Sharp SIM-Swapping Spike Causes $68M in Losses
The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts. [...]
The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts. [...]
The living-off-the-land binary (LOLBin) is anchoring a rash of cyberattacks bent on evading security detection to drop Qbot and Lokibot. [...]
Two powerful trojans with spyware and RAT capabilities are being delivered in side-by-side campaigns using a common infrastructure. [...]
The 'smishing' group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims. [...]
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another. [...]
A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics. [...]
The company's RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating. [...]
The Conti gang strikes again, disrupting the nom-merchant's supply chain and threatening empty supermarket shelves lasting for weeks. [...]
The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages. [...]
Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned. [...]
A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users. [...]
The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open. [...]
A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements. [...]
Zoho's comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution. [...]
Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers. [...]
The country's FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil's infrastructure. [...]
A cloudy campaign delivers commodity remote-access trojans to steal information and execute code. [...]
The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score. [...]
The malware establishes initial access on targeted machines, then waits for additional code to execute. [...]
Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications. [...]
ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch. [...]
The 'NoReboot' technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen. [...]
The accounts fell victim to credential-stuffing attacks, according to the New York State AG. [...]
A simple-to-exploit bug that allows bad actors to send emails from Uber's official system – skating past email security – went unaddressed despite flagging by multiple researchers. [...]
The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player. [...]