threatpost Read the original article: Student Loan Breach Exposes 2.5M Records
Category: threatpost
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool. This article has been indexed from Threatpost Read the original article: Watering Hole Attacks Push ScanBox Keylogger
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system. This article has been indexed from Threatpost Read the original article: Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group. This article has been indexed from Threatpost Read the original article: Ransomware Attacks are on the Rise
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed. This article has been indexed from Threatpost Read the original article: Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk. This article has been indexed from Threatpost Read the original article: Twitter…
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP. This article has been indexed from Threatpost Read the original article: Firewall Bug Under Active Attack Triggers CISA Warning
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels. This article has been indexed from Threatpost Read the original article: Fake Reservation Links Prey on Weary Travelers
iPhone Users Urged to Update to Patch 2 Zero-Days
Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack. The patches are for vulnerabilities that allow attackers to execute arbitrary code and ultimately take over…
Google Patches Chrome’s Fifth Zero-Day of the Year
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the…
APT Lazarus Targets Engineers with macOS Malware
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems. This article has been indexed from Threatpost Read the original article: APT Lazarus Targets Engineers with…
U.K. Water Supplier Hit with Clop Ransomware Attack
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data. This article has been indexed from Threatpost Read the original article: U.K. Water Supplier Hit with…
Xiaomi Phone Bug Allowed Payment Forgery
Mobile transactions could’ve been disabled, created and signed by attackers. This article has been indexed from Threatpost Read the original article: Xiaomi Phone Bug Allowed Payment Forgery
Black Hat and DEF CON Roundup
‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings. This article has been indexed from Threatpost Read the original article: Black Hat and DEF CON Roundup
Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics
The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities. This article has been indexed from Threatpost Read the original article: Feds: Zeppelin Ransomware Resurfaces with New…
Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’
Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites. This article has been indexed from Threatpost Read the original article: Facebook’s In-app Browser on iOS Tracks ‘Anything…
Starlink Successfully Hacked Using $25 Modchip
Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system This article has been indexed from Threatpost Read the original article: Starlink Successfully Hacked Using…
New Hacker Forum Takes Pro-Ukraine Stance
A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus This article has been indexed from Threatpost Read the original article: New Hacker Forum Takes Pro-Ukraine Stance
Cisco Confirms Network Breach Via Hacked Employee Google Account
Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account. This article has been indexed from Threatpost Read the original article: Cisco Confirms Network Breach Via Hacked Employee Google Account
Podcast: Inside the Hackers’ Toolkit
This edition of the Threatpost podcast is sponsored by Egress. This article has been indexed from Threatpost Read the original article: Podcast: Inside the Hackers’ Toolkit
Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws
August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild. This article has been indexed from Threatpost Read the original article: Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws
Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs
U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program. This article has been indexed from Threatpost Read the original article: Virtual…
Phishers Swim Around 2FA in Coinbase Account Heists
Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds. This article has been indexed from Threatpost Read the original article: Phishers Swim Around 2FA in…
Open Redirect Flaw Snags Amex, Snapchat User Data
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims. This article has been indexed from Threatpost Read the original article: Open Redirect Flaw Snags Amex, Snapchat User Data
VMWare Urges Users to Patch Critical Authentication Bypass Bug
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain. This article has been indexed from Threatpost Read the original article: VMWare Urges Users to Patch Critical Authentication…
Universities Put Email Users at Cyber Risk
DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails. This article has been indexed from Threatpost Read the original article: Universities…
Securing Your Move to the Hybrid Cloud
Infosec expert Rani Osnat lays out security challenges and offers hope for organizations migrating their IT stack to the private and public cloud environments. This article has been indexed from Threatpost Read the original article: Securing Your Move to the…
Malicious Npm Packages Tapped Again to Target Discord Users
Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods. This article has been indexed from Threatpost Read the original article: Malicious Npm Packages Tapped Again to Target…
Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office
Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads. This article has been indexed from Threatpost Read the original article: Threat Actors Pivot Around Microsoft’s…
Messaging Apps Tapped as Platform for Cybercriminal Activity
Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes. This article has been indexed from Threatpost Read the original article: Messaging Apps Tapped as Platform for Cybercriminal Activity
Novel Malware Hijacks Facebook Business Accounts
Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain. This article has been indexed from Threatpost Read the original article: Novel Malware Hijacks Facebook Business…
Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands
Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior. This article has been indexed from Threatpost Read the original article: Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands
IoT Botnets Fuels DDoS Attacks – Are You Prepared?
The increased proliferation of IoT devices paved the way for the rise of IoT botnets that amplifies DDoS attacks today. This is a dangerous warning that the possibility of a sophisticated DDoS attack and a prolonged service outage will prevent…
Why Physical Security Maintenance Should Never Be an Afterthought
SecuriThings’ CEO Roy Dagan tackles the sometimes overlooked security step of physical security maintenance and breaks down why it is important. This article has been indexed from Threatpost Read the original article: Why Physical Security Maintenance Should Never Be an…
Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’
Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP. This article has been indexed from Threatpost Read…
Conti’s Reign of Chaos: Costa Rica in the Crosshairs
Aamir Lakhani, with FortiGuard Labs, answers the question; Why is the Conti ransomware gang targeting people and businesses in Costa Rica? This article has been indexed from Threatpost Read the original article: Conti’s Reign of Chaos: Costa Rica in the…
Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems
300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services. This article has been indexed from Threatpost Read the original article: Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems
Authentication Risks Discovered in Okta Platform
Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction. This article has been indexed from Threatpost Read the original article: Authentication Risks Discovered in Okta Platform
FBI Warns Fake Crypto Apps are Bilking Investors of Millions
Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them. This article has been indexed from Threatpost Read the original article: FBI Warns Fake Crypto Apps…
CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2
Feds urge U.S. agencies to patch a Microsoft July Patch Tuesday 2022 bug that is being exploited in the wild by August 2. This article has been indexed from Threatpost Read the original article: CISA Urges Patch of Exploited Windows…
Google Boots Multiple Malware-laced Android Apps from Marketplace
Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant. This article has been indexed from Threatpost Read the original article: Google Boots Multiple Malware-laced Android Apps from Marketplace
Emerging H0lyGh0st Ransomware Tied to North Korea
Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530. This article has been indexed from Threatpost Read the original article: Emerging H0lyGh0st Ransomware Tied to North Korea
Journalists Emerge as Favored Attack Target for APTs
Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them. This article has been indexed from Threatpost Read the original article: Journalists Emerge as Favored Attack Target for…
Large-Scale Phishing Campaign Bypasses MFA
Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets. This article has been indexed from Threatpost Read the original article: Large-Scale Phishing Campaign Bypasses…
How War Impacts Cyber Insurance
Chris Hallenbeck, CISO for the Americas at Tanium, discusses the impact of geopolitical conflict on the cybersecurity insurance market. This article has been indexed from Threatpost Read the original article: How War Impacts Cyber Insurance
‘Callback’ Phishing Campaign Impersonates Security Firms
Victims instructed to make a phone call that will direct them to a link for downloading malware. This article has been indexed from Threatpost Read the original article: ‘Callback’ Phishing Campaign Impersonates Security Firms
Popular NFT Marketplace Phished for $540M
In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M. This article has been indexed from Threatpost Read the original article: Popular NFT Marketplace Phished for $540M
Rethinking Vulnerability Management in a Heightened Threat Landscape
Find out why a vital component of vulnerability management needs to be the capacity to prioritize from Mariano Nunez, CEO of Onapsis and Threatpost Infosec Insiders columnist. This article has been indexed from Threatpost Read the original article: Rethinking Vulnerability…
Sneaky Orbit Malware Backdoors Linux Devices
The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine. This article has been indexed from Threatpost Read the original article:…
U.S. Healthcare Orgs Targeted with Maui Ransomware
State-sponsored actors are deploying the unique malware–which targets specific files and leaves no ransomware note–in ongoing attacks. This article has been indexed from Threatpost Read the original article: U.S. Healthcare Orgs Targeted with Maui Ransomware
Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol
A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver. This article has been indexed from Threatpost Read the original article: Hack Allows Drone Takeover Via ‘ExpressLRS’…
Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens
A developer appears to have divulged credentials to a police database on a popular developer forum, leading to a breach and subsequent bid to sell 23 terabytes of personal data on the dark web. This article has been indexed from…
Latest Cyberattack Against Iran Part of Ongoing Campaign
Iran’s steel manufacturing industry is victim to ongoing cyberattacks that previously impacted the country’s rail system. This article has been indexed from Threatpost Read the original article: Latest Cyberattack Against Iran Part of Ongoing Campaign
Google Patches Actively Exploited Chrome Bug
The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code. This article has been indexed from Threatpost Read the original article: Google Patches Actively Exploited Chrome Bug
ZuoRAT Can Take Over Widely Used SOHO Routers
Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor. This article has been indexed from Threatpost Read the original article: ZuoRAT…
A Guide to Surviving a Ransomware Attack
Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture. This article has been indexed from Threatpost Read the original article: A…
Leaky Access Tokens Exposed Amazon Photos of Users
Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents. This article has been indexed from Threatpost Read the original article: Leaky Access Tokens Exposed Amazon Photos of Users
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks. This article has been indexed from Threatpost Read the original article: Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Top Six Security Bad Habits, and How to Break Them
Shrav Mehta, CEO, Secureframe, outlines the top six bad habits security teams need to break to prevent costly breaches, ransomware attacks and prevent phishing-based endpoint attacks. This article has been indexed from Threatpost Read the original article: Top Six Security…
Mitel VoIP Bug Exploited in Ransomware Attacks
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments. This article has been indexed from Threatpost Read the original article: Mitel VoIP Bug Exploited in Ransomware Attacks
‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade
Cyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad. This article has been indexed from Threatpost Read the original article: ‘Killnet’ Adversary Pummels Lithuania with DDoS…
Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers. This article has been indexed from Threatpost Read the original article: Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
Google Warns Spyware Being Deployed Against Android, iOS Users
The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs. This article has been indexed from Threatpost Read the original article: Google Warns Spyware Being Deployed Against Android,…
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug
The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers. This article has been indexed from Threatpost Read the original article: Fancy Bear Uses Nuke Threat…
Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture
Culture of ‘insecure-by-design’ security is cited in discovery of bug-riddled operational technology devices. This article has been indexed from Threatpost Read the original article: Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture
Gamification of Ethical Hacking and Hacking Esports
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future. This article has been indexed from Threatpost Read the original article: Gamification of Ethical Hacking and Hacking Esports
Elusive ToddyCat APT Targets Microsoft Exchange Servers
The threat actor targets institutions and companies in Europe and Asia. This article has been indexed from Threatpost Read the original article: Elusive ToddyCat APT Targets Microsoft Exchange Servers
Modern IT Security Teams’ Inevitable Need for Advanced Vulnerability Management
Traditional vulnerability management programs are outdated, with little to no innovation in the last two decades. Today’s dynamic IT environment demands an advanced vulnerability management program to deal with the complex attack surface and curb security risks. This article has…
Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack
A reported a “potentially dangerous piece of functionality” allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive. This article has been indexed from Threatpost Read the original article: Office 365 Config…
Kazakh Govt. Used Spyware Against Protesters
Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders. This article has been indexed from Threatpost Read the original article: Kazakh Govt. Used Spyware Against Protesters
Voicemail Scam Steals Microsoft Credentials
Attackers are targeting a number of key vertical markets in the U.S. with the active campaign, which impersonates the organization and Microsoft to lift Office365 and Outlook log-in details. This article has been indexed from Threatpost Read the original article:…
China-linked APT Flew Under Radar for Decade
This article has been indexed from Threatpost Evidence suggests that a just-discovered APT has been active since 2013. Read the original article: China-linked APT Flew Under Radar for Decade
State-Sponsored Phishing Attack Targeted Israeli Military Officials
This article has been indexed from Threatpost Analysts have uncovered an Iran-linked APT sending malicious emails to top Israeli government officials. Read the original article: State-Sponsored Phishing Attack Targeted Israeli Military Officials
Ransomware Risk in Healthcare Endangers Patients
This article has been indexed from Threatpost Ryan Witt, Proofpoint’s Healthcare Cybersecurity Leader, examines the impact of ransomware on patient care. Read the original article: Ransomware Risk in Healthcare Endangers Patients
Facebook Messenger Scam Duped Millions
This article has been indexed from Threatpost One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting. Read the original article: Facebook Messenger Scam Duped Millions
In Cybersecurity, What You Can’t See Can Hurt You
This article has been indexed from Threatpost The dangers to SMBs and businesses of all sizes from cyberattacks are well known. But what’s driving these attacks, and what do cybersecurity stakeholders need to do that they’re not already doing? Read…
Travel-related Cybercrime Takes Off as Industry Rebounds
This article has been indexed from Threatpost Upsurge in the tourism industry after the COVID-19 pandemic grabs the attention of cybercriminals to scam the tourists. Read the original article: Travel-related Cybercrime Takes Off as Industry Rebounds
DragonForce Gang Unleash Hacks Against Govt. of India
This article has been indexed from Threatpost In response to a comment about the Prophet Mohammed, a hacktivist group in Malaysia has unleashed a wave of cyber attacks in India. Read the original article: DragonForce Gang Unleash Hacks Against Govt.…
Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach
This article has been indexed from Threatpost Attackers gained access to private account details through an email compromise incident that occurred in April. Read the original article: Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach
Linux Malware Deemed ‘Nearly Impossible’ to Detect
This article has been indexed from Threatpost Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access. Read the original article: Linux Malware Deemed ‘Nearly Impossible’ to…
Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers
This article has been indexed from Threatpost Researchers demonstrated a possible way to track individuals via Bluetooth signals. Read the original article: Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers
U.S. Water Utilities Prime Cyberattack Target, Experts
This article has been indexed from Threatpost Environmentalists and policymakers warn water treatment plants are ripe for attack. Read the original article: U.S. Water Utilities Prime Cyberattack Target, Experts
Potent Emotet Variant Spreads Via Stolen Email Credentials
This article has been indexed from Threatpost The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns. Read the original article: Potent Emotet Variant Spreads…
Feds Forced Travel Firms to Share Surveillance Data on Hacker
This article has been indexed from Threatpost Sabre and Travelport had to report the weekly activities of former “Cardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution. Read the original article: Feds Forced…
Taming the Digital Asset Tsunami
This article has been indexed from Threatpost Rob Gurzeev, CEO and Co-Founder of CyCognito, explores external attack surface soft spots tied to an ever-expanding number of digital assets companies too often struggle to keep track of and manage effectively. Read…
Paying Ransomware Paints Bigger Bullseye on Target’s Back
This article has been indexed from Threatpost Ransomware attackers often strike targets twice, regardless of whether the ransom was paid. Read the original article: Paying Ransomware Paints Bigger Bullseye on Target’s Back
Black Basta Ransomware Teams Up with Malware Stalwart Qbot
This article has been indexed from Threatpost The novel cybercriminal group tapped the ever-evolving info-stealing trojan to move laterally on a network in a recent attack, researchers have found. Read the original article: Black Basta Ransomware Teams Up with Malware…
Cyber Risk Retainers: Not Another Insurance Policy
This article has been indexed from Threatpost The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk. Read the original article: Cyber Risk Retainers: Not Another Insurance…
Follina Exploited by State-Sponsored Hackers
This article has been indexed from Threatpost A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets. Read the original article: Follina Exploited by State-Sponsored Hackers
Conducting Modern Insider Risk Investigations
This article has been indexed from Threatpost Insider Risk Management requires a different approach than to those from external threats. IRM is unique from other domains of security in that the data sources which serve as inputs are as often…
Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw
This article has been indexed from Threatpost The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario. Read the original article: Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw
Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again
This article has been indexed from Threatpost Deja-Vu data from this year’s DBIR report feels like we are stuck in the movie ‘Groundhog Day.’ Read the original article: Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats –…
Evil Corp Pivots LockBit to Dodge U.S. Sanctions
This article has been indexed from Threatpost The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity. Read the original article: Evil…
Cybercriminals Expand Attack Radius and Ransomware Pain Points
This article has been indexed from Threatpost Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of “triple extortion” ransomware attacks. Read the original article: Cybercriminals Expand Attack Radius and…
Scammers Target NFT Discord Channel
This article has been indexed from Threatpost Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links. Read the original article: Scammers Target NFT Discord Channel
International Authorities Take Down Flubot Malware Network
This article has been indexed from Threatpost The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020. Read the original article: International Authorities Take Down Flubot Malware Network
Being prepared for adversarial attacks
This article has been indexed from Threatpost There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for?…
Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
This article has been indexed from Threatpost Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said. Read the original article: Microsoft Releases Workaround for ‘One-Click’ 0Day…
EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
This article has been indexed from Threatpost Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot. Read the original article: EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack
This article has been indexed from Threatpost Malware loads itself from remote servers and bypasses Microsoft’s Defender AV scanner, according to reports. Read the original article: Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack