Category: threatpost

This article has been indexed from Threatpost The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor. Read the original article: QuaDream, 2nd Israeli Spyware Firm,…

Read more →

This article has been indexed from Threatpost The ‘smishing’ group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims. Read the original article: Roaming Mantis Expands Android Backdoor…

Read more →

This article has been indexed from Threatpost The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what’s next. Read the original article: ‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet

Read more →

This article has been indexed from Threatpost The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another. Read the original article: Argo CD Security Bug Opens Kubernetes Cloud Apps…

Read more →

This article has been indexed from Threatpost The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software. Read the original article: Attackers Target Intuit Users by Threatening to Cancel…

Read more →

This article has been indexed from Threatpost And customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the “real pain in the rear end” of manual inputting, inaccurate wages & more. Read the original article: Kronos Still…

Read more →

This article has been indexed from Threatpost A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics. Read the original article: Low-Detection Phishing Kits Increasingly Bypass MFA

Read more →

This article has been indexed from Threatpost The company’s RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating. Read the original…

Read more →

This article has been indexed from Threatpost The popular bridge, which connects Ethereum, Solana blockchain & more, was shelled out by it’s-not-saying. Wormhole is trying to negotiate with the attacker. Read the original article: Wormhole Crypto Platform: ‘Funds Are Safe’…

Read more →

This article has been indexed from Threatpost Attackers are using socially engineered emails with .ppam file attachments that hide malware that can rewrite Windows registry settings on targeted machines. Read the original article: PowerPoint Files Abused to Take Over Computers

Read more →

This article has been indexed from Threatpost The Conti gang strikes again, disrupting the nom-merchant’s supply chain and threatening empty supermarket shelves lasting for weeks. Read the original article: KP Snacks Left with Crumbs After Ransomware Attack

Read more →

This article has been indexed from Threatpost Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them. Read the original article: Supply-Chain Security…

Read more →

This article has been indexed from Threatpost Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors. Read the original article: Thousands of Malicious npm…

Read more →

This article has been indexed from Threatpost The notorious Iranian APT is fortifying its arsenal with new malicious tools and evasion tactics and may even be behind the Memento ransomware. Read the original article: Charming Kitten Sharpens Its Claws with…

Read more →

This article has been indexed from Threatpost The warning follows a Citizen Lab report that found the official, mandatory app has an encryption flaw that “can be trivially sidestepped.” Besides burners, here are more tips on staying cyber-safe at the…

Read more →

This article has been indexed from Threatpost Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn. Read the original article: Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft

Read more →

This article has been indexed from Threatpost ATO attacks are evolving. Jason Kent, hacker-in-residence at Cequence Security, discusses what new-style cyberattacks look like in the wild. Read the original article: The Account Takeover Cat-and-Mouse Game

Read more →

This article has been indexed from Threatpost The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages. Read the original article: Samba ‘Fruit’ Bug Allows RCE, Full Root User Access

Read more →

This article has been indexed from Threatpost LOLBins help attackers become invisible to security platforms. Uptycs provides a rundown of the most commonly abused native utilities for Windows, Linux and macOS – and advice for protection. Read the original article:…

Read more →

This article has been indexed from Threatpost The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update. Read the original article: Public Exploit Released for Windows 10 Bug

Read more →

This article has been indexed from Threatpost The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also “hack every website you’ve ever visited.” Read the original article: Apple Pays $100.5K Bug Bounty…

Read more →

This article has been indexed from Threatpost Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam. Read the original article: NSO Group Pegasus Spyware Aims at Finnish Diplomats

Read more →

This article has been indexed from Threatpost The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2. Read the original article: Lazarus APT…

Read more →

This article has been indexed from Threatpost The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims. Read the original article: Zerodium Spikes Payout for…

Read more →

This article has been indexed from Threatpost QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics’ network has been crippled. Read the original article: Conti, DeadBolt Ransomwares Target Delta, QNAP

Read more →

This article has been indexed from Threatpost QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics’ network has been crippled. Read the original article: Conti, DeadBolt Target Delta, QNAP

Read more →

This article has been indexed from Threatpost MacOS malware Shlayer and Bundlore may have variations, but the behavior of their attacks have not changed – attacking older macOS versions and poorly-protected websites. Read the original article: Shlayer and Bundlore MacOS…

Read more →

This article has been indexed from Threatpost The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line. Read the original article: 2FA App Loaded with Banking Trojan Infests 10K Victims via Google…

Read more →

This article has been indexed from Threatpost Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads. Read the original article: Shipment-Delivery Scams Become the…

Read more →

This article has been indexed from Threatpost The malware had already put millions of routers and IoT devices at risk, and now any noob can have at it. Read the original article: BotenaGo Botnet Code Leaked to GitHub, Impacting Millions…

Read more →

This article has been indexed from Threatpost The malware had already put millions of routers and IoT devices at risk, and now any noob can have at it. Read the original article: BotenaGo Botnet Code Leaked to GitHub

Read more →

This article has been indexed from Threatpost Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads. Read the original article: Shipment-Delivery Scams a Fav…

Read more →

This article has been indexed from Threatpost SaaS Security Posture Management (SSPM) named a must have solution by Gartner. Adaptive Shields SSPM solution allows security teams full visibility and control. Read the original article: How to Secure Your SaaS Stack…

Read more →

This article has been indexed from Threatpost The malware has added an anti-debugging tool that crashes browser tabs when researchers use code beautifying for analysis. Read the original article: TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade

Read more →

This article has been indexed from Threatpost iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild. Read the original article: Apple Fixes…

Read more →

This article has been indexed from Threatpost The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play. Read the original article: ‘Dark Herring’ Billing Malware Swims onto 105M…

Read more →

This article has been indexed from Threatpost Need a blueprint for architecting a formidable cyber-defense? Kerry Mandiant, senior director at Mandiant, shares hers in this detailed breakdown. Read the original article: New Year, New Threats: 4 Tips to Activate Your…

Read more →

This article has been indexed from Threatpost Threat actors use bogus ‘shipping delays’ to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do. Read the original article:…

Read more →

This article has been indexed from Threatpost The 12-year-old flaw in the sudo-like polkit’s pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days. Read the original article: Linux Bug in All…

Read more →

This article has been indexed from Threatpost Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe. Read the original article: Threat Actors Blanket Androids…

Read more →

This article has been indexed from Threatpost A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy. Read the original article: MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks

Read more →

This article has been indexed from Threatpost Visitors who shopped on the company’s eCommerce website in January will likely find their payment-card data heisted, researchers warned. Read the original article: Segway Hit by Magecart Attack Hiding in a Favicon

Read more →

This article has been indexed from Threatpost A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets. Read the original article: Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin

Read more →

This article has been indexed from Threatpost Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country’s only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population. Read the original article:…

Read more →

This article has been indexed from Threatpost A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a new macOS backdoor that researchers dubbed DazzleSpy. Read the original article: New MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks

Read more →

This article has been indexed from Threatpost A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users. Read the original article: AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover

Read more →

This article has been indexed from Threatpost Researchers identify three new versions of the banking trojan that include various new features, including GPS tracking and novel obfuscation techniques. Read the original article: BRATA Android Trojan Updated with ‘Kill Switch’ that…

Read more →

This article has been indexed from Threatpost The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers. Read the original article: Linux Servers…

Read more →

This article has been indexed from Threatpost State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data. Read the original article: MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

Read more →

This article has been indexed from Threatpost QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money,…

Read more →

This article has been indexed from Threatpost The bug can allow attackers to remotely execute code on gamers’ computers. The devs temporarily deactivated PvP servers across multiple affected versions. Read the original article: Dark Souls 3 Servers Shut Down Due…

Read more →

This article has been indexed from Threatpost The ‘DTPacker’ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds. Read the original article: Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers

Read more →

This article has been indexed from Threatpost What attracts the attackers? David “moose” Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets. Read the original article: The Internet’s Most Tempting Targets

Read more →

This article has been indexed from Threatpost Court rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant’s 2017 cyberattack. Read the original article: Merck Awarded $1.4B Insurance Payout over NotPetya Attack

Read more →

This article has been indexed from Threatpost The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. Read the original article: 20K WordPress Sites Exposed by Insecure Plugin REST-API

Read more →

This article has been indexed from Threatpost McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges. Read the original article: McAfee Bug Can Be Exploited…

Read more →

This article has been indexed from Threatpost The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud. Read the original article: Spyware Blitzes Compromise, Cannibalize ICS Networks

Read more →

This article has been indexed from Threatpost In a display of 2FA’s fallibility, unauthorized transactions approved without users’ authentication bled 483 accounts of funds. Read the original article: 2FA Bypassed in $34.6M Crypto.com Heist

Read more →

This article has been indexed from Threatpost Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges. Read the original article: Critical Cisco…

Read more →

This article has been indexed from Threatpost SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks’ internal devices. Read the original article: Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug

Read more →

This article has been indexed from Threatpost The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open. Read the original article: Pervasive Apple Safari Bug Exposes…

Read more →

This article has been indexed from Threatpost A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration. Read the original article: Red Cross Begs…

Read more →

This article has been indexed from Threatpost The Red Cross was forced to shut down IT systems behind its Restoring Family Links system, which reunites families separated by war, disaster or migration. Read the original article: Red Cross Begs Attackers…

Read more →

This article has been indexed from Threatpost R.R. Donnelly, the integrated services company, confirmed a ‘systems intrusion’ that occurred in late December and is still under investigation. Read the original article: SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware…

Read more →

This article has been indexed from Threatpost Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia’s wider effort to undermine Ukraine’s sovereignty, according to analysts. Read the original article: Destructive Wiper Targeting Ukraine…

Read more →

This article has been indexed from Threatpost A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. Read the original article: Box 2FA Bypass Opens User Accounts…

Read more →

This article has been indexed from Threatpost Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details. Read the original article: Beijing Olympics App Flaws…

Read more →

This article has been indexed from Threatpost A well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucrative government projects — but harvests credentials instead. Read the original article: Cloned Dept. of Labor Site Hawks…

Read more →

This article has been indexed from Threatpost Praise be & pass the recipe for the software soup: There’s too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable. Read the original article: Will 2022 Be the Year…

Read more →

This article has been indexed from Threatpost It’s time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking. Read the original article: The Log4j Vulnerability Puts Pressure on the Security World

Read more →

This article has been indexed from Threatpost VMware’s container-based application development environment has become attractive to cyberattackers. Read the original article: Cybercriminals Actively Target VMware vSphere with Cryptominers

Read more →

This article has been indexed from Threatpost It’s a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art. Read the original article: ‘White Rabbit’ Ransomware May…

Read more →

This article has been indexed from Threatpost Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. Read the original article: Critical ManageEngine Desktop Server Bug Opens Orgs to Malware

Read more →

This article has been indexed from Threatpost Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said. Read the original article: Organizations Face a ‘Losing Battle’ Against Vulnerabilities

Read more →

This article has been indexed from Threatpost UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next. Read the original article: Top Illicit Carding Marketplace UniCC Abruptly Shuts Down

Read more →

This article has been indexed from Threatpost Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers. Read the original article: Critical Cisco Contact Center Bug Threatens Customer-Service Havoc

Read more →

This article has been indexed from Threatpost Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike. Read the original article: Real…

Read more →

This article has been indexed from Threatpost As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be afraid” was scrawled on the Foreign Ministry site. Read the original article: ‘Be Afraid:’ Massive Cyberattack Downs…

Read more →

This article has been indexed from Threatpost The country’s FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil’s infrastructure. Read the original article: Russian Security Takes Down REvil Ransomware Gang

Read more →

This article has been indexed from Threatpost Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform. Read the original article: Three Plugins with Same Bug Put 84K WordPress Sites…

Read more →

This article has been indexed from Threatpost Since their release on Patch Tuesday, the updates have been breaking Windows, causing spontaneous boot loops on Windows domain controller servers, breaking Hyper-V and making ReFS volume systems unavailable. Read the original article:…

Read more →

This article has been indexed from Threatpost Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens. Read the original article: North Korean APTs Stole ~$400M in…

Read more →

This article has been indexed from Threatpost US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools. Read the original article: US Military Ties Prolific MuddyWater Cyberespionage APT to Iran

Read more →

This article has been indexed from Threatpost GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates. Read the original article: New GootLoader Campaign Targets Accounting, Law Firms

Read more →

This article has been indexed from Threatpost Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered. Read the original article:…

Read more →

This article has been indexed from Threatpost A cloudy campaign delivers commodity remote-access trojans to steal information and execute code. Read the original article: Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign

Read more →

This article has been indexed from Threatpost Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access. Read the original article: Widespread, Easily Exploitable Windows…

Read more →

This article has been indexed from Threatpost Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users. Read the original article: Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts

Read more →

This article has been indexed from Threatpost Sponsored: Password security is highlighted in attorney general warning to New York state businesses. Read the original article: New York AG Warns 17 Firms of Credential Attacks

Read more →

This article has been indexed from Threatpost Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts. Read the original article: FIFA Ultimate Team Account Takeovers…

Read more →

This article has been indexed from Threatpost Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts. Read the original article: Phishers Rip Off High-Profile EA…

Read more →

This article has been indexed from Threatpost It’s not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey. Read the original article: Here’s REALLY How to Do Zero-Trust Security

Read more →

This article has been indexed from Threatpost The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. Read the original article: Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Read more →

This article has been indexed from Threatpost The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots. Read the original article: MacOS…

Read more →

This article has been indexed from Threatpost Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk. Read the original article: WordPress Bugs Exploded in 2021, Most Exploitable

Read more →

This article has been indexed from Threatpost The FBI warned that attackers are impersonating Health & Human Services and/or Amazon to mail BadUSB-poisoned USB devices to targets in transportation, insurance & defense. Read the original article: FIN7 Mailing Malicious USB…

Read more →

This article has been indexed from Threatpost The malware establishes initial access on targeted machines, then waits for additional code to execute. Read the original article: ‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS

Read more →

This article has been indexed from Threatpost Researchers offer more detail on the bug, which can allow attackers to completely take over targets. Read the original article: Critical SonicWall NAC Vulnerability Stems from Apache Mods

Read more →

This article has been indexed from Threatpost The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from Netgear, TP-Link, DLink, Western Digital, et al. Read the original article: Millions of Routers Exposed to RCE…

Read more →

This article has been indexed from Threatpost The high-severity RCE flaw is in the KCodes NetUSB kernel module found in popular end-user routers from Netgear, TP-Link, DLink, and Western Digital, et al. Read the original article: Millions of Routers Exposed…

Read more →