Colonial Pipeline forked over $4.4M to end cyberattack – but is paying a ransom ever the ethical thing to do?
Padlokr – What would happen if companies stopped paying ransoms? Liu Jie/Xinhua via Getty Images Scott Shackelford, Indiana University and Megan Wade, Indiana University It took little over two hours
Digital tech is the future, but a new report shows Australia risks being left in the past
Padlokr – Headway/Unsplash.com, CC BY-SA Shazia Sadiq, The University of Queensland and Thas Ampalavanapillai Nirmalathas, The University of Melbourne Digital technologies are now at the heart of our everyday lives,
‘What is my IP address?’ Explaining one of the world’s most Googled questions
Padlokr – Shutterstock Paul Haskell-Dowland, Edith Cowan University and Bogdan Ghita, University of Plymouth What is my IP? It’s an odd question in most people’s minds, yet it’s one of
Being bombarded with delivery and post office text scams? Here’s why — and what can be done
Padlokr – ScamWatch Ismini Vasileiou, De Montfort University and Paul Haskell-Dowland, Edith Cowan University For most people, the ping of an incoming SMS will induce some level of excitement —
Keep Attackers Out of VPNs: Feds Offer Guidance
The NSA and CISA issued recommendations on choosing and hardening VPNs to prevent nation-state APTs from weaponizing flaws & CVEs to break into protected networks. Unsecured VPNs can be a
Top 5 Healthcare Cyber Attacks and Threats
Even before the novel coronavirus pandemic, which forced healthcare organizations to shift to provide patients remote care and telemedicine rapidly, the healthcare industry had already embraced the cloud, as well
NSA, CISA Release Guidelines to Secure VPNs
State-backed hackers have been constantly exploiting vulnerabilities in VPNs to breach critical cyberinfrastructure in the United States, agencies have warned. The National Security Agency (NSA) and the Department of Homeland
'Almost every nation' now has cyber vulnerability exploitation program, NSA official says
Written by Tim Starks Sep 29, 2021 | CYBERSCOOP Nearly every country on the planet now has a program to exploit digital vulnerabilities, a top National Security Agency cyber official
Apple AirTag Zero-Day Weaponizes Trackers
Apple’s personal item-tracker devices can be used to deliver malware, slurp credentials, steal tokens and more thanks to XSS. An unpatched stored cross-site scripting (XSS) bug in Apple’s AirTag “Lost
Telegram Bots Stealing One-Time Passwords
So far two Telegram bots called SMSRanger and BloodOTPbot have been found taking part in this malicious campaign. Intel 471 researchers report that Telegram-powered bots are the hot favorites of
GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride
The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques. More than 10 million Android users have been saddled with a malware called GriftHorse
Ransomware gangs are starting more drama on cybercrime forums, upending 'honor among thieves' conventions
Written by Tonya Riley Sep 29, 2021 | CYBERSCOOP When ransomware group REvil reappeared in September after a nearly two-month downtime, its return was met with a less-than-friendly reception on the
High-Severity Vulnerabilities Now Take Nearly 250 Days to Remediate, Survey Finds
Security Intelligence – High-Severity Vulnerabilities Now Take Nearly 250 Days to Remediate, Survey Finds Businesses and agencies today are spending an average of about 250 days to remediate high-severity risks,
Conti Ransomware Expands Ability to Blow Up Backups
The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software. Good at identifying and obliterating backups? Speak Russian? The notorious Conti ransomware group may
SAS 2021: ‘Tomiris’ Backdoor Linked to SolarWinds Malware
Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks. Researchers have discovered a campaign delivering a previously unknown backdoor
TA544 threat actors hit Italian firms with Ursnif banking trojan
The IT security researchers at Proofpoint have discovered a new malware campaign in which threat actors from a group called TA544 are targeting organizations in Italy with Ursnif banking trojan.
PHP_SELFish Part 2 – Reflected XSS in Easy Social Icons
WordFence – Today’s post is part two of a two part blog post. It describes a cross site scripting vulnerability in the Easy Social Icons plugin that exploits the PHP_SELF
Sophisticated Cyberattack Hits GiantPay
GiantPay, the UK umbrella payroll enterprise has recently confirmed being a victim of a complex cyberattack. The GiantPay cyberattack is referred to as “sophisticated”. The GiantPay Cyberattack: More Details The
Threat Actors Weaponize Telegram Bots to Compromise PayPal Accounts
A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others. Cybercriminals are using Telegram bots to steal one-time password tokens (OTPs)
Windows Boot Manager Hijacked by FinFisher Malware
The FinFisher surveillance solution was developed by the Gamma Group but it also comes with malware-like capabilities often found in spyware strains. Its creator claims it is only offered to government
A Working Exploit for the CVE-2021-22005 Flaw in VMware vCenter Was Publicly Released
A working exploit for the Remote Code Execution (RCE) vulnerability in VMware vCenter tracked as CVE-2021-22005 has been publicly released. According to security experts, the bug is already exploited by
Pingback malware: How it works and how to prevent it
A new malware called pingback that uses ICMP for communicating with its C2 server was discovered by researchers recently. In this article, we will understand how this malware can bypass
Bitdefender Threat Debrief | August 2021
The Bitdefender Threat Debrief (BDTD) is a monthly series analyzing ransomware news, trends, and research from the previous month. Read the debut issue (July 2021) here. Highlight of the month:
Illegitimate Call Centers Defrauding Foreign Cryptocurrency Investors Were Taken Down by SSU
Security Service of Ukraine (SSU) experts have taken down an illegitimate network of call centers located in Lviv. Scammers used the centralized offices to steal money from foreigners who thought
NSA and CISA Release Security Tips Regarding VPN Security
The National Security Agency (NSA) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued guidance for strengthening the security of virtual private network (VPN) services. The document was
Ransomware Explained. What It Is and How It Works
Every day, cybersecurity specialists detect over 200,000 new ransomware strains. This means that each minute brings no less than 140 strains capable of avoiding detection and inflicting irreparable damage. But
What Is RBAC? Role-Based Access Control Definition, Benefits, Best Practices, and Examples
Role-Based Access Control (RBAC), also known as role-based security, is a method that restricts system access to authorized users based on their role within an organization. In order to protect
FormBook Adds Latest Office 365 0-Day Vulnerability (CVE-2021-40444) to Its Arsenal
Trend Micro – FormBook Adds Latest Office 365 0-Day Vulnerability CVE-2021-40444 to Its Arsenal Exploits & Vulnerabilities Trend Micro detected a new campaign using a recent version of the known
5 Personal Cyber Security Tips
Cyber attacks are evolving, thanks to cybercriminals who are equipping themselves with new skills and capabilities – In this scenario, from business to an unsuspecting internet user; learning about cyber
How to Prevent Account Takeovers in 2021
Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers. Read More: https://threatpost.com/protect-account-takeover-cyberattacks/175090/
Microsoft warns of Nobelium hackers using FoggyWeb backdoor
Microsoft has warned of a new FoggyWeb backdoor being used by Nobelium, the same state-sponsored hacking group believed to be responsible for SolarWinds supply-chain attacks. According to Microsoft, the notorious
NSA, CISA share guidelines for securing VPNs as hacking groups keep busy
Cautioning that foreign government-backed hackers are actively exploiting vulnerabilities in virtual private network devices, the National Security Agency and the Department of Homeland Security’s cyber wing on Tuesday published guidelines
Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts
The BloodyStealer trojan helps cyberattackers go after in-game goods and credits. Read More: https://threatpost.com/gamers-malware-steam-epic-ea-origin-accounts/175081/
SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever
A ‘nearly impossible to analyze’ version of the malware sports a bootkit and ‘steal-everything’ capabilities. Read More: https://threatpost.com/finspy-surveillance-kit/175068/
Bandwidth.com is latest victim of nonstop DDoS attacks against VoIP
Bandwidth.com has been suffering DDoS attacks for the past 3 days nonstop. Bandwidth.com is the newest victim of DDoS attacks, explicitly targeting voice over Internet Protocol (VoIP) services providers. According
PHP_SELFish Part 1 – Reflected XSS in underConstruction Plugin
WordFence – Today’s post is part one of a two part blog post. It describes a cross site scripting vulnerability that exploits the PHP_SELF variable. Tomorrow we will publish part
Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw
The unredacted RCE exploit allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service. Read More: https://threatpost.com/working-exploit-vmware-vcenter-cve-2021-22005/175059/
SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor
Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence. Read More: https://threatpost.com/solarwinds-active-directory-servers-foggyweb-backdoor/175056/
Android malware worm auto-spreads via WhatsApp messages
Fraudulent mobile applications are on the rise. One recent example is malware hidden on the Google Play marketplace in a fake application and capable of spreading itself via Whatsapp instant
Convicted scammer who had starring role in dispute between Russia, Israel unexpectedly deported
A convicted Russian scammer who was the focus of an international standoff was deported to his home country 14 months after receiving a long prison sentence in the U.S., Russian
New BloodyStealer malware steals data from gamers on EA, Epic, Steam
The BloodyStealer malware is being sold on Russian hacking forums while its capabilities include stealing gaming logs, login credentials, and much more. On Monday 27th, the IT security researchers at
New BloodyStealer malware steals data from gamers on EA, Epic, Stream
The BloodyStealer malware is being sold on Russian hacking forums while its capabilities include stealing gaming logs, login credentials, and much more. On Monday 27th, the IT security researchers at
Malicious Safepal Wallet Add-On Goes After Cryptocurrency
The crypto wallets have been lately a continuous target for hackers. Let’s remember the open-source repositories like PyPI and GitHub that were used to distribute malware related to crypto stealing
Critical Vulnerabilities Affecting QVR Video Surveillance Software Patched Up by QNAP
QNAP Systems, Inc., a Taiwanese corporation that specializes in Network-attached storage (NAS) appliances has fixed two critical-severity vulnerabilities affecting its QVR Video surveillance solution. When abused, these issues could perform
A Custom Malware Is Used by Nobelium APT to Backdoor Windows Domains
The Nobelium hacking group is using a new malware to deploy additional payloads and steal sensitive info from the Active Directory Federation Services (AD FS) servers. Cozy Bear is a
The State of BEC in 2021 (and beyond)
Ransomware has made major cybersecurity story headlines in the past 12 months. Therefore, a lot of focus and corporate resources are spent on mitigating the risk of ransomware. And rightly
Insider Threat. Definition, Types, Examples and Prevention Strategies
You might think that you’re taking all security measures to protect your company, but have you ever considered that the danger might come from within? Insider threat is a very
BloodyStealer Malware Wreaks Havoc on the Gaming Platforms
Malware attacks go on with one more hit. This time, targets are gaming platforms. This new malware is for sale on dark web forums now. Cybercriminals make use of the