BillQuick Billing App Rigged to Inflict Ransomware

A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware. Threat actors are picking…

SolarWinds APT Targets Tech Resellers in Latest Supply-Chain Cyberattacks

The Nobelium group, linked to Russia’s spy agency, is looking to use resellers as a path to infiltrate their valuable downstream customers – and it’s working. The SolarWinds attackers –…

Google Crushes YouTube Cookie-Stealing Channel Hijackers

Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off channels.  Google has caught and brushed off…

Lyceum APT Returns, This Time Targeting Tunisian Firms

The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It’s kept up attacks through 2021 and is working on…

Twitter Suspends Accounts Used to Snare Security Researchers

The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. Twitter has shuttered two accounts – @lagal1990 and @shiftrows13 –…

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack

Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for…

FreakOut Botnet Turns DVRs Into Monero Cryptominers

The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems. Threat group FreakOut’s Necro botnet has developed a new trick: infecting Visual Tools DVRs with a Monero…

Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign

Microsoft’s October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers. Today is Microsoft’s…

Incident Response: 5 Principles to Boost the Infosec/Legal Relationship

Effective cyber-incident response means working well with legal. Matt Dunn, associate managing director for cyber-risk at Kroll, lays out how to do it. As an information-security professional, would you feel…

Navy Warship’s Facebook Page Hacked to Stream ‘Age of Empires’ Gaming

The destroyer-class USS Kidd streamed hours of game play in a funny incident that has serious cybersecurity ramifications. The official Facebook page of a destroyer-class Navy warship, the USS Kidd,…