Ransomware Dubbed Ranzy Locker Has Affected No Less Than 30 US Companies in 2021, FBI Reports
A flash alert was published on Monday by the Federal Bureau of Investigation emphasizing the effects Ranzy Locker ransomware has had over this year on US companies. According to the
1,000,000 Sites Affected by OptinMonster Vulnerabilities
WordFence – Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 28, 2021 the Wordfence
Secondary Infektion, a Russian disinformation outfit, impersonated Swedish lawmaker
Written by Jeff Stone Oct 27, 2021 | CYBERSCOOP A suspected Russian disinformation campaign used manipulated images and fabricated internet personas to promote false narratives online in an effort to
Not upgrading to iOS 15? Then you need to install this update now
Back when Apple first announced the iOS 15, it promised that users could choose to stay on iOS 14 if they wanted to and still get updates. Apple is delivering
Linux Foundation: confidential computing market to reach $54 billion in 2026
The confidential computing market is expected to reach $54 billion by 2026, according to a new market study from the Linux Foundation and the Confidential Computing Consortium. Conducted by Everest
Weeks early: Adobe dumps massive security patch update
Adobe has issued a vast security update targeting 14 products including Lightroom, Photoshop, and InDesign. On October 26, the tech giant issued over 80 patches for vulnerabilities including critical code
Cyberattack Cripples Iranian Fuel Distribution Network
The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens. An attack on the fuel distribution chain
Cyber Attack Cripples Iranian Fuel Distribution Network
The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens. An attack on the fuel distribution chain
Building Cybersecurity Resiliency – An Interview with a Threat Forensic Investigator
The threat landscape is changing. Crimeware, a class of malware designed specifically to automate cybercrime, is growing in prevalence. It’s often provided as a service or a pre-made, easy-to-execute kit
Break into the elite field of cybersecurity by learning Risk Management Frameworks
StackCommerce ZDNet Recommends Best security key 2021 While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level.
These phishing emails use QR codes to bypass defences and steal Microsoft 365 usernames and passwords
Cyber criminals are sending out phishing emails containing QR codes in a campaign designed to harvest login credentials for Microsoft 365 cloud applications. Usernames and passwords for enterprise cloud services like Microsoft
Lazarus Hacking Group Now Focusing on IT Supply Chain Attacks
Lazarus Group, the Advanced Persistent Threat (APT) hacking group linked to the North Korean government, has shifted its attention to new targets, with cybersecurity researchers noticing that the actor is
Iranian Gas Stations Unable to Operate After Massive Cyberattack
The National Iranian Oil Products Distribution Company (NIOPDC) was founded in 1928 and has been in charge of the supply and distribution of oil products for almost 80 years. The
Meet Balikbayan Foxes: a threat group impersonating the Philippine gov't
Proofpoint has uncovered a new, “highly active” threat group that is impersonating the Philippine government and businesses to spread Trojan malware. On Wednesday, researchers Selena Larson and Joe Wise said
Microsoft warns over uptick in password spraying attacks
Cyber attackers aren’t just looking for software flaws, supply chain weakness, and open RDP connections. The other key asset hackers are after is identities, especially account details that will give
Microsoft warns over uptick in password spraying attacks
Cyber attackers aren’t just looking for software flaws, supply chain weakness, and open RDP connections. The other key asset hackers are after is identities, especially account details that will give
HM Treasury Hit by Five Million Malicious Emails in Past Three Years
HM Treasury Hit by Five Million Malicious Emails in Past Three Years Her Majesty’s Treasury, the UK government department responsible for the nation’s economic policy, has been hit by nearly
EPP EDR: What Is Each and How They Differ
When it comes to cybersecurity incidents, your company’s endpoints are some of the most important IT assets you want to monitor and protect. The massive increase in remote work due
70% of WiFi Networks Cracked by Researcher to Show Their Lack of Security
A researcher wanted to prove that a hacker could hijack a home network with ease by exploiting their lack of security, so he cracked 70% of a 5,000 WiFi network
Triada Trojan Conceals Itself in WhatsApp Mod
Security Intelligence – Triada Trojan Conceals Itself in WhatsApp Mod A variant of the Triada Trojan concealed itself within a WhatsApp mod for Android devices, Kaspersky found in August. What
North Korean Lazarus APT Targets Software Supply Chain
North Korean Lazarus APT Targets Software Supply Chain A notorious North Korean APT group has been observed compromising the software supply chain, in campaigns reminiscent of the attacks on SolarWinds
Ofcom's Scam Call-Blocking Plan Could Save Consumers Millions
Ofcom's Scam Call-Blocking Plan Could Save Consumers Millions A plan by the UK telecoms regulator to block scam calls from abroad could save consumers nearly £10m annually in money lost
Digital Extortionists DDoS VoIP Providers
Digital Extortionists DDoS VoIP Providers A trade body has warned of a major DDoS attack campaign designed to extort money from global Voice over IP (VoIP) providers. Comms Council UK,
QuintessenceLabs raises AU$25m to take quantum-based cyber solutions global
Canberra-based quantum cybersecurity solutions firm QuintessenceLabs (QLabs) has completed a AU$25 million series B funding round that will be used to expand the company globally and more than double its
FCC kicks China Telecom out of United States
Image: Getty Images The United States Federal Communications Commission (FCC) has removed the authority of China Telecom to operate in the US, and given it 60 days to pack its
Australia launches new initiative for blocking scam government texts
The federal government has launched a new initiative to block scam text messages posing as legitimate government sender IDs. The new initiative was launched following a year-long pilot program that
Leverage Virtual Patching to Prevent Network Threats
Trend Micro – Understanding IPS Patching An intrusion prevention system (IPS) acts as a security mechanism to detect and prevent network threats. The system accomplishes this by scanning network traffic
SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike
Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader. SquirrelWaffle,
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there’s no guarantee that Azure or AWS are delivering services in a hardened
F5 beats Wall Street expectations for Q4, capping strong 2021
Application security company F5 Networks delivered better-than-expected fourth-quarter financial results, reporting non-GAAP net income of $185 million, or $3.01 per diluted share, on revenue of non-GAAP $617 million. The fourth-quarter
State Department to Form Cyber Bureau
State Department to Form Cyber Bureau The United States is planning to create a new government department that will deal with matters of digital policy and cybersecurity. On Monday, Secretary
Lazarus Attackers Turn to the IT Supply Chain
Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank. Lazarus
150 Arrested Over Darknet Drug Trafficking
150 Arrested Over Darknet Drug Trafficking An international law enforcement action has led to the arrest of 150 individuals worldwide on suspicion of buying or selling illicit goods on the
Scammers are emailing waves of unsolicited QR codes, aiming to steal Microsoft users' passwords
Written by AJ Vicens Oct 26, 2021 | CYBERSCOOP Email fraudsters are seizing on the attention around the quick response codes that have become more common in restaurants and stories,
Why the Next-Generation of Application Security Is Needed
New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here. By David
Study Coordinator Falsified Clinical Trial Data
Study Coordinator Falsified Clinical Trial Data A man from Colorado is facing a maximum prison sentence of 20 years after admitting to falsifying clinical trial data. Duniel Tejeda, formerly of
Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware
Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.” Musical instruments, motorcycle parts and now malware — Craigslist really does have it all. The
Millions of Android devices abused by UltimaSMS Adware Scam
The UltimaSMS Adware scam is abusing Android apps to subscribe users to premium SMS services that charge up to $40/month depending on their mobile carrier and geographic location. Avast researchers
DOJ, Europol arrest hundreds as part of international darknet drug operation
DOJ The Justice Department, Europol and dozens of police forces worldwide announced hundreds of arrests and the seizure of $31 million as part of operation Dark HunTOR — an effort
Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users
The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet. Mozilla’s Firefox team has blocked add-ons that were abusing the proxy API in order
The Discovery of a Polygon Vulnerability Rewarded with a Prize to the Tune of $2 Million
A bug bounty reward worth $2 Million went to researcher Gerhard Wagner based on his discovery of a critical flaw located in Polygon’s Plasma Bridge. If successfully exploited, this Polygon
CISA warns of remote code execution vulnerability with Discourse
Open Source CISA urged developers to update Discourse versions 2.7.8 and earlier in a notice sent out on Sunday, warning that a remote code execution vulnerability was tagged as “critical.”
Almost All US Organizations Experienced a Cyber Event in the Past Year
Almost All US Organizations Experienced a Cyber Event in the Past Year Almost all (98%) US-based organizations experienced at least one cyber event in the past year, according to Deloitte’s 2021 Future
Site Deletion Vulnerability in Hashthemes Plugin
WordFence – Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 25, 2021, the Wordfence
UltimaSMS Subscription Fraud Campaign Targeted Android Users
The campaign was detected by Avast researchers, who dubbed it ‘UltimaSMS’, and also reported 80 related applications on the Google Play Store. Despite the fact that Google promptly deleted the applications,
Admins Urged by CISA to Patch Critical RCE Bug Found in Discourse
A critical RCE flaw discovered in the open-source Internet forum Discourse tracked as CVE-2021-41163, has been addressed in an urgent update on Friday. What Is Discourse? Discourse, which was founded in
Iranian state media blames hack for apparent fuel shortage, the latest incident to draw attention
Written by Jeff Stone Oct 26, 2021 | CYBERSCOOP Iranian officials say a cyberattack has forced the temporary closure of a government system that manages fuel subsidies, rendering it difficult
These ransomware criminals lost millions of dollars in payments when researchers secretly found mistakes in their code
A major ransomware operation was prevented from making millions of dollars after cybersecurity researchers discovered a flaw in the ransomware that enabled encrypted files to be recovered without paying a ransom to