Tag: Threatpost

This article has been indexed from Threatpost A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says. Read the original article: DarkHotel APT Targets Wynn, Macao Hotels to…

Read more →

This article has been indexed from Threatpost The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said. Read the original article: Sandworm APT Hunts for ASUS Routers…

Read more →

This article has been indexed from Threatpost Researchers have exposed the work of Exotic Lily, a full-time cybercriminal initial-access group that uses phishing to infiltrate organizations’ networks for further malicious activity. Read the original article: Google Blows Lid Off Conti,…

Read more →

This article has been indexed from Threatpost In the latest software supply-chain attack, the code maintainer added malicious code to the hugely popular node-ipc library to replace files with a heart emoji and a peacenotwar module. Read the original article:…

Read more →

This article has been indexed from Threatpost Five percent of the databases are vulnerable to threat actors: It’s a gold mine of exploit opportunity in thousands of mobile apps, researchers say. Read the original article: Misconfigured Firebase Databases Exposing Data…

Read more →

This article has been indexed from Threatpost It’s about time, AttackIQ’s Jonathan Reiber said about 24H/72H report deadlines mandated in the new spending bill. As it is, visibility into adversary behavior has been muck. Read the original article: Reporting Mandates…

Read more →

This article has been indexed from Threatpost Scammers are bypassing Apple’s App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs. Read the original article: ‘CryptoRom’ Crypto-Scam is Back via Side-Loaded…

Read more →

This article has been indexed from Threatpost CaddyWiper is one in a barrage of data-wiping cyber-attacks to hit the country since January as the war on the ground with Russia marches on. Read the original article: Another Destructive Wiper Targets…

Read more →

This article has been indexed from Threatpost The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content.” Read the original article: Phony Instagram ‘Support Staff’ Emails Hit Insurance Company

Read more →

This article has been indexed from Threatpost DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency. Read the original article: Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’

Read more →

This article has been indexed from Threatpost The “Dirty Pipe” Linux kernel flaw – a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access – affects most of QNAP’s network-attached storage (NAS)…

Read more →

This article has been indexed from Threatpost Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany. Read the original article: Pandora Ransomware Hits Giant Automotive Supplier…

Read more →

This article has been indexed from Threatpost The ransomware group’s benefits – bonuses, employee of the month, performance reviews & top-notch training – might be better than yours, says BreachQuest’s Marco Figueroa. Read the original article: Staff Think Conti Group…

Read more →

This article has been indexed from Threatpost They’re choosing sides in the Russia-Ukraine war, beckoning previously shunned ransomware groups and thereby reinvigorating those groups’ once-diminished power. Read the original article: Cybercrooks’ Political In-Fighting Threatens the West

Read more →

This article has been indexed from Threatpost The country’s citizens are being blocked from the internet because foreign certificate authorities can’t accept payments due to Ukraine-related sanctions, so it created its own CA. Read the original article: Russia Issues Its Own…

Read more →

This article has been indexed from Threatpost The credential-stealing trash panda is using the chat app to store and update C2 addresses as crooks find creative new ways to distribute the malware. Read the original article: Raccoon Stealer Crawls Into…

Read more →

This article has been indexed from Threatpost Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep’s clothing that grabs your cryptocurrency info instead. Read the original article: Malware Posing as Russia…

Read more →

This article has been indexed from Threatpost A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways. Read the original article: Most Orgs Would Take Security Bugs…

Read more →

This article has been indexed from Threatpost Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles. Read the original article: Multi-Ransomwared Victims Have…

Read more →

This article has been indexed from Threatpost FinCEN warns financial institutions to beware of unusual cryptocurrency payments or illegal transactions Russia may use to evade restrictions imposed due to its invasion of Ukraine. Read the original article: Russia May Use…

Read more →

This article has been indexed from Threatpost The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things. Read the original article: Qakbot Botnet Sprouts Fangs, Injects Malware…

Read more →

This article has been indexed from Threatpost The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks. Read the original article: APT41 Spies Broke Into 6 US State Networks…

Read more →

This article has been indexed from Threatpost Customers aren’t locking down access correctly, leading to ~70 percent of ServiceNow implementations being vulnerable to malicious data extraction. Read the original article: Most ServiceNow Instances Misconfigured, Exposed

Read more →

This article has been indexed from Threatpost Also on the rise: DDoS attacks against Ukrainian sites and phishing activity capitalizing on the conflict, with China’s Mustang Panda targeting Europe. Read the original article: Russian APTs Furiously Phish Ukraine – Google

Read more →

This article has been indexed from Threatpost The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug. Read the original article: Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch…

Read more →

This article has been indexed from Threatpost The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure. Read the original article: Zero-Click Flaws in Widely Used UPS…

Read more →

This article has been indexed from Threatpost While IT automation is growing, big challenges remain. Chris Hass, director of information security and research at Automox, discusses how the future looks. Read the original article: The Uncertain Future of IT Automation

Read more →

This article has been indexed from Threatpost A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel. Read the original article: Bug in the Linux Kernel Allows Privilege Escalation, Container Escape

Read more →

This article has been indexed from Threatpost Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers. Read the original article: Novel Attack Turns Amazon Devices Against Themselves

Read more →

This article has been indexed from Threatpost The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked. Read the original article: Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak

Read more →

This article has been indexed from Threatpost NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Read the original article: NVIDIA’s Stolen Code-Signing Certs Used to…

Read more →

This article has been indexed from Threatpost Nvidia certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Read the original article: Nvidia’s Stolen Code-Signing Certs Used to…

Read more →

This article has been indexed from Threatpost Both vulnerabilities are use-after-free issues in Mozilla’s popular web browser. Read the original article: Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape

Read more →

This article has been indexed from Threatpost Notes threatening to tank targeted companies’ stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL. Read the original article: Massive Meris Botnet…

Read more →

This article has been indexed from Threatpost Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists. Read the original article: Free HermeticRansom Ransomware Decryptor Released

Read more →

This article has been indexed from Threatpost A military email address was used to distribute malicious email macros among EU personnel helping Ukrainians. Read the original article: Phishing Campaign Targeted Those Aiding Ukraine Refugees

Read more →

This article has been indexed from Threatpost It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.…

Read more →

This article has been indexed from Threatpost Stock the liquor cabinet and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.” Read the original article: Securing Data With a Frenzied Remote Workforce–Podcast

Read more →

This article has been indexed from Threatpost Malicious Google Play apps have circumvented censorship by hiding trojans in software updates. Read the original article: TeaBot Trojan Haunts Google Play Store, Again

Read more →

This article has been indexed from Threatpost The decryptor spilled by ContiLeaks won’t work with recent victims. Conti couldn’t care less: It’s still operating just fine. Still, the dump is a bouquet’s worth of intel. Read the original article: Conti…

Read more →

This article has been indexed from Threatpost The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that’s found in a massive number of VoIP implementations. Read the original article: RCE Bugs in…

Read more →

This article has been indexed from Threatpost The flaws are in the ubiquitous open-source PJSIP multimedia communication library, used by the Asterisk PBX toolkit that’s found in a massive number of VoIP implementations. Read the original article: RCE Bugs in…

Read more →

This article has been indexed from Threatpost Via node-hopping, the espionage tool can reach computers that aren’t even connected to the internet. Read the original article: Daxin Espionage Backdoor Ups the Ante on Chinese Malware

Read more →

This article has been indexed from Threatpost Microsoft detected cyberattacks launched against Ukraine hours before Russia’s tanks and missiles began to pummel the country last week. Read the original article: Ukraine Hit with Novel ‘FoxBlade’ Trojan Hours Before Invasion

Read more →

This article has been indexed from Threatpost Malicious emails warning Microsoft users of “unusual sign-on activity” from Russia are looking to capitalizing on the Ukrainian crisis. Read the original article: Microsoft Accounts Targeted by Russian-Themed Credential Harvesting

Read more →

This article has been indexed from Threatpost A pro-Ukraine Conti member spilled 13 months of the ransomware group’s chats, while cyber actors are rushing to align with both sides. Read the original article: Ukraine-Russia Cyber Warzone Splits Cyber Underground

Read more →

This article has been indexed from Threatpost The plants will shut down on Tuesday, halting about a third of the company’s global production. Toyota doesn’t know how long the 14 plants will be unplugged. Read the original article: Toyota to…

Read more →

This article has been indexed from Threatpost The infamous trojan is likely making some major operational changes, researchers believe. Read the original article: TrickBot Takes a Break, Leaving Researchers Scratching Their Heads

Read more →

This article has been indexed from Threatpost The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs – including crooks’ favorites, ProxyShell and ProxyLogon – as initial infection vectors. Read the original article: Microsoft Exchange Bugs Exploited…

Read more →

This article has been indexed from Threatpost Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge. Read the original article: 6 Cyber-Defense Steps to Take Now to…

Read more →

This article has been indexed from Threatpost The options reportedly included tampering with trains, electric service and internet connectivity, hampering Russia’s military operations in Ukraine. Read the original article: White House Denies Mulling Massive Cyberattacks Against Russia

Read more →

This article has been indexed from Threatpost Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout. Read the original article: The Harsh Truths of Cybersecurity in 2022, Part II

Read more →

This article has been indexed from Threatpost A pair of bugs in the Snap-owned tracking app reveal phone numbers and allow account hijacking. Read the original article: Zenly Social-Media App Bugs Allow Account Takeover

Read more →

This article has been indexed from Threatpost The SEO poisoning bot, capable of full system takeover, is actively taking over social media accounts, masquerading as popular games like Temple Run. Read the original article: Microsoft App Store Sizzling with New…

Read more →

This article has been indexed from Threatpost Demand for public Wi-Fi is on the rise. Usually free of charge, but there is a risk of expensive losses. Learn ways to protect yourself from cyber-threats. Read the original article: Web Filtering…

Read more →

This article has been indexed from Threatpost A targeted phishing attack takes aim at a major U.S. payments company. Read the original article: Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins

Read more →

This article has been indexed from Threatpost With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress…

Read more →

This article has been indexed from Threatpost One cryptography expert said that ‘serious flaws’ in the way Samsung phones encrypt sensitive material, as revealed by academics, are ’embarrassingly bad.’ Read the original article: Samsung Shattered Encryption on 100M Phones

Read more →

This article has been indexed from Threatpost Attackers are sending email blasts with malware links in embedded PDFs as a way to evade email filters, lying about having fictional "video evidence." Read the original article: Sextortion Rears Its Ugly Head…

Read more →

This article has been indexed from Threatpost Nothing like zombie campaigns: WannaCry’s old as dirt, and GandCrab threw in the towel years ago. They’re on auto-pilot at this point, researchers say. Read the original article: Creaky Old WannaCry, GandCrab Top…

Read more →

This article has been indexed from Threatpost The Conti gang breached the cookware giant’s network, prepping thousands of employees’ personal data for consumption by cybercrooks. Read the original article: Cyberattackers Cook Up Employee Personal Data Heist for Meyer

Read more →

This article has been indexed from Threatpost The overall number of attacks on mobile users is down, but they’re getting slicker, both in terms of malware functionality and vectors, researchers say. Read the original article: Gaming, Banking Trojans Dominate Mobile…

Read more →

This article has been indexed from Threatpost Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now. Read the original article: Xenomorph Malware…

Read more →

This article has been indexed from Threatpost Attackers took advantage of a smart-contract migration to swindle 17 users. Read the original article: NFT Investors Lose $1.7M in OpenSea Phishing Attack

Read more →

This article has been indexed from Threatpost Adobe updated its recent out-of-band security advisory to add another critical bug, while researchers put out a PoC for the one it emergency-fixed last weekend. Read the original article: New Critical RCE Bug…

Read more →

This article has been indexed from Threatpost An oversight in a WordPress plug-in exposes PII and authentication data to malicious insiders. Read the original article: Severe WordPress Plug-In UpdraftPlus Bug Threatens Backups

Read more →

This article has been indexed from Threatpost Researchers said a Jan. 27 attack that aired footage of opposition leaders calling for assassination of Iran’s Supreme Leader was a clumsy and unsophisticated wiper attack. Read the original article: Iranian State Broadcaster…

Read more →

This article has been indexed from Threatpost Kraken has already spread like wildfire, but in the past few months, the malware’s author has been tinkering away, adding more infostealers and backdoors. Read the original article: Baby Golang-Based Botnet Already Pulling…

Read more →

This article has been indexed from Threatpost On Tuesday, institutions central to Ukraine’s military and economy were hit with denial-of-service (DoS) attacks. Impact was limited, but the ramifications are not. Read the original article: Ukrainian DDoS Attacks Should Put US…

Read more →

This article has been indexed from Threatpost Threat actors are infiltrating the increasingly popular collaboration app to attach malicious files to chat threads that drop system-hijacking malware. Read the original article: Microsoft Teams Targeted With Takeover Trojans

Read more →

This article has been indexed from Threatpost When it comes to ensuring safe cloud app rollouts, there’s flat-out animosity between business shareholders. HackerOne’s Alex Rice and GitLab’s Johnathan Hunt share tips on quashing all the squabbling. Read the original article:…

Read more →

This article has been indexed from Threatpost The resurgent trojan has targeted 60 top companies to harvest credentials for a wide range of applications, with an eye to virulent follow-on attacks. Read the original article: TrickBot Ravages Customers of Amazon,…

Read more →

This article has been indexed from Threatpost The phishing attacks are spoofing LinkedIn to target ‘Great Resignation’ job hunters, who are also being preyed on by huge data-scraping bot attacks. Read the original article: Massive LinkedIn Phishing, Bot Attacks Feed…

Read more →

This article has been indexed from Threatpost A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS. Read the original article: Critical VMware Bugs Open ESXi, Fusion &…

Read more →

This article has been indexed from Threatpost On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren’t easy to track down, and it’s easy as pie to exploit. Read the original…

Read more →

This article has been indexed from Threatpost An ongoing malicious email campaign that includes macro-laden files and multiple layers of obfuscation has been active since late December. Read the original article: Emotet Now Spreading Through Malicious Excel Files

Read more →

This article has been indexed from Threatpost Researchers have never before seen SquirrelWaffle attackers use typosquatting to keep sending spam once a targeted Exchange server has been patched for ProxyLogon/ProxyShell. Read the original article: SquirrelWaffle Adds a Twist of Fraud…

Read more →

This article has been indexed from Threatpost The year’s 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems. Read the original article: Chrome Zero-Day Under Active…

Read more →

This article has been indexed from Threatpost Since 2017, the attacker has flung simple off-the-shelf malware in malicious email campaigns aimed at aviation, aerospace, transportation and defense. Read the original article: TA2541: APT Has Been Shooting RATs at Aviation for…

Read more →

This article has been indexed from Threatpost Hours before the Superbowl and two days after the FBI warned about the ransomware gang, BlackByte leaked what are purportedly the NFL team’s files. Read the original article: BlackByte Tackles the SF 49ers…

Read more →

This article has been indexed from Threatpost 35K+ players were exposed to an auto-updater that planted a trojan that choked performance for fellow modders and Colossal Order employees. Read the original article: ‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware

Read more →

This article has been indexed from Threatpost 35K+ players were exposed to an auto-updater that planted a trojan that choked performance for fellow modders and Colossal Order employees. Read the original article: ‘Cities: Skylines’ Modder Banned Over Hidden Malware

Read more →

This article has been indexed from Threatpost The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems. Read the original article: Adobe: Zero-Day Magento 2 RCE Bug Under…

Read more →

This article has been indexed from Threatpost A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview. Read the original article: Critical MQTT-Related Bugs Open Industrial…

Read more →

This article has been indexed from Threatpost The ‘ModifiedElephant’ threat actors are technically unimpressive, but they’ve evaded detection for a decade, hacking human rights advocates’ systems with dusty old keyloggers and off-the-shelf RATs. Read the original article: Cybercrooks Frame Targets…

Read more →

This article has been indexed from Threatpost A memory issue affects myriad iPhone, iPad and MacOS devices and allows attackers to execute arbitrary code after processing malicious web content. Read the original article: Apple Patches Actively Exploited WebKit Zero Day

Read more →

This article has been indexed from Threatpost The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer. Read the original article: Decryptor Keys Published…

Read more →

This article has been indexed from Threatpost The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts. Read the original article: Sharp SIM-Swapping Spike…

Read more →

This article has been indexed from Threatpost SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities,…

Read more →

This article has been indexed from Threatpost SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities,…

Read more →

This article has been indexed from Threatpost The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said. Read the original article:…

Read more →

This article has been indexed from Threatpost The living-off-the-land binary (LOLBin) is anchoring a rash of cyberattacks bent on evading security detection to drop Qbot and Lokibot. Read the original article: Cybercriminals Swarm Windows Utility Regsvr32 to Spread Malware

Read more →

This article has been indexed from Threatpost Sonya Duffin, ransomware and data-protection expert at Veritas Technologies, shares three steps organizations can take today to reduce cyberattack fallout. Read the original article: 3 Tips for Facing the Harsh Truths of Cybersecurity…

Read more →

This article has been indexed from Threatpost Crane Hassold, former FBI analyst turned director of threat intel at Abnormal Security, shares stories from his covert work with cyberattackers. Read the original article: Ex-Gumshoe Nabs Cybercrooks with FBI Tactics

Read more →

This article has been indexed from Threatpost Researchers from Proofpoint have spotted a new Middle East-targeted phishing campaign that delivers a novel malware dubbed NimbleMamba. Read the original article: MoleRats APT Flaunts New Trojan in Latest Cyberespionage Campaign

Read more →

This article has been indexed from Threatpost This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don’t delay to apply the patches, security experts said. Read the original article: No…

Read more →

This article has been indexed from Threatpost Attackers infiltrated the media giant’s network using BEC, while Microsoft moved to stop such attacks by blocking VBA macros in 5 Windows apps. Included: more ways to help stop BEC. Read the original…

Read more →

This article has been indexed from Threatpost Feb. 18 is the deadline to patch a bug that affects all unpatched versions of Windows 10 and requires zero user interaction to exploit. Read the original article: CISA Orders Federal Agencies to…

Read more →

This article has been indexed from Threatpost However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks. Read the original article: LockBit, BlackCat, Swissport, Oh My!…

Read more →

This article has been indexed from Threatpost Two powerful trojans with spyware and RAT capabilities are being delivered in side-by-side campaigns using a common infrastructure. Read the original article: Medusa Malware Joins Flubot’s Android Distribution Network

Read more →