Malvertising attack distributes malicious Chrome extensions, backdoors
Researchers believe that the campaign has been active since 2018, and since then, the malware has been under development constantly. Cisco Talos researchers have identified malvertising campaigns using fake installers
FBI: Cuba ransomware group hit 49 critical infrastructure organizations
The FBI has released a new notice about the Cuba ransomware, explaining that the group has attacked “49 entities in five critical infrastructure sectors” and made at least $43.9 million
Ex Ubiquiti Developer Arrested for Data Theft
Ex Ubiquiti Developer Arrested for Data Theft A man from Oregon has been charged with stealing confidential data from his employer and secretly extorting the company for a $2m ransom while purporting
Sensitive information of 30k Florida healthcare workers exposed in unprotected database
More than 30,000 US healthcare workers’ personal information was recently exposed due to a non-password protected database, according to security researcher Jeremiah Fowler and a team of ethical hackers with
Pandemic-Influenced Car Shopping: Just Use the Manufacturer API
Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes. The pandemic has
Omicron Phishing Scam Already Spotted in UK
Omicron COVID-19 variant anxiety inspires new phishing scam offering fake NHS tests to steal data. The global pandemic has provided cover for all sorts of phishing scams over the past
Bill proposes suspension of instant payments in Brazilian state as crime surges
As crime increases in Brazil, a new bill is proposing the suspension of instant payments system Pix in the state of São Paulo. If signed into law, the proposals put
NSO Group tech reportedly used to hack US officials' iPhones
Written by AJ Vicens Dec 3, 2021 | CYBERSCOOP Nearly a dozen iPhones associated with U.S. State Department employees were hacked using spyware developed by Israel-based NSO Group, Reuters first
UK Government Fined Over Honors List Data Breach
UK Government Fined Over Honors List Data Breach The UK’s data watchdog has slapped the British government with a hefty fine for exposing the addresses of individuals chosen to receive honors. The
Hackers steal $120m from Badger Defi and $30m from MonoX
MonoX security breach was caused by a bug in smart contracts meanwhile Badger is still investigating the incident. Two DeFi projects BadgerDAO and MonoX are the latest victims of security
US Issues Cybersecurity Directive for Airlines and Railroads
US Issues Cybersecurity Directive for Airlines and Railroads Nearly all railroads and airlines in the United States have been ordered to report cybersecurity breaches to the federal government. Under the
What Are Your Top Cloud Security Challenges? Threatpost Poll
We want to know what your biggest cloud security concerns and challenges are, and how your company is dealing with them. Weigh in with our exclusive poll! There are myriad
The Justice Department is ramping up its crackdown on money mules
Written by Tonya Riley Dec 3, 2021 | CYBERSCOOP U.S. law enforcement recovered nearly $3.7 million in fraud proceeds and charged more than 30 individuals for their alleged involvement in
Phishing Actors Are Already Exploiting the Omicron COVID-19 Variant
As you might already know a new covid variant called Omicron has recently started spreading. On 26 November 2021, WHO designated the variant B.1.1.529 a variant of concern, named Omicron, on
Bitdefender Named a 2021 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms in North America
The Bitdefender team is excited to share that we have been named a ‘Customers’ Choice’ for North America in the 2021 Peer Insights ‘Voice of the Customer’: Endpoint Protection Platforms
Compromise assessment or threat hunting? What do organizations need?
Organizations worldwide are undergoing rapid digitization to keep up with the fast-paced world we live in today. While it is a good initiative, cloud computing and remote work setup have
What Is Privilege Escalation? Definition, Types and Examples
Privilege escalation might be a confusing cybersecurity term for many. That’s why in this article we’re going to shed a little bit more light on this topic. Keep reading to
There's been a big jump in crooks selling access to hacked networks. Ransomware gangs are their best customers
There’s been a surge in cyber criminals selling access to compromised corporate networks as hackers look to cash in on the demand for vulnerable networks from gangs looking to initiate ransomware
Threat Group Takes Aim Again at Cloud Platform Provider Zoho
Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio. State-backed adversaries expanded attacks against cloud platform company Zoho and its
It's a truly cruel scam. Here's the dramatic way Google is trying to stop it
The call comes. And your instinct is to react instantly. Screenshot by ZDNet We all think we’re invulnerable. Until life events — or callous cyberscamming sorts — prove otherwise. One
The In-house Zoho ServiceDesk Exploit Used to Drop Webshells
You may recall that we reported a while ago that state-backed advanced persistent threat (APT) organizations had been actively exploiting a significant hole in a Zoho single sign-on and password
Twitter and Meta Tackle Anti-Vaxxers and Chinese Disinformation
Twitter and Meta Tackle Anti-Vaxxers and Chinese Disinformation Social media giants Twitter and Meta have been forced to remove thousands of “inauthentic” accounts linked to state-backed disinformation campaigns and anti-vaxxer
Computing Security Awards 2021: Heimdal™ Wins AI and Machine Learning-Based Security of the Year
On the 18th of October, we announced that Heimdal™ is a finalist at the Computing Security Awards 2021. The voting is now closed and the winners are communicated. We are very proud
Misconfigured Database Leaks Info on 150K E-commerce Buyers
Misconfigured Database Leaks Info on 150K E-commerce Buyers Security researchers have found a misconfigured cloud-hosted database leaking over 300,000 records, including sensitive personal information on e-commerce buyers. A team at Safety
This password-stealing and keylogging malware is being spread through fake software downloads
Cyber criminals are using online adverts for fake versions of popular software to trick users into downloading three forms of malware – including a malicious browser extension with the same capabilites as trojan
Omicron Phishing Campaign Hits User Inboxes
Omicron Phishing Campaign Hits User Inboxes Online fraudsters have reacted quickly to news of a potentially new severe COVID-19 variant, with a carefully crafted phishing email campaign, according to observers.
Double Extortion Ransomware: The New Normal
With more and more businesses learning how to avoid paying huge amounts of money to ransomware actors by maintaining up-to-date backups and having disaster recovery plans in place, the number
Twitter removes another 3,000 state-backed accounts linked to six countries
Image: Nikolas Kokovlis/NurPhoto via Getty Images Twitter has removed another 3,465 state-backed accounts as part of efforts to limit the influence of information manipulation campaigns on the web. The social
Federal government refreshes digital transformation strategy and expands cyber hub trial
The federal government has released an updated digital government strategy as part of its goal to make Australia one of the top three digital governments in the world by 2025.
Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify
Trend Micro – Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify We looked into exploitation attempts we observed in the wild and the abuse of legitimate platforms Netlify
Colorado energy company loses 25 years of data after cyberattack, still rebuilding network
Colorado’s Delta-Montrose Electric Association (DMEA) is still struggling to recover from a devastating cyberattack last month that took down 90% of its internal systems and caused 25 years of historic
DHS: Cybersecurity coordinators and vulnerability assessments mandatory for rail companies
The Department of Homeland Security (DHS) announced two new cybersecurity directives handed down by the Transportation Security Administration (TSA) on Thursday designed to better protect freight railroads and passenger rail transit
Cyber-attack on Planned Parenthood
Cyber-attack on Planned Parenthood A cyber-attack on Planned Parenthood Los Angeles (PPLA) has resulted in the exposure of patients’ personally identifying information (PII). The agency said in a notice posted to its
Phishing Scam Targets Military Families
Phishing Scam Targets Military Families Threat researchers at Lookout are helping to take down a phishing campaign that has been targeting members of the United States military and their families. The scammers
Meta expanding Facebook security program for government officials, journalists, activists
Meta announced on Thursday that it is expanding its Facebook Protect service — which provides specialized security services for certain Facebook accounts being targeted by hackers — to more countries.
‘Double-Extortion’ Ransomware Data Leaks Skyrocket 935%
Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found. The ransomware business is booming, and feeble corporate security and a flourishing
Planned Parenthood Breach Opens Patients to Follow-On Attacks
Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures, and/or prescription information. Planned Parenthood’s Los Angeles (PPLA) division has been
Holiday Season Fraud Fear Higher this Year
Holiday Season Fraud Fear Higher this Year A quarter of consumers are more worried about becoming a victim of e-commerce fraud this holiday season than they were during last year’s
Planned Parenthood LA announces ransomware incident, healthcare info of 400,000 patients leaked
Planned Parenthood Los Angeles has sent out breach notification letters to about 400,000 patients after the organization suffered from a ransomware incident between October 9 and October 17. ZDNet Recommends
Planned Parenthood data breach: Hackers steal 400,000 patients’ data
According to Planned Parenthood, the latest data breach has affected its Los Angeles branch (PPLA) after it suffered a ransomware attack. On Wednesday, December 1st, 2021 Planned Parenthood, the non-profit
AT&T Takes Steps to Mitigate Botnet Found Inside Its Network
AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem. AT&T is taking action to take down a botnet
Former Ubiquiti Employee Charged with Data Theft
Ubiquiti Inc. is a technology company based in San Jose, California created in 2003. Having its headquarters in New York City, Ubiquiti produces and distributes wireless data transmission and wired
Former Ubiquiti employee charged with stealing data, extorting employer
Written by Tonya Riley Dec 2, 2021 | CYBERSCOOP The FBI arrested a former employee of a U.S. technology company for allegedly breaching and stealing confidential data from his employer
Bogus Android App Steals Banking Credentials from Malaysian Individuals
Customers of eight Malaysian banks have had their online banking credentials stolen via a bogus Android app posing as a housekeeping service. Initially noticed by MalwareHunterTeam last week and later
Facebook's Meta says bad actors are changing tactics as it takes down six more groups
Meta has detailed takedowns of what it described as six ‘adversarial networks’ from across the world that were using Facebook for behaviour including spreading false information, harassment and trying to
Hackers are turning to this simple technique to install their malware on PCs
Nation state-backed hacking groups are exploiting a simple but effective new technique to power phishing campaigns for spreading malware and stealing information that’s of interest to their governments. Cybersecurity researchers at Proofpoint say
Planned Parenthood LA Impacted by Ransomware Attack that Led to Data Breach
Planned Parenthood LA or also known under the acronym PPLA, a provider of healthcare services in Los Angeles County, has revealed that it suffered a data breach following an October
Fake Adobe Windows App Installer Packages Are Distributing the Emotet Malware
Emotet is a malware known as a banking Trojan. Malspam, which are spam emails that contain malware, is the primary means by which it spreads. To persuade consumers, these communications