Two Active Directory Bugs Lead to Easy Windows Domain Takeover
Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12. A proof-of-concept tool has been published that leverages
The AV Comparatives Leaderboard Is Not As Crowded As It Seems
Three things matter the most when defending an organization against cyber threats: effectiveness, accuracy, and consistency. While effectiveness is well understood and refers to the overall ability of a security
Understanding Software Supply Chain and How to Secure It
Some organizations and developers use third-party resources rather than writing software from scratch. Engineers may speed up development and save manufacturing costs by adopting pre-built libraries and open source components,
Report: Research ties Pegasus spyware on phone Jamal Khashoggi’s wife to UAE agents
Written by Tonya Riley Dec 21, 2021 | CYBERSCOOP United Arab Emirates agents loaded Pegasus spyware on the phone of journalist Jamal Khashoggi’s wife months before his death, the Washington
Have I Been Pwned Receives 585 M Passwords from the UK Government
The service that allows users to verify if their login data was made public, named Have I Been Pwned (HIBP), has been recently helped to expand their database of passwords
Ransomware Threat Just as Urgent as Terrorism, Say Two-Thirds of IT Pros
Ransomware Threat Just as Urgent as Terrorism, Say Two-Thirds of IT Pros Nearly two-thirds (60%) of security professionals believe the threat of ransomware should be treated with the same urgency
FBI: Another Zoho ManageEngine Zero-Day Under Active Attack
APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence. Another Zoho ManageEngine zero-day vulnerability is under active attack
21 Billion Scam Calls Were Blocked by T-Mobile This Year
T-Mobile is the brand name used by Deutsche Telekom AG’s mobile communications companies. The brand is also present in the Czech Republic, the Netherlands, Poland, and the United States. What
FBI: Hackers are actively exploiting this flaw on ManageEngine Desktop Central servers
The FBI’s cyber division has issued an alert warning enterprises using Zoho-owned ManageEngine’s Desktop Central that advanced attackers have been exploiting a flaw to install malware since late October. Zoho
Meta Sues Threat Actors Responsible for the Phishing Scams Ran on Its Platforms
Yesterday, Meta, formerly known as Facebook, confirmed that it had pressed charges against cybercriminals who targeted its users with phishing scams on Facebook, Messenger, Instagram, and WhatsApp. The Phishing Campaign
Log4j flaw: 10 questions you need to be asking
The UK National Cyber Security Centre (NCSC) is urging company boards to start asking key questions about how prepared they are to mitigate and remediate the widespread, critical Log4Shell flaw
Zoho Zero-Day Exploited by State Threat Actors Since October, FBI Says
According to a flash alert published by the Federal Bureau of Investigation (FBI) on the 17th of December, state-backed cybercriminals groups are actively exploiting a Zoho zero-day since the month
Dridex Malware Installed With the Help of Log4j Vulnerability
The Dridex malware is a banking trojan that was originally designed to steal victims’ online banking credentials but has since evolved into a loader that downloads various modules that can
Police found 225 million stolen passwords hidden on a hacked cloud server. Is yours one of them?
The UK National Crime Agency (NCA) and National Cyber Crime Unit (NCCU) have discovered a 225 million cache of stolen emails and passwords and handed them to HaveIBeenPwned (HIBP), the
Meta Sues to Disrupt Prolific Phishing Campaign
Meta Sues to Disrupt Prolific Phishing Campaign Facebook’s parent company is taking legal action again in a bid to tackle the scourge of phishing – in particular, a campaign abusing
UK Cyber Cops Share 225 Million Passwords with Breach Site
UK Cyber Cops Share 225 Million Passwords with Breach Site UK cyber investigators have handed over 225 million stolen passwords to a popular data breach checking website, significantly expanding its
British Council Struck by Two Ransomware Attacks in Five Years
British Council Struck by Two Ransomware Attacks in Five Years A major UK public body has fallen victim to two successful ransomware attacks over the past five years, official figures
Scam Phishing Network Costs Victims $80m Per Month
Scam Phishing Network Costs Victims $80m Per Month Researchers have uncovered a sophisticated phishing campaign estimated to cost millions of global victims around $80m per month. Security vendor Group-IB claimed
How to detect Apache HTTP Server Exploitation
Trend Micro – In the above two requests and responses, we see the attacker fingerprinting vulnerable servers by running the ‘echo’ command. We observed successful exploitation attempts which led to
Cybersecurity company identifies months-long attack on US federal commission
The United States Commission on International Religious Freedom (USCIRF) has been hit with a cyberattack, according to cybersecurity firm Avast. Avast did not identify the federal agency affected but The
Nurse Arrested in Hacking Investigation
Nurse Arrested in Hacking Investigation Detectives investigating a hacking incident at a Florida college have charged a former nurse with possessing child sexual abuse material (CSAM). An investigation was launched
Conti Ransomware Gang Has Full Log4Shell Attack Chain
Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain. The Conti ransomware gang, which last week became the first professional crimeware
Belgian Defense Ministry confirms cyberattack through Log4j exploitation
The Belgian Ministry of Defense has confirmed a cyberattack on its networks that involved the Log4j vulnerability. In a statement, the Defense Ministry said it discovered an attack on its computer
Cyber-Attack Impacts Aussie Companies
Cyber-Attack Impacts Aussie Companies A cyber-attack on Australian recruitment company Finite Group is impacting both companies and government agencies across the country. Finite was compromised by threat actors in October in an incident
Cybersecurity company ZeroFox acquires IDX, merges with L&F to create $1.4 billion entity
SaaS cybersecurity company ZeroFox said on Monday that it has completed a deal to acquire digital privacy protection platform IDX and merge with special purpose acquisition company L&F Acquisition Corp.
Hackers Can Penetrate 93% of Local Networks
Hackers Can Penetrate 93% of Local Networks Cyber-attackers can breach 93% of organizations’ network perimeters and gain access to their resources, according to new research from Positive Technologies. The study showed results from
Tech Companies to Protect Data on Undersea Cable
Tech Companies to Protect Data on Undersea Cable American companies Google and Meta have agreed to protect data traveling on an undersea fiber-optic cable system that will connect the United
Robocalls More Than Doubled in 2021, Cost Victims $30B
T-Mobile reported blocking 21 billion scam calls during a record-smashing year for robocalls. No surprise to anyone with a phone: Robocalls are rampant. In fact, the number of scam calls
After ransomware attack, global logistics firm Hellmann warns of scam calls and mail
German logistics giant Hellmann has warned its customers and partners to be on the lookout for fraudulent calls and mail after the company was hit with a ransomware attack two
Scammers Netted $7.7 Billion worth of Cryptocurrency in 2021
A new report confirms that cryptocurrency-based crimes posed “one of the biggest threats to cryptocurrency’s continued adoption.” Blockchain analysis firm Chainanalysis has revealed startling details about the devastation cybercriminals managed
Russian national accused of hacking, illegal trading is extradited to US
Written by AJ Vicens Dec 20, 2021 | CYBERSCOOP A Russian national accused of hacking into U.S. company networks, stealing non-public information, and then trading stocks based on that information
$30 million stolen from DeFi protocol Grim Finance, audit firm apologizes for missing vulnerability
DeFi protocol Grim Finance said about $30 million was stolen this weekend by hackers exploiting a vulnerability in their platform. In a statement posted to Twitter on Saturday, Grim Finance
Avast found backdoor in US Federal Agency Network
Avast Threat Intelligence Team stated that it tried to notify the agency about the intrusion but didn’t receive any favorable response, which is why it decided to disclose its findings.
Third Log4J Bug Can Trigger DoS; Apache Issues Patch
The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI. No,
The TellYouThePass Ransomware Reappeared After the Windows Log4j Attacks
Tellyouthepass ransomware, commonly known as the.locked Files Virus, encrypts data and demands payment as a ransom to restore it. The.locked Files Virus will encrypt a text file with ransomware instructions
Ruled by algorithms, gig workers remain powerless against automated decision-making
Gig workers are being denied access to their personal data outright and are unable to challenge the outcome of automated decision-making systems Image: iStock/ Borislav “Weakly enforced” data protection laws
4 Ways Cybercriminals Exploit Remote Teams
Working from home (WFH) is not a piece of cake especially when cybercriminals exploited every possible vulnerability to break into your workstation. Cybercriminals are improving and refining their methods for
Intruders leverage Log4j flaw to breach Belgian Defense Department
Written by Tonya Riley Dec 20, 2021 | CYBERSCOOP Parts of the Belgian Defense Ministry’s computer networks have been down since Thursday after a cyber incident in which attackers exploited
Free Cybersecurity and Infrastructure Security Agency (CISA) ransomware resources to help reduce your risk
The Cybersecurity and Infrastructure Security Agency (or CISA) exists and is committed to helping U.S. state, local, territorial and tribal (SLTT) governments defend against cyber risk and collaborate to build
Spider-Man Fans, Watch Out! You Might Become the Next Victim in a New Phishing Campaign
The superhero movie Spider-Man: No Way Home finally came out on Friday, December 17, and has already become the third biggest global debut weekend of all time, with Marvel fans
The DarkWatchman Malware Was Found Hidden in Windows Registry
DarkWatchman was initially spotted in early November when the threat actor started distributing the malware via phishing emails with malicious ZIP files; the ZIP files have included an executable file that
Facebook Aka Meta Bans Seven Spy-For-Hire Entities
Meta published a report on the 16th of December, named “Threat Report on the Surveillance-for-Hire Industry”, where it announced that it banned six alleged entities and a Chinese law enforcement
Scammers grabbed $7.7 billion worth of cryptocurrency in 2021, say researchers
Cryptocurrency-based scammers and cyber criminals netted a whopping $7.7 billion worth of cryptocurrency from victims in 2021, marking an 81% rise in losses compared to 2020, according to blockchain analysis
Ransomware Gang Publish Confidential Police Data on the Dark Web
Ransomware Gang Publish Confidential Police Data on the Dark Web The Clop ransomware gang has published confidential data held by UK police on the dark web, according to reports over
Ukrainian War Games Test Electricity Grid
Ukrainian War Games Test Electricity Grid Hundreds of Ukrainian cyber experts have taken part in a large-scale incident response exercise against the country’s energy grid as geopolitical tensions with Russian
What is Cyber Insurance? (and how do I know if i need it?)
Part of the responsibility of being a leader in risk management or cybersecurity isn’t just to prevent an attack, it’s to minimize damage and mitigate the extent of an attack
Execs Get 16+ Years After SBA Fraud Scheme
Execs Get 16+ Years After SBA Fraud Scheme Four Indianapolis executives have been sentenced to over 16 years behind bars for their part in a 13-year fraud scheme that targeted
New Log4j Patch Released to Fix DoS Flaw
New Log4j Patch Released to Fix DoS Flaw Apache has released a new patch for Log4j to mitigate a high severity vulnerability, as researchers separately found a new attack vector