The scam uses a range of themes, including tech-support scares and slot machines. Advertise on IT Security News. Read the complete article: Apple iPhone Users Targeted with Bogus Dating App for Valentine’s Day
Tag: Threatpost
SMS Phishing Campaign Targets Mobile Bank App Users in North America
Customers of RBC, HSBC, TD, Meridian, BNC and Chase are targeted in latest attack. Advertise on IT Security News. Read the complete article: SMS Phishing Campaign Targets Mobile Bank App Users in North America
News Wrap: Valentine’s Day Scams and Emotet’s Wi-Fi Hack
Top stories of this week include a new Emotet Wi-Fi hack and Robbinhood ransomware operators using a “bring your own bug” technique. Advertise on IT Security News. Read the complete article: News Wrap: Valentine’s Day Scams and Emotet’s Wi-Fi…
Hackers Can Seize Control of Ballots Cast Using the Voatz Voting App, Researchers Say
Flaws in the blockchain app some states plan to use in the 2020 election allow bad actors to alter or cancel someone’s vote or expose their private info. Advertise on IT Security News. Read the complete article: Hackers Can…
Critical WordPress Plugin Bug Afflicts 700K Sites
Researchers are urging users of the GDPR Cookie Consent WordPress plugin to update as soon as possible. Advertise on IT Security News. Read the complete article: Critical WordPress Plugin Bug Afflicts 700K Sites
Privacy Experts Skeptical of Proposed Data Protection Agency
A new Data Protection Agency would overhaul federal regulation efforts around data privacy – but experts are skeptical that the U.S. government can get it right. Advertise on IT Security News. Read the complete article: Privacy Experts Skeptical of…
Puerto Rico Gov Hit By $2.6M Phishing Scam
A recent phishing scam targeted Puerto Rico’s Industrial Development Company. Advertise on IT Security News. Read the complete article: Puerto Rico Gov Hit By $2.6M Phishing Scam
Google: Efforts Against Bad Android Apps on Play Store Are Working
The tech giant acknowledged some achievements in efforts to bolster mobile app security but recognized more needs to be done. Advertise on IT Security News. Read the complete article: Google: Efforts Against Bad Android Apps on Play Store Are…
Mozilla Firefox 73 Browser Update Fixes High-Severity RCE Bugs
The release of Firefox 73 fixed high-severity memory safety bugs that could cause arbitrary code execution and missing bounds check that could enable memory corruption. Advertise on IT Security News. Read the complete article: Mozilla Firefox 73 Browser Update…
SoundCloud Tackles DoS, Account Takeover Issues
Among other issues, the music platform didn’t limit the number of login attempts someone could make. Advertise on IT Security News. Read the complete article: SoundCloud Tackles DoS, Account Takeover Issues
Katie Moussouris: The Bug Bounty Conflict of Interest
Katie Moussouris sounds off on the challenges behind creating successful bug bounty programs. Advertise on IT Security News. Read the complete article: Katie Moussouris: The Bug Bounty Conflict of Interest
Report to Your Management with the Definitive ‘IR Management and Reporting’ Presentation Template
The IR Management and Reporting Template attempt to assist the CISO – not only perform a top edge response to cyberattacks but also ensure that this professional and critical work is understood and acknowledged. Advertise on IT Security News.…
FBI: $3.5B Lost in 2019 to Known Cyberscams, Ransomware
Cybercriminals double down on successful internet scams, with a focus on phishing, BEC and other defrauding schemes that have proven to work. Advertise on IT Security News. Read the complete article: FBI: $3.5B Lost in 2019 to Known Cyberscams,…
Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches
There are 12 critical and five previously disclosed bugs in the February 2020 Patch Tuesday Update. Advertise on IT Security News. Read the complete article: Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches
Intel Patches High-Severity Flaw in Security Engine
The high-severity vulnerability could enable denial of service, privilege escalation and information disclosure. Advertise on IT Security News. Read the complete article: Intel Patches High-Severity Flaw in Security Engine
Estée Lauder Exposes 440M Records, with Email Addresses, Network Info
Middleware data was exposed, which can create a secondary path for malware through which applications and data can be compromised. Advertise on IT Security News. Read the complete article: Estée Lauder Exposes 440M Records, with Email Addresses, Network Info
Adobe Addresses Critical Flash, Framemaker Flaws
Overall, Adobe patched flaws tied to 42 CVEs as part of its regularly scheduled updates. Advertise on IT Security News. Read the complete article: Adobe Addresses Critical Flash, Framemaker Flaws
Dell Patches SupportAssist Flaw That Allows Arbitrary Code Execution
The uncontrolled search path vulnerability allows a local user to use DLLs to escalate privileges and affects Windows PCs. Advertise on IT Security News. Read the complete article: Dell Patches SupportAssist Flaw That Allows Arbitrary Code Execution
BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver
The RobbinHood ransomware is using a deprecated Gigabyte driver as the tip of the spear for taking out antivirus products. Advertise on IT Security News. Read the complete article: BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver
Active PayPal Phishing Scam Targets SSNs, Passport Photos
Phishing emails have been uncovered that request a full rundown of personal data – even asking for photos of passports. Advertise on IT Security News. Read the complete article: Active PayPal Phishing Scam Targets SSNs, Passport Photos
Equifax Breach: Four Members of Chinese Military Charged with Hacking
Feds have charged four members of the Chinese People’s Liberation Army (PLA) in connection with the infamous 2017 Equifax breach. Advertise on IT Security News. Read the complete article: Equifax Breach: Four Members of Chinese Military Charged with Hacking
Docker Registries Expose Hundreds of Orgs to Malware, Data Theft
Misconfigured Docker registries could leak confidential data, lead to a full-scale compromise and interrupt the business operations.” Advertise on IT Security News. Read the complete article: Docker Registries Expose Hundreds of Orgs to Malware, Data Theft
Emotet Now Hacks Nearby Wi-Fi Networks to Spread Like a Worm
The new tactic used by Emotet allows the malware to infect nearby insecure Wi-Fi networks – and their devices – via brute force loops. Advertise on IT Security News. Read the complete article: Emotet Now Hacks Nearby Wi-Fi Networks…
Wacom Tablet Data Exfiltration Raises Security Concerns
Wacom stated that its data collection is done only in aggregate — but that doesn’t fix the issues, according to security experts. Advertise on IT Security News. Read the complete article: Wacom Tablet Data Exfiltration Raises Security Concerns
Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed
The flaw was recently patched in Android’s February Security Bulletin. Advertise on IT Security News. Read the complete article: Critical Android Bluetooth Bug Enables RCE, No User Interaction Needed
Google Chrome To Bar HTTP File Downloads
File downloads like images or executables may not be delivered over HTTPS – even if they are available from an HTTPS website. Advertise on IT Security News. Read the complete article: Google Chrome To Bar HTTP File Downloads
Critical Citrix RCE Flaw Still Threatens 1,000s of Corporate LANs
RCE and myriad other types of attacks could take aim at the 19 percent of vulnerable companies that haven’t yet patched CVE-2019-19781. Advertise on IT Security News. Read the complete article: Critical Citrix RCE Flaw Still Threatens 1,000s of…
Phishing Campaign Targets 250 Android Apps with Anubis Malware
New attacks discovered by Cofense can perform keylogging, steal data and completely hijack a mobile device. Advertise on IT Security News. Read the complete article: Phishing Campaign Targets 250 Android Apps with Anubis Malware
Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites
A recent slew of skimming attacks have been linked back to Magecart Group 12. Advertise on IT Security News. Read the complete article: Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites
Metamorfo Returns with Keylogger Trick to Target Financial Firms
The malware uses a tactic to force victims to retype passwords into their systems – which it tracks via a keylogger. Advertise on IT Security News. Read the complete article: Metamorfo Returns with Keylogger Trick to Target Financial Firms
U.S. Finance Sector Hit with Targeted Backdoor Campaign
The powerful Minebridge backdoor gives cyberattackers full run of a victim’s machine. Advertise on IT Security News. Read the complete article: U.S. Finance Sector Hit with Targeted Backdoor Campaign
The RSAC 2020 Trend Report
What’s trending in cybersecurity? This year’s session submissions tell us. Advertise on IT Security News. Read the complete article: The RSAC 2020 Trend Report
Charming Kitten Uses Fake Interview Requests to Target Public Figures
APT group poses as a former Wall Street Journal journalist to launch phishing campaigns and steal victim email account details. Advertise on IT Security News. Read the complete article: Charming Kitten Uses Fake Interview Requests to Target Public Figures
Dropbox Passes $1M Milestone for Bug-Bounty Payouts
The file-sharing service also disclosed details of past notable bugs for the first time. Advertise on IT Security News. Read the complete article: Dropbox Passes $1M Milestone for Bug-Bounty Payouts
CamuBot Banking Trojan Returns In Targeted Attacks
The malware is back in targeted attacks against Brazilian banking customers, this time using a new technique that involves mobile app authorization. Advertise on IT Security News. Read the complete article: CamuBot Banking Trojan Returns In Targeted Attacks
New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers
Malware campaign targets global manufacturers that are still dependent on Windows 7 subsystems to run fleets of IoT endpoints. Advertise on IT Security News. Read the complete article: New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers
WhatsApp Bug Allows Malicious Code-Injection, One-Click RCE
A high-severity vulnerability could allow cybercriminals to push malware or remotely execute code, using seemingly innocuous messages. Advertise on IT Security News. Read the complete article: WhatsApp Bug Allows Malicious Code-Injection, One-Click RCE
Critical Cisco ‘CDPwn’ Flaws Break Network Segmentation
Cisco has released patches to address the five vulnerabilities, which could lead to remote code-execution and denial of service. Advertise on IT Security News. Read the complete article: Critical Cisco ‘CDPwn’ Flaws Break Network Segmentation
Critical Cisco ‘CDPwn’ Protocol Flaws Explained: Podcast
The researcher behind the five critical Cisco flaws, collectively called CDPwn, talks about why Layer 2 protocols are under-researched when it comes to security vulnerabilities. Advertise on IT Security News. Read the complete article: Critical Cisco ‘CDPwn’ Protocol Flaws…
Gamaredon APT Improves Toolset to Target Ukraine Government, Military
The Gamaredon advanced persistent threat (APT) group has been supercharging its operations lately, improving its toolset and ramping up attacks on Ukrainian national security targets. Vitali Kremez, head of SentinelLabs, said in research released on Wednesday that he has been…
Community Housing Nonprofit Hit with $1.2M Loss in BEC Scam
Red Kite said that domain-spoofing and convincing scam emails claiming to be from suppliers were the cause. Advertise on IT Security News. Read the complete article: Community Housing Nonprofit Hit with $1.2M Loss in BEC Scam
Ransomware Attack Hinders Toll Group Operations
Customers took to Twitter to air their grievances after some of the transportation giant’s operations were downed. Advertise on IT Security News. Read the complete article: Ransomware Attack Hinders Toll Group Operations
Two Critical Android Bugs Get Patched in February Update
As part of its February bug fixes, Google is patching a critical severity remote code execution vulnerability and an information disclosure bug. Advertise on IT Security News. Read the complete article: Two Critical Android Bugs Get Patched in February…
Medtronic Patches Implanted Device, CareLink Programmer Bugs
The medical device giant has issued fixes for bugs first disclosed in 2018 and 2019. Advertise on IT Security News. Read the complete article: Medtronic Patches Implanted Device, CareLink Programmer Bugs
Twitter API Abused to Uncover User Identities
State-sponsored actors may have been behind the social media abuse, said Twitter. Advertise on IT Security News. Read the complete article: Twitter API Abused to Uncover User Identities
AZORult Campaign Adopts Novel Triple-Encryption Technique
Popular trojan is sneaking its way onto PCs via malspam campaign that uses three levels of encryption to sneak past cyber defenses. Advertise on IT Security News. Read the complete article: AZORult Campaign Adopts Novel Triple-Encryption Technique
Tesla Autopilot Duped By ‘Phantom’ Images
Researchers were able to fool popular autopilot systems into perceiving projected images as real – causing the cars to brake or veer into oncoming traffic lanes. Advertise on IT Security News. Read the complete article: Tesla Autopilot Duped By…
Ashley Madison Breach Extortion Scam Targets Hundreds
A new extortion attack has targeted hundreds of users affected by the Ashley Madison breach over the past week. Advertise on IT Security News. Read the complete article: Ashley Madison Breach Extortion Scam Targets Hundreds
TrickBot Switches to a New Windows 10 UAC Bypass to Evade Detection
The tricky trojan evolves yet again, remaining one of the most advanced vehicles for delivering malware. Advertise on IT Security News. Read the complete article: TrickBot Switches to a New Windows 10 UAC Bypass to Evade Detection
Advanced Obfuscation Marks Widespread Info-Stealing Campaign
Agent Tesla and LokiBot are common payloads in the botnet-driven spam effort. Advertise on IT Security News. Read the complete article: Advanced Obfuscation Marks Widespread Info-Stealing Campaign
Evil Corp Returns With New Malware Infection Tactic
Researchers have observed the cybercrime group back in action, now using a new tactic for distributing malware. Advertise on IT Security News. Read the complete article: Evil Corp Returns With New Malware Infection Tactic
Iranian Hackers Target U.S. Gov. Vendor With Malware
APT34 has been spotted in a malware campaign targeting customers and employees of a company that works closely with U.S. federal agencies, and state and local governments. Advertise on IT Security News. Read the complete article: Iranian Hackers Target…
Zero Day Initiative Bug Hunters Rake in $1.5M in 2019
Microsoft OS flaws, out-of-bounds reads, ICS gear and a record number of high-severity bugs marked 2019 for the ZDI program. Advertise on IT Security News. Read the complete article: Zero Day Initiative Bug Hunters Rake in $1.5M in 2019
Sodinokibi Ransomware Group Sponsors Hacking Contest
Larger winnings for underground skills competitions are attracting sophisticated crime groups. Advertise on IT Security News. Read the complete article: Sodinokibi Ransomware Group Sponsors Hacking Contest
Microsoft Offers Rewards of Up to $20,000 in New Xbox Bug Bounty Program
Program is the latest the tech giant has launched that pay users and security researchers to find vulnerabilities in its numerous products. Advertise on IT Security News. Read the complete article: Microsoft Offers Rewards of Up to $20,000 in…
200K WordPress Sites Vulnerable to Plugin Flaw
Developers behind WordPress plugin Code Snippets have issued a patch for the high-severity flaw. Advertise on IT Security News. Read the complete article: 200K WordPress Sites Vulnerable to Plugin Flaw
Coronavirus Campaigns Spread Emotet, Malware
The ongoing global spread of the disease precipitates malware infections. Advertise on IT Security News. Read the complete article: Coronavirus Campaigns Spread Emotet, Malware
Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup
Vulnerabilities allow unauthenticated remote attackers to access sensitive device information and launch denial of service attacks. Advertise on IT Security News. Read the complete article: Cisco Patches Two High-Severity Bugs in its Small Business Switch Lineup
Bezos, WhatsApp Cyberattacks Show Growing Mobile Sophistication
The recently disclosed Jeff Bezos phone hack and other incidents show that mobile devices are being increasingly targeted by sophisticated nation-state attackers. Advertise on IT Security News. Read the complete article: Bezos, WhatsApp Cyberattacks Show Growing Mobile Sophistication
U.N. Hack Stemmed From Microsoft SharePoint Flaw
Reportedly, the bug wasn’t patched, leading to a data breach in July. Advertise on IT Security News. Read the complete article: U.N. Hack Stemmed From Microsoft SharePoint Flaw
Facebook to Pay $550M to Settle Class Action Case Over Facial Recognition
The settlement in a case over the social network’s Tag Suggestions feature is the latest financial blow the company has taken over its handling of user privacy. Advertise on IT Security News. Read the complete article: Facebook to Pay…
Dell, HP Memory-Access Bugs Open Attacker Path to Kernel Privileges
The manufacturers have issued BIOS updates to address the issues, but researchers warn DMA attacks are likely possible against a range of laptops and desktops. Advertise on IT Security News. Read the complete article: Dell, HP Memory-Access Bugs Open…
Apple Security Updates Tackle iOS Device Tracking, RCE Flaws
Apple’s iOS 13.3.1 update includes a host of security patches and a way to turn off U1 Ultra Wideband tracking. Advertise on IT Security News. Read the complete article: Apple Security Updates Tackle iOS Device Tracking, RCE Flaws
Apple Security Updates Tackle iOS Device Tracking
Apple’s iOS 13.3.1 update includes a host of security patches and a way to turn off U1 Ultra Wideband tracking. Advertise on IT Security News. Read the complete article: Apple Security Updates Tackle iOS Device Tracking
Google Sets Record High in Bug-Bounty Payouts
After a year of big changes, white hats reaped more from Google’s programs than ever before. Advertise on IT Security News. Read the complete article: Google Sets Record High in Bug-Bounty Payouts
Video: Zoom Researcher Details Web Conference Security Risks, 2020 Threats
Maya Horowitz with Check Point Research discussed recently-disclosed Zoom vulnerabilities that could have opened up web conferencing meetings to hackers. Advertise on IT Security News. Read the complete article: Video: Zoom Researcher Details Web Conference Security Risks, 2020 Threats
Critical Flaws in Magento e-Commerce Platform Allow Code-Execution
Admins are encouraged to update their websites to stave off attacks from Magecart card-skimmers and others. Advertise on IT Security News. Read the complete article: Critical Flaws in Magento e-Commerce Platform Allow Code-Execution
Wawa Breach May Have Affected More Than 30 Million Customers
Hefty collection of U.S. and international payment cards from the incident revealed in December found up for sale on dark-web marketplace Joker’s Stash. Advertise on IT Security News. Read the complete article: Wawa Breach May Have Affected More Than…
New ‘CacheOut’ Attack Targets Intel CPUs
Researchers have release a new proof-of-concept attack targeting a new Intel Speculative-type bug called CacheOut present in most Intel CPUs. Advertise on IT Security News. Read the complete article: New ‘CacheOut’ Attack Targets Intel CPUs
Trolls-For-Hire Pave Way For Sophisticated Social Media Hacks
Threat actors leveraging social media for hacks and misinformation are growing more coordinated. Advertise on IT Security News. Read the complete article: Trolls-For-Hire Pave Way For Sophisticated Social Media Hacks
Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners
The Amazon-owned video doorbell uses third-party trackers to serve up rich data to marketers without meaningfully notifying users. Advertise on IT Security News. Read the complete article: Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners
MTTD and MTTR: Two Metrics to Improve Your Cybersecurity
While there are dozens of metrics available to determine success, there are two key cybersecurity performance indicators every organization should monitor. Advertise on IT Security News. Read the complete article: MTTD and MTTR: Two Metrics to Improve Your Cybersecurity
LoRaWAN Encryption Keys Easy to Crack, Jeopardizing Security of IoT Networks
New research from IOActive has found that “blindly” trusting the encryption of the widely adopted device protocol can lead to DDoS, sending of false data and other cyber attacks. Advertise on IT Security News. Read the complete article: LoRaWAN…
Zoom Fixes Flaw Opening Meetings to Hackers
Zoom has patched a flaw that could have allowed attackers to guess a meeting ID and enter a meeting. Advertise on IT Security News. Read the complete article: Zoom Fixes Flaw Opening Meetings to Hackers
Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox
After discovering a wide pattern of potentially malicious behavior in browser extensions, the two search giants are cracking down. Advertise on IT Security News. Read the complete article: Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox
As Necurs Botnet Falls from Grace, Emotet Rises
Researchers wonder if a recent “amateur spam” campaign by the once-prevalant malware distribution botnet is a sign of trojans looking to other infection paths. Advertise on IT Security News. Read the complete article: As Necurs Botnet Falls from Grace,…
N.Y. Could Ban Cities from Paying Ransomware Attackers
State senators have issued proposals they say would encourage municipalities to upgrade their cyber-postures. Advertise on IT Security News. Read the complete article: N.Y. Could Ban Cities from Paying Ransomware Attackers
Mandatory IoT Security in the Offing with U.K. Proposal
The new U.K. law mandates that manufacturers apply several security controls to their connected devices. Advertise on IT Security News. Read the complete article: Mandatory IoT Security in the Offing with U.K. Proposal
ThreatList: Ransomware Costs Double in Q4, Sodinokibi Dominates
Ransomware actors are turning their sights on larger enterprises, making both average cost and downtime inflicted from attacks skyrocket. Advertise on IT Security News. Read the complete article: ThreatList: Ransomware Costs Double in Q4, Sodinokibi Dominates
Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings
The flaw could allow a remote, unauthenticated attacker to enter a password-protected video conference meeting. Advertise on IT Security News. Read the complete article: Cisco Webex Flaw Lets Unauthenticated Users Join Private Online Meetings
New Bill Proposes NSA Surveillance Reforms
The newly-introduced bill targets the Patriot Act’s Section 215, previously used by the U.S. government to collect telephone data from millions of Americans. Advertise on IT Security News. Read the complete article: New Bill Proposes NSA Surveillance Reforms
Fake Smart Factory Honeypot Highlights New Attack Threats
The honeypot demonstrates the various security concerns plaguing vulnerable industrial control systems. Advertise on IT Security News. Read the complete article: Fake Smart Factory Honeypot Highlights New Attack Threats
Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices
The Feds have warned on six vulnerabilities in GE medical equipment that could affect patient monitor alarms and more. Advertise on IT Security News. Read the complete article: Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices
U.S. Gov Agency Targeted With Malware-Laced Emails
The malicious email campaign included a never-before-seen malware downloader called Carrotball, and may be linked to the Konni Group APT. Advertise on IT Security News. Read the complete article: U.S. Gov Agency Targeted With Malware-Laced Emails
Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia
The malware uses thousands of partner websites to spread malvertising code. Advertise on IT Security News. Read the complete article: Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia
Cisco Warns of Critical Network Security Tool Flaw
The critical flaw exists in Cisco’s administrative management tool, used with network security solutions like firewalls. Advertise on IT Security News. Read the complete article: Cisco Warns of Critical Network Security Tool Flaw
Google: Flaws in Apple’s Private-Browsing Technology Allow for Third-Party Tracking
New research outlines vulnerabilities in Safari’s Intelligent Tracking Protection that can reveal user browsing behavior to third parties. Advertise on IT Security News. Read the complete article: Google: Flaws in Apple’s Private-Browsing Technology Allow for Third-Party Tracking
Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment
The competition targets the systems that run critical infrastructure and more. Advertise on IT Security News. Read the complete article: Pwn2Own Miami Contestants Haul in $180K for Hacking ICS Equipment
Vivin Nets Thousands of Dollars Using Cryptomining Malware
A newly discovered threat actor named Vivin is raking in Monero from cryptomining malware, showing that this type of attack isn’t going away anytime soon. Advertise on IT Security News. Read the complete article: Vivin Nets Thousands of Dollars…
sLoad Malware Revamped as Powerful ‘StarsLord’ Loader
The newest version of the sLoad malware dropper comes equipped with infection tracking capabilities and an anti-analysis trick. Advertise on IT Security News. Read the complete article: sLoad Malware Revamped as Powerful ‘StarsLord’ Loader
Microsoft Leaves 250M Customer Service Records Open to the Web
The trove of information is potentially a scammer’s bonanza. Advertise on IT Security News. Read the complete article: Microsoft Leaves 250M Customer Service Records Open to the Web
New Muhstik Botnet Attacks Target Tomato Routers
Palo Alto Networks’ Unit 42 researchers observed a variant of the wormlike botnet that adds scanner technology to brute-force Web authentication. Advertise on IT Security News. Read the complete article: New Muhstik Botnet Attacks Target Tomato Routers
PoC Exploits Do More Good Than Harm: Threatpost Poll
More than half of security experts think that the good outweighs the bad when it comes to proof-of-concept exploits, according to a recent Threatpost poll. Advertise on IT Security News. Read the complete article: PoC Exploits Do More Good…
16Shop Phishing Gang Goes After PayPal Users
A sophisticated malware-as-a-service phishing kit includes full customer service and anti-detection technologies. Advertise on IT Security News. Read the complete article: 16Shop Phishing Gang Goes After PayPal Users
Citrix Accelerates Patch Rollout For Critical RCE Flaw
Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its Citrix Application Delivery Controller (ADC) and Citrix Gateway products. Advertise on IT Security News. Read the complete article: Citrix Accelerates Patch Rollout…
Microsoft Zero-Day Actively Exploited, Patch Forthcoming
CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover. Advertise on IT Security News. Read the complete article: Microsoft Zero-Day Actively Exploited, Patch Forthcoming
FTCODE Ransomware Now Steals Chrome, Firefox Credentials
New versions of the ransomware now sniff out saved credentials for Internet Explorer, Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Microsoft Outlook. Advertise on IT Security News. Read the complete article: FTCODE Ransomware Now Steals Chrome, Firefox Credentials
Hacker Leaks More Than 500K Telnet Credentials for IoT Devices
Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port. Advertise on IT Security News. Read the complete article: Hacker Leaks More Than 500K Telnet Credentials for IoT…
New JhoneRAT Malware Targets Middle East
Researchers say that JhoneRAT has various anti-detection techniques – including making use of Google Drive, Google Forms and Twitter. Advertise on IT Security News. Read the complete article: New JhoneRAT Malware Targets Middle East
Feds Cut Off Access to Billions of Breached Records with Site Takedown
The WeLeakInfo “data breach notification” domain is no more. Advertise on IT Security News. Read the complete article: Feds Cut Off Access to Billions of Breached Records with Site Takedown