30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware
The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza. In
Android Privacy Issues Were Discovered in a New Study
A UK team of researchers has carried out a study discovering some Android privacy issues related to Android smartphones. Huawei Android devices, Realme, xiaomi, and Samsung represented the experts’ focus
Bugs allowing malicious NFT uploads uncovered in OpenSea marketplace
Critical security issues in the OpenSea NFT marketplace that allowed attackers to steal cryptocurrency wallet funds have been patched. NFTs, also known as non-fungible tokens, are digital assets that can
1 in 15 organizations runs actively exploited version of SolarWinds: Report
ZDNet Recommends Best security key 2021 While robust passwords go a long way to securing your valuable online accounts, hardware-based two-factor authentication takes that security to the next level. Read
University of Sunderland Hit by Suspected Cyber-Attack
University of Sunderland Hit by Suspected Cyber-Attack A UK university has suffered a suspected cyber-attack, causing "extensive IT issues." The University of Sunderland revealed the incident on its official Twitter account this
DDoS Website Customers Warned About a Possible Prosecution
DDoS stands for Distributed Denial of Service and refers to an online attack in which legitimate users are prevented from accessing their target online location. A DDoS attack is usually done by
Password-Stealing Attacks Surge 45% in Six Months
Password-Stealing Attacks Surge 45% in Six Months Attacks using password-stealing malware have surged by 45% over the past six months, highlighting the continued need for additional log-in security measures, according
White House set to lead 30 nations in ransomware discussions, sans Russia
Written by Tim Starks Oct 13, 2021 | CYBERSCOOP The White House on Wednesday and Thursday will convene meetings with representatives from more than 30 countries to discuss how to
Microsoft Patches Multiple Zero-Day Bugs
Microsoft Patches Multiple Zero-Day Bugs Microsoft fixed 74 new CVEs yesterday, including several zero-day vulnerabilities, one of which is being actively exploited in the wild. Zero-day bug CVE-2021-40449 is a Win32k elevation
Customers On Alert as E-Commerce Player Leaks 1.7+ Billion Records
Customers On Alert as E-Commerce Player Leaks 1.7+ Billion Records A Brazilian e-commerce firm has unwittingly exposed close to 1.8 billion records, including customers’ and sellers’ personal information, after misconfiguring
Security Serious Unsung Heroes 2021 Winners Announced
Security Serious Unsung Heroes 2021 Winners Announced The winners of the sixth annual Security Serious Unsung Heroes Awards were unveiled last night during an entertaining ceremony at St. Bart’s Brewery
Double Extorsion Ransomware: The New Normal
With more and more businesses learning how to avoid paying huge amounts of money to ransomware actors by maintaining up-to-date backups and having disaster recovery plans in place, the number
October Patch Tuesday: 3 Critical Bulletins Among 71
Trend Micro – The October 2021 Patch Tuesday continues the quiet streak observed for the months of August and September. Out of 71 bulletins, only three were rated Critical this month. The list also included a fix for four publicly known
Australia's new ransomware plan to create ransomware offences and reporting regime
The Australian government has announced a new set of standalone criminal offences for people who use ransomware under what it has labelled its Ransomware Action Plan. Under the new plan
Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign
Microsoft’s October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers. Today is Microsoft’s
Nukegate CEO Imprisoned for Fraud
Nukegate CEO Imprisoned for Fraud The former CEO of failed South Carolina electric and natural gas public utility SCANA Corporation (SCANA) has been sent to federal prison after pleading guilty
Why Businesses Need To Go Lean With Cybersecurity
As hackers get smarter than ever, cybersecurity becomes a key concern for businesses. Attackers have ways to break into even the most secure and sophisticated systems, therefore you cannot ignore
Olympus suffers second cyberattack in 2021
On Tuesday, Japanese tech manufacturer Olympus said that it was investigating a cyberattack on its IT systems in the US, Canada, and Latin America. The company said the cybersecurity incident was
Windows Zero-Day Actively Exploited in Widespread Espionage Campaign
The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers. Researchers have discovered a zero-day exploit for Microsoft Windows that was being used to
Olympus probes apparent cyberattack, its second in less than a month
Written by Aj Vicens Oct 12, 2021 | CYBERSCOOP Japanese technology manufacturer Olympus announced Tuesday that it was investigating “a potential cybersecurity incident” affecting IT systems in the U.S., Canada,
Google Creates Cybersecurity Action Team
Google Creates Cybersecurity Action Team Google is bringing together a bevy of in-house experts to form a new cybersecurity advisory team. In a statement released earlier today, Google announced the creation of
Microsoft Azure customer hit by 2.4 Tbps DDoS attack
Microsoft has confirmed to mitigate a massive DDoS attack originated from a botnet comprising 70,000 compromised IoT devices. Microsoft reported that an unnamed customer of its Azure cloud platform was
RealDefense Acquires STOPzilla
RealDefense Acquires STOPzilla Antivirus and anti-malware brand STOPzilla has been acquired by California holding company RealDefense. The deal was announced earlier today and marks RealDefense's fourth acquisition in the security sector. Other brands
Office 365 Spy Campaign Targets US Military Defense
An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others. A new threat actor, dubbed DEV-0343, has been spotted
Best performing cybersecurity companies and their recent developments
Cybersecurity companies are the backbone to fight cybercrime – Let’s dig deeper into which cybersecurity company is doing what and how. Cybersecurity companies play a crucial role in protecting businesses
Iran-linked hackers hit Israeli, US and EU defense tech firm
Microsoft has warned that hackers linked to Iran are mainly targeting Office 365 clients in defense technology firms. Researchers at Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit
Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug
The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a “great” flaw that can be used for jailbreaks and local privilege
Undercover FBI Agent Reveals Espionage Plans of Nuclear Engineer
Following the sell-out of data related to nuclear-powered warship design to an undercover FBI agent, a nuclear engineer together with his wife were imprisoned, being charged with espionage accusations that
Flaw Impacting LibreOffice & OpenOffice Enables Attackers to Spoof Signed Documents
LibreOffice and OpenOffice have released fixes to tackle an issue that allows hackers to make documents look as if they were signed by a trustworthy source. Even though the vulnerability
GitHub Revokes Duplicate SSH Authentication Keys
The SSH protocol used by GitHub allows you to log in without a user name or password. To do this, users would need to establish an SSH keypair and add
Intune vs. WSUS vs. SCCM – Costs, Benefits, Ease of Use, and Deployment
Patching has certainly gained a lot of momentum ever since research has proven that ‘unattended’ apps and software can quickly lead to a data leak. Patching is the new ‘kid’
Help Net Security Publishes a Report on Extended Detection and Response (XDR)
Help Net Security, an independent site focusing on information security, has recently started a new series of reports in order to help CISOs worldwide choose what’s best for their organization when
Top 30 most exploited software vulnerabilities being used today
For all the zero-days, custom-crafted malware and other completely unknown security vulnerabilities, others have been around for years and are widely used across the board. To showcase this, the FBI
Red Team tutorial: A walkthrough on memory injection techniques
Infosec Institute – There are many techniques within the memory injection field. Some are often found in malware or used by security experts to run their material, like during a
The Value of SubscriptionsBy Jim O’Gorman
We recently announced our new subscription products, Learn One and Learn Unlimited, and we are really excited about the response they have received. These subscription products represent a change from
Wordfence Helps Enable Education in Uganda
WordFence – I want to share something very exciting and truly wonderful with you all today. Wordfence just completed a project where we partnered with Far Away Friends, a Denver-based
Crypto-mining Malware Targets Huawei Cloud
Cloud service providers, like, for instance, Huawei Cloud, are now targeted by some new variant of a past crypto-mining malware. This is Linux-based and its initial version started its activities
The King is Dead, Long Live MyKings! (Part 1 of 2)
Avast – MyKings is a long-standing and relentless botnet which has been active from at least 2016. Since then it has spread and extended its infrastructure so much that it
NCSC CEO: Ransomware the “Most Immediate Threat” Facing UK Businesses
NCSC CEO: Ransomware the "Most Immediate Threat" Facing UK Businesses NCSC CEO Lindy Cameron has warned UK businesses that ransomware “is the most immediate cyber threat” they face. During a speech
DDoS Operator Arrested by the Ukrainian Police
As my colleague Cezarina explained in a previous article, a botnet is a network of infected computers or other internet-connected devices, that communicate with each other in order to perform the
Over 90% of Firms Suffered Supply Chain Breaches Last Year
Over 90% of Firms Suffered Supply Chain Breaches Last Year Some 93% of global organizations have suffered a direct breach due to weaknesses in their supply chains over the past
Why You Should Use Dynamic QR Code Generator
We cannot argue that proof of authenticity gives more credibility. To make your brand more authentic, you need to have a dynamic QR code generator generating customized codes for your
Euro Police Disrupt $17m Fake Investment Scheme
Euro Police Disrupt $17m Fake Investment Scheme European police have disrupted a significant financial crime organization said to have made at least €15m ($17m) by tricking investors. Between May 2019
Ukraine Police Cuff Botnet Herder Who Controlled 100K Machines
Ukraine Police Cuff Botnet Herder Who Controlled 100K Machines Ukrainian law enforcers have arrested a suspected botnet herder responsible for controlling an automated network of around 100,000 compromised machines to
The Fight against Financial Cyber Crime
Financial cyber crime is an act in which financial gains or profits are made through criminal activities such as identity fraud, ransomware attacks, e-mail, and Internet fraud. Attempts to steal
Couple Arrested Over Sale of Nuclear Secrets
Couple Arrested Over Sale of Nuclear Secrets A married couple from Maryland has been arrested on suspicion of selling secret information about the design of nuclear-powered warships. Jonathan and Diana Toebbe, both
US Imprisons Man Who Exploited Children Via Social Media
US Imprisons Man Who Exploited Children Via Social Media A sexual predator who used social media apps to victimize minors has been sent to prison in the United States. Jacob
Couple sold nuclear warship data hidden in peanut butter sandwich, bubble gum pack
The former Navy Nuclear engineer and his wife used a bubble gum package and peanut butter sandwich to hide SD card with sensitive data and sell it to undercover FBI