Microsoft: Here's how this notorious botnet used hacked routers for stealthy communication
Microsoft has revealed how the Trickbot trojan botnet has been using compromised MikroTik routers for stealthy communications with infected PCs. Trickbot, known for stealing banking credentials and delivering ransomware, seemed
From BlackMatter to BlackCat: Analyzing two attacks from one affiliate
By Tiago Pereira with contributions from Caitlin Huey. BlackCat is a recent and growing ransomware-as-a-service (RaaS) group that targeted several organizations worldwide over the past few months. There are rumors
Gh0stCringe Malware Impacts Unsecured Microsoft SQL, MySQL Servers
Cybercriminals distribute the Gh0stCringe Remote Access Trojan (RAT) on exposed machines by attacking poorly protected Microsoft SQL and MySQL database servers. Researchers from cybersecurity company AhnLab detailed in a report
Russian Cyclops Blink botnet launches assault against Asus routers
The Cyclops Blink botnet is now targeting Asus routers in a new wave of cyberattacks. Cyclops Blink, a modular botnet, is suspected of being the creation of Sandworm/Voodoo Bear, a
SolarWinds Issues Warning on Possible Web Help Desk Instances Attacks
SolarWinds Corporation is a company based in the United States that creates software to assist organizations in managing their networks, systems, and information technology infrastructure. Back in 2020 SolarWinds was
Landmark Online Safety Bill Introduced to UK Parliament
New obligations will be placed on social media firms to prevent and remove harmful content on their platformsRead More: https://www.infosecurity-magazine.com/news/landmark-online-safety-bill/
Cloudflare debuts Friendly Bot validation service
Cloudflare has introduced “Friendly Bots,” a new way to verify an online bot’s identity. Bots are applications designed to automatically perform specific, repetitive tasks online without the need for human
'Everyone loses': This new ransomware threatens to wipe Windows PCs if its victims don't pay up
LokiLocker, a relatively new form of ransomware, uses the standard extortion-through-encryption racket but also incorporates disk-wiper functionality. Double extortion became a hit last year, when ransomware gangs started
Conversation Hijacking Soars 270% to Enable BEC
A bigger payout encourages threat actors to put more time inRead More: https://www.infosecurity-magazine.com/news/conversation-hijacking-soars-bec/
Raspberry Pi Users Urged to Change Default Passwords as Attacks Surge
Honeypot data highlights importance of good IT hygieneRead More: https://www.infosecurity-magazine.com/news/raspberry-pi-users-change-password/
Ex CafePress owner fined $500,000 for 'shoddy' security, covering up data breach
CafePress’s past owner has been fined $500,000 over a litany of security failures and data breaches. CafePress is a US platform offering print-on-demand products including clothing, home decor, and kitchenware.
Russia Uses Deepfake of Zelensky to Spread Disinformation
Meta acts fast to remove fake clip of Ukrainian PresidentRead More: https://www.infosecurity-magazine.com/news/russia-uses-deepfake-zelensky/
Google could ask for your licence or passport on YouTube and Google Play in Australia
Image: Google Google has announced it will be expanding age verification checks to users in Australia who want to access age-restricted content on YouTube and Google Play. In the coming
Attacks Abound in Tricky Threat Terrain: 2021 Annual Cybersecurity Report
Trend Micro – The digital transformations that had enabled many enterprises to stay afloat amid the Covid-19 health crisis also brought about major upheavals in cybersecurity, the impact of which
Simple Tips to Protect Youself From Being Catfished
It is a fact that the COVID-19 pandemic forced us to go online whether it be working from home (WFH) or meeting people online. Another pandemic that is hardly ever
How to Talk Cybersecurity Risks and Rewards with Your Customers
Talking to your customers about cybersecurity shouldn’t be stressful, it shouldn’t be one time, and it shouldn’t be after a breach or other incident has occurred. Too often however, that’s
NSW confirms iVote system will be scrapped for next year's state election
New South Wales Residents Head To Polls In State Election Image: Brook Mitchell/Getty Images The NSW Electoral Commission (NSWEC) has confirmed it will scrap using the iVote system for next
Automotive parts maker Denso confirms cyberattack
Written by Suzanne Smalley Mar 16, 2022 | CYBERSCOOP The global automotive components manufacturer Denso said in a press release this week that its German operations had been “illegally accessed
Emotet's tax-season phishing is back with new tricks
Written by Joe Warminsky Mar 16, 2022 | CYBERSCOOP IRS-themed phishing campaigns are reliable signs of spring, so the question each year becomes, “What’s new?” Researchers at Cofense are answering
Sioux Falls Funds DSU Cybersecurity Lab
City council approves $10m appropriation toward Dakota State University cybersecurity labRead More: https://www.infosecurity-magazine.com/news/sioux-falls-funds-dsu/
‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps
Scammers are bypassing Apple’s App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs. For about a year now, crypto-traders and
Irish Watchdog Fines Meta $19m Over Data Breach
Ireland’s data regulator imposes penalty after inquiry into 2018 data breach notifications Read More: https://www.infosecurity-magazine.com/news/irish-watchdog-fines-meta-19m-over/
Avast Merger Raises Competition Concerns
UK government finds NortonLifeLock purchase of Avast could reduce competition Read More: https://www.infosecurity-magazine.com/news/avast-merger-raises-competition/
Another Destructive Wiper Targets Organizations in Ukraine
CaddyWiper is one in a barrage of data-wiping cyber-attacks to hit the country since January as the war on the ground with Russia marches on. Researchers have discovered yet another
16 Ways to Stay Safe While Online Shopping
Online shopping is new for some, especially since the beginning of the COVID-19 pandemic, but it is already a favored way to shop for many. It is easy and convenient,
NSA and CISA: Here's how to improve your Kubernetes cluster security
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published updated guidance about how to harden Kubernetes for managing container applications. Kubernetes is an open-source
This sneaky type of phishing is growing fast because hackers are seeing big paydays
There’s been a steep rise in phishing attacks which hijack legitimate, ongoing conversations between users to steal passwords, steal money, deliver malware and more. Phishing attacks have been a cybersecurity
Over 500 Domains Were Used in Phishing Operation to Steal Credentials
Massive phishing operation employing hundreds of domains to steal Naver credentials reveals infrastructure overlaps associated with the TrickBot banking trojan. What Is Naver? Naver is a South Korean online platform
Why Cloud Workload Security (CWS) Should Be Your 2022 Priority
The cloud is quickly becoming the most important battleground for organizations. Organizations are continuing their push into digitalization and are large cloud-first organizations. They’re using more cloud-based services, more cloud-based
Tips and Trends to Level Up Your MSP
Even with ongoing uncertainty, managed service providers are looking for opportunities to grow their businesses in 2022. How to achieve that growth was the topic of the Managed Services Community
Preparing for denial-of-service attacks with Talos Incident Response
By Yuri Kramarz. Over the years, several extorsion-style and politically motivated denial-of-service attacks increased and still pose a threat to businesses and organizations of any size that can find themselves
Security gives your company a competitive advantage
In rowing, when your team is in sync, the boat is flying on the top of the water, and you’re winning — it’s pretty magical. But sometimes, you “catch a
iPhone, Android users lose life savings to romance fraud, cryptocurrency operation
iPhone and Android users are falling prey to new and even more extortionate tactics by romance and cryptocurrency scam artists. Romance scams are nothing new, but their potential impact has
New Linux Botnet Discovered
Log4j 2 is a Java logging library that is open source and extensively used in a variety of software applications and services throughout the world. The Log4j vulnerability gives threat
DirtyMoe: Worming Modules
Avast – The DirtyMoe malware is deployed using various kits like PurpleFox or injected installers of Telegram Messenger that require user interaction. Complementary to this deployment, one of the DirtyMoe
CISA and FBI warning: Hackers used these tricks to dodge multi-factor authentication and steal email from NGO
Russian state-sponsored hackers have used a clever technique to disable multi-factor authentication (MFA) and exploit a Windows 10 printer spooler flaw to compromise networks and high-value domain accounts. The goal?
Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations
Check Point study urges developers to follow best practicesRead More: https://www.infosecurity-magazine.com/news/thousands-mobile-apps-expose-data/
CISA: Fix MFA and Patch Promptly to Stop Russian Attackers
Alert explains how misconfigured authentication allowed hackers inRead More: https://www.infosecurity-magazine.com/news/cisa-fix-mfa-patch-promptly-stop/
Kaspersky Hits Back at “Politically Motivated” BSI Advisory
German authorities had urged firms to replace the Russian vendor’s productsRead More: https://www.infosecurity-magazine.com/news/kaspersky-hits-politically-bsi/
Australia's big four banks tackling cybersecurity with a team sport mentality
Read More: https://www.zdnet.com/article/australias-big-four-banks-tackling-cybersecurity-with-a-team-sport-mentality/#ftag=RSSbaffb68
Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
The phishing scam tried to steal login credentials by threatening account shutdown, due to users having purportedly shared “fake content.” A phishing campaign used the guise of Instagram technical support
Australia's cyber laws potentially harmful to security: Critical Infrastructure community
Image: Shutterstock A slew of Australia’s critical infrastructure service providers and union groups have lambasted the federal government’s critical infrastructure cyber laws due to it requiring organisations to install third-party
Kaspersky complains about 'political' German advisory against it
Logo: Kaspersky Lab // Composition: ZDNet Kaspersky has responded to an advisory issued against it by the German Federal Office for Information Security (BSI) saying users should replace its products
Increase In Malware Sightings on GoDaddy Managed Hosting
WordFence – Today, March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service, which includes
German Authorities Warn Against Using Kaspersky Products
The Federal Office for Information Security in Germany has urged users to uninstall any Kaspersky product from their devices and replace it with an alternative one. Bundesamt für Sicherheit in
No rational basis: Defamation law expert says Australia's anti-trolling Bill should be canned
Image: Getty Images A defamation law expert has slammed the federal government’s so-called anti-trolling Bill, accusing it of changing Australia’s defamation laws for no adequate reason and through misleading means.
Twitter concerned Australia's anti-trolling Bill leaves minority communities vulnerable
Image: Getty Images Twitter has joined other social media companies to call out Australia’s anti-trolling laws as an extreme risk to the privacy of Australians, particularly minority communities. Kara Hinesley,
Anonymous cripples Russian Fed Security Service (FSB) & other top sites
Anonymous says it also attacked the official website of the Russian Stock Exchange which, at the time of publishing this article, was offline. Anonymous hacktivists collective are claiming to have