This article has been indexed from Threatpost A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says. Read the original article: DarkHotel APT Targets Wynn, Macao Hotels to…
Category: threatpost
Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet
This article has been indexed from Threatpost The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said. Read the original article: Sandworm APT Hunts for ASUS Routers…
Google Blows Lid Off Conti, Diavol Ransomware Access-Broker Ops
This article has been indexed from Threatpost Researchers have exposed the work of Exotic Lily, a full-time cybercriminal initial-access group that uses phishing to infiltrate organizations’ networks for further malicious activity. Read the original article: Google Blows Lid Off Conti,…
Dev Sabotages Popular NPM Package to Protest Russian Invasion
This article has been indexed from Threatpost In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. Read the original article:…
Misconfigured Firebase Databases Exposing Data in Mobile Apps
This article has been indexed from Threatpost Five percent of the databases are vulnerable to threat actors: It’s a gold mine of exploit opportunity in thousands of mobile apps, researchers say. Read the original article: Misconfigured Firebase Databases Exposing Data…
Reporting Mandates to Clear Up Feds’ Hazy Look into Threat Landscape – Podcast
This article has been indexed from Threatpost It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck. Read the original article: Reporting Mandates…
‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps
This article has been indexed from Threatpost Scammers are bypassing Apple’s App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs. Read the original article: ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded…
Another Destructive Wiper Targets Organizations in Ukraine
This article has been indexed from Threatpost CaddyWiper is one in a barrage of data-wiping cyber-attacks to hit the country since January as the war on the ground with Russia marches on. Read the original article: Another Destructive Wiper Targets…
Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
This article has been indexed from Threatpost The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content.” Read the original article: Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’
This article has been indexed from Threatpost DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency. Read the original article: Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’
Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw
This article has been indexed from Threatpost The “Dirty Pipe” Linux kernel flaw – a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access – affects most of QNAP’s network-attached storage (NAS)…
Pandora Ransomware Hits Giant Automotive Supplier Denso
This article has been indexed from Threatpost Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany. Read the original article: Pandora Ransomware Hits Giant Automotive Supplier…
Staff Think Conti Group Is a Legit Employer – Podcast
This article has been indexed from Threatpost The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa. Read the original article: Staff Think Conti Group…
Cybercrooks’ Political In-Fighting Threatens the West
This article has been indexed from Threatpost They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power. Read the original article: Cybercrooks’ Political In-Fighting Threatens the West
Russia Issues Its Own TLS Certs
This article has been indexed from Threatpost The country’s citizens are being blocked from the internet because foreign certificate authorities can’t accept payments due to Ukraine-related sanctions, so it created its own CA. Read the original article: Russia Issues Its Own…
Raccoon Stealer Crawls Into Telegram
This article has been indexed from Threatpost The credential-stealing trash panda is using the chat app to store and update C2 addresses as crooks find creative new ways to distribute the malware. Read the original article: Raccoon Stealer Crawls Into…
Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers
This article has been indexed from Threatpost Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep’s clothing that grabs your cryptocurrency info instead. Read the original article: Malware Posing as Russia…
Most Orgs Would Take Security Bugs Over Ethical Hacking Help
This article has been indexed from Threatpost A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways. Read the original article: Most Orgs Would Take Security Bugs…
Multi-Ransomwared Victims Have It Coming–Podcast
This article has been indexed from Threatpost Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles. Read the original article: Multi-Ransomwared Victims Have…
Russia May Use Ransomware Payouts to Avoid Sanctions
This article has been indexed from Threatpost FinCEN warns financial institutions to beware of unusual cryptocurrency payments or illegal transactions Russia may use to evade restrictions imposed due to its invasion of Ukraine. Read the original article: Russia May Use…
Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
This article has been indexed from Threatpost The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things. Read the original article: Qakbot Botnet Sprouts Fangs, Injects Malware…
APT41 Spies Broke Into 6 US State Networks via a Livestock App
This article has been indexed from Threatpost The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks. Read the original article: APT41 Spies Broke Into 6 US State Networks…
Most ServiceNow Instances Misconfigured, Exposed
This article has been indexed from Threatpost Customers aren’t locking down access correctly, leading to ~70 percent of ServiceNow implementations being vulnerable to malicious data extraction. Read the original article: Most ServiceNow Instances Misconfigured, Exposed
Russian APTs Furiously Phish Ukraine – Google
This article has been indexed from Threatpost Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China’s Mustang Panda targeting Europe. Read the original article: Russian APTs Furiously Phish Ukraine – Google
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
This article has been indexed from Threatpost The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug. Read the original article: Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch…
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
This article has been indexed from Threatpost The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure. Read the original article: Zero-Click Flaws in Widely Used UPS…
The Uncertain Future of IT Automation
This article has been indexed from Threatpost While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks. Read the original article: The Uncertain Future of IT Automation
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
This article has been indexed from Threatpost A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel. Read the original article: Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
Novel Attack Turns Amazon Devices Against Themselves
This article has been indexed from Threatpost Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers. Read the original article: Novel Attack Turns Amazon Devices Against Themselves
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
This article has been indexed from Threatpost The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked. Read the original article: Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware
This article has been indexed from Threatpost NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Read the original article: NVIDIA’s Stolen Code-Signing Certs Used to…
Nvidia’s Stolen Code-Signing Certs Used to Sign Malware
This article has been indexed from Threatpost Nvidia certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Read the original article: Nvidia’s Stolen Code-Signing Certs Used to…
Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape
This article has been indexed from Threatpost Both vulnerabilities are use-after-free issues in Mozilla’s popular web browser. Read the original article: Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape
Massive Meris Botnet Embeds Ransomware Notes from REvil
This article has been indexed from Threatpost Notes threatening to tank targeted companies’ stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL. Read the original article: Massive Meris Botnet…
Free HermeticRansom Ransomware Decryptor Released
This article has been indexed from Threatpost Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists. Read the original article: Free HermeticRansom Ransomware Decryptor Released
Phishing Campaign Targeted Those Aiding Ukraine Refugees
This article has been indexed from Threatpost A military email address was used to distribute malicious email macros among EU personnel helping Ukrainians. Read the original article: Phishing Campaign Targeted Those Aiding Ukraine Refugees
Russia Leaks Data From a Thousand Cuts–Podcast
This article has been indexed from Threatpost It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.…
Securing Data With a Frenzied Remote Workforce–Podcast
This article has been indexed from Threatpost Stock the liquor cabinet and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.” Read the original article: Securing Data With a Frenzied Remote Workforce–Podcast
TeaBot Trojan Haunts Google Play Store, Again
This article has been indexed from Threatpost Malicious Google Play apps have circumvented censorship by hiding trojans in software updates. Read the original article: TeaBot Trojan Haunts Google Play Store, Again
Conti Ransomware Decryptor, TrickBot Source Code Leaked
This article has been indexed from Threatpost The decryptor spilled by ContiLeaks won’t work with recent victims. Conti couldn’t care less: It’s still operating just fine. Still, the dump is a bouquet’s worth of intel. Read the original article: Conti…
RCE Bugs in Hugely Popular VoIP Apps: Patch Now!
This article has been indexed from Threatpost The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that’s found in a massive number of VoIP implementations. Read the original article: RCE Bugs in…
RCE Bugs in WhatsApp, Other Hugely Popular VoIP Apps: Patch Now!
This article has been indexed from Threatpost The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that’s found in a massive number of VoIP implementations. Read the original article: RCE Bugs in…
Daxin Espionage Backdoor Ups the Ante on Chinese Malware
This article has been indexed from Threatpost Via node-hopping, the espionage tool can reach computers that aren’t even connected to the internet. Read the original article: Daxin Espionage Backdoor Ups the Ante on Chinese Malware
Ukraine Hit with Novel ‘FoxBlade’ Trojan Hours Before Invasion
This article has been indexed from Threatpost Microsoft detected cyberattacks launched against Ukraine hours before Russia’s tanks and missiles began to pummel the country last week. Read the original article: Ukraine Hit with Novel ‘FoxBlade’ Trojan Hours Before Invasion
Microsoft Accounts Targeted by Russian-Themed Credential Harvesting
This article has been indexed from Threatpost Malicious emails warning Microsoft users of “unusual sign-on activity” from Russia are looking to capitalizing on the Ukrainian crisis. Read the original article: Microsoft Accounts Targeted by Russian-Themed Credential Harvesting
Ukraine-Russia Cyber Warzone Splits Cyber Underground
This article has been indexed from Threatpost A pro-Ukraine Conti member spilled 13 months of the ransomware group’s chats, while cyber actors are rushing to align with both sides. Read the original article: Ukraine-Russia Cyber Warzone Splits Cyber Underground
Toyota to Close Japan Plants After Suspected Cyberattack
This article has been indexed from Threatpost The plants will shut down on Tuesday, halting about a third of the company’s global production. Toyota doesn’t know how long the 14 plants will be unplugged. Read the original article: Toyota to…
TrickBot Takes a Break, Leaving Researchers Scratching Their Heads
This article has been indexed from Threatpost The infamous trojan is likely making some major operational changes, researchers believe. Read the original article: TrickBot Takes a Break, Leaving Researchers Scratching Their Heads
Microsoft Exchange Bugs Exploited by ‘Cuba’ Ransomware Gang
This article has been indexed from Threatpost The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs – including crooks’ favorites, ProxyShell and ProxyLogon – as initial infection vectors. Read the original article: Microsoft Exchange Bugs Exploited…
6 Cyber-Defense Steps to Take Now to Protect Your Company
This article has been indexed from Threatpost Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge. Read the original article: 6 Cyber-Defense Steps to Take Now to…
White House Denies Mulling Massive Cyberattacks Against Russia
This article has been indexed from Threatpost The options reportedly included tampering with trains, electric service and internet connectivity, hampering Russia’s military operations in Ukraine. Read the original article: White House Denies Mulling Massive Cyberattacks Against Russia
The Harsh Truths of Cybersecurity in 2022, Part II
This article has been indexed from Threatpost Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout. Read the original article: The Harsh Truths of Cybersecurity in 2022, Part II
Zenly Social-Media App Bugs Allow Account Takeover
This article has been indexed from Threatpost A pair of bugs in the Snap-owned tracking app reveal phone numbers and allow account hijacking. Read the original article: Zenly Social-Media App Bugs Allow Account Takeover
Microsoft App Store Sizzling with New ‘Electron Bot’ Malware
This article has been indexed from Threatpost The SEO poisoning bot, capable of full system takeover, is actively taking over social media accounts, masquerading as popular games like Temple Run. Read the original article: Microsoft App Store Sizzling with New…
Web Filtering and Compliances for Wi-Fi Providers
This article has been indexed from Threatpost Demand for public Wi-Fi is on the rise. Usually free of charge, but there is a risk of expensive losses. Learn ways to protect yourself from cyber-threats. Read the original article: Web Filtering…
Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins
This article has been indexed from Threatpost A targeted phishing attack takes aim at a major U.S. payments company. Read the original article: Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins
The Art of Non-boring Cybersec Training–Podcast
This article has been indexed from Threatpost With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress…
Samsung Shattered Encryption on 100M Phones
This article has been indexed from Threatpost One cryptography expert said that ‘serious flaws’ in the way Samsung phones encrypt sensitive material, as revealed by academics, are ’embarrassingly bad.’ Read the original article: Samsung Shattered Encryption on 100M Phones
Sextortion Rears Its Ugly Head Again
This article has been indexed from Threatpost Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional "video evidence." Read the original article: Sextortion Rears Its Ugly Head…
Creaky Old WannaCry, GandCrab Top the Ransomware Scene
This article has been indexed from Threatpost Nothing like zombie campaigns: WannaCry’s old as dirt, and GandCrab threw in the towel years ago. They’re on auto-pilot at this point, researchers say. Read the original article: Creaky Old WannaCry, GandCrab Top…
Cyberattackers Cook Up Employee Personal Data Heist for Meyer
This article has been indexed from Threatpost The Conti gang breached the cookware giant’s network, prepping thousands of employees’ personal data for consumption by cybercrooks. Read the original article: Cyberattackers Cook Up Employee Personal Data Heist for Meyer
Gaming, Banking Trojans Dominate Mobile Malware Scene
This article has been indexed from Threatpost The overall number of attacks on mobile users is down, but they’re getting slicker, both in terms of malware functionality and vectors, researchers say. Read the original article: Gaming, Banking Trojans Dominate Mobile…
Xenomorph Malware Burrows into Google Play Users, No Facehugger Required
This article has been indexed from Threatpost Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now. Read the original article: Xenomorph Malware…
NFT Investors Lose $1.7M in OpenSea Phishing Attack
This article has been indexed from Threatpost Attackers took advantage of a smart-contract migration to swindle 17 users. Read the original article: NFT Investors Lose $1.7M in OpenSea Phishing Attack
New Critical RCE Bug Found in Adobe Commerce, Magento
This article has been indexed from Threatpost Adobe updated its recent out-of-band security advisory to add another critical bug, while researchers put out a PoC for the one it emergency-fixed last weekend. Read the original article: New Critical RCE Bug…
Severe WordPress Plug-In UpdraftPlus Bug Threatens Backups
This article has been indexed from Threatpost An oversight in a WordPress plug-in exposes PII and authentication data to malicious insiders. Read the original article: Severe WordPress Plug-In UpdraftPlus Bug Threatens Backups
Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code
This article has been indexed from Threatpost Researchers said a Jan. 27 attack that aired footage of opposition leaders calling for assassination of Iran’s Supreme Leader was a clumsy and unsophisticated wiper attack. Read the original article: Iranian State Broadcaster…
Baby Golang-Based Botnet Already Pulling in $3K/Month for Operators
This article has been indexed from Threatpost Kraken has already spread like wildfire, but in the past few months, the malware’s author has been tinkering away, adding more infostealers and backdoors. Read the original article: Baby Golang-Based Botnet Already Pulling…
Ukrainian DDoS Attacks Should Put US on Notice–Researchers
This article has been indexed from Threatpost On Tuesday, institutions central to Ukraine’s military and economy were hit with denial-of-service (DoS) attacks. Impact was limited, but the ramifications are not. Read the original article: Ukrainian DDoS Attacks Should Put US…
Microsoft Teams Targeted With Takeover Trojans
This article has been indexed from Threatpost Threat actors are infiltrating the increasingly popular collaboration app to attach malicious files to chat threads that drop system-hijacking malware. Read the original article: Microsoft Teams Targeted With Takeover Trojans
Kill Cloud Risk: Get Everybody to Stop Fighting Over App Security – Podcast
This article has been indexed from Threatpost When it comes to ensuring safe cloud app rollouts, there’s flat-out animosity between business shareholders. HackerOne’s Alex Rice and GitLab’s Johnathan Hunt share tips on quashing all the squabbling. Read the original article:…
TrickBot Ravages Customers of Amazon, PayPal and Other Top Brands
This article has been indexed from Threatpost The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks. Read the original article: TrickBot Ravages Customers of Amazon,…
Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry
This article has been indexed from Threatpost The phishing attacks are spoofing LinkedIn to target ‘Great Resignation’ job hunters, who are also being preyed on by huge data-scraping bot attacks. Read the original article: Massive LinkedIn Phishing, Bot Attacks Feed…
Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers
This article has been indexed from Threatpost A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS. Read the original article: Critical VMware Bugs Open ESXi, Fusion &…
High-Severity RCE Bug Found in Popular Apache Cassandra Database
This article has been indexed from Threatpost On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren’t easy to track down, and it’s easy as pie to exploit. Read the original…
Emotet Now Spreading Through Malicious Excel Files
This article has been indexed from Threatpost An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December. Read the original article: Emotet Now Spreading Through Malicious Excel Files
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming
This article has been indexed from Threatpost Researchers have never before seen SquirrelWaffle attackers use typosquatting to keep sending spam once a targeted Exchange server has been patched for ProxyLogon/ProxyShell. Read the original article: SquirrelWaffle Adds a Twist of Fraud…
Chrome Zero-Day Under Active Attack: Patch ASAP
This article has been indexed from Threatpost The year’s 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems. Read the original article: Chrome Zero-Day Under Active…
TA2541: APT Has Been Shooting RATs at Aviation for Years
This article has been indexed from Threatpost Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense. Read the original article: TA2541: APT Has Been Shooting RATs at Aviation for…
BlackByte Tackles the SF 49ers & US Critical Infrastructure
This article has been indexed from Threatpost Hours before the Superbowl and two days after the FBI warned about the ransomware gang, BlackByte leaked what are purportedly the NFL team’s files. Read the original article: BlackByte Tackles the SF 49ers…
‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware
This article has been indexed from Threatpost 35K+ players were exposed to an auto-updater that planted a trojan that choked performance for fellow modders and Colossal Order employees. Read the original article: ‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware
‘Cities: Skylines’ Modder Banned Over Hidden Malware
This article has been indexed from Threatpost 35K+ players were exposed to an auto-updater that planted a trojan that choked performance for fellow modders and Colossal Order employees. Read the original article: ‘Cities: Skylines’ Modder Banned Over Hidden Malware
Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack
This article has been indexed from Threatpost The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems. Read the original article: Adobe: Zero-Day Magento 2 RCE Bug Under…
Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
This article has been indexed from Threatpost A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview. Read the original article: Critical MQTT-Related Bugs Open Industrial…
Cybercrooks Frame Targets by Planting Fabricated Digital Evidence
This article has been indexed from Threatpost The ‘ModifiedElephant’ threat actors are technically unimpressive, but they’ve evaded detection for a decade, hacking human rights advocates’ systems with dusty old keyloggers and off-the-shelf RATs. Read the original article: Cybercrooks Frame Targets…
Apple Patches Actively Exploited WebKit Zero Day
This article has been indexed from Threatpost A memory issue affects myriad iPhone, iPad and MacOS devices and allows attackers to execute arbitrary code after processing malicious web content. Read the original article: Apple Patches Actively Exploited WebKit Zero Day
Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares
This article has been indexed from Threatpost The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer. Read the original article: Decryptor Keys Published…
Sharp SIM-Swapping Spike Causes $68M in Losses
This article has been indexed from Threatpost The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts. Read the original article: Sharp SIM-Swapping Spike…
SAP Patches Severe ‘ICMAD’ Bugs
This article has been indexed from Threatpost SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities,…
SAP to Give Threat Briefing on Uber-Severe ‘ICMAD’ Bugs
This article has been indexed from Threatpost SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities,…
PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE
This article has been indexed from Threatpost The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said. Read the original article:…
Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware
This article has been indexed from Threatpost The living-off-the-land binary (LOLBin) is anchoring a rash of cyberattacks bent on evading security detection to drop Qbot and Lokibot. Read the original article: Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware
3 Tips for Facing the Harsh Truths of Cybersecurity in 2022, Part I
This article has been indexed from Threatpost Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout. Read the original article: 3 Tips for Facing the Harsh Truths of Cybersecurity…
Ex-Gumshoe Nabs Cybercrooks with FBI Tactics
This article has been indexed from Threatpost Crane Hassold, former FBI analyst turned director of threat intel at Abnormal Security, shares stories from his covert work with cyberattackers. Read the original article: Ex-Gumshoe Nabs Cybercrooks with FBI Tactics
MoleRats APT Flaunts New Trojan in Latest Cyberespionage Campaign
This article has been indexed from Threatpost Researchers from Proofpoint have spotted a new Middle East-targeted phishing campaign that delivers a novel malware dubbed NimbleMamba. Read the original article: MoleRats APT Flaunts New Trojan in Latest Cyberespionage Campaign
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
This article has been indexed from Threatpost This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don’t delay to apply the patches, security experts said. Read the original article: No…
China Suspected of News Corp Cyberespionage Attack
This article has been indexed from Threatpost Attackers infiltrated the media giant’s network using BEC, while Microsoft moved to stop such attacks by blocking VBA macros in 5 Windows apps. Included: more ways to help stop BEC. Read the original…
CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug
This article has been indexed from Threatpost Feb. 18 is the deadline to patch a bug that affects all unpatched versions of Windows 10 and requires zero user interaction to exploit. Read the original article: CISA Orders Federal Agencies to…
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
This article has been indexed from Threatpost However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks. Read the original article: LockBit, BlackCat, Swissport, Oh My!…
Medusa Malware Joins Flubot’s Android Distribution Network
This article has been indexed from Threatpost Two powerful trojans with spyware and RAT capabilities are being delivered in side-by-side campaigns using a common infrastructure. Read the original article: Medusa Malware Joins Flubot’s Android Distribution Network