Apple Patches Critical iOS Bugs; One Under Attack
Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks. [...]
Showing only posts tagged News. Show all posts.
Gigabyte Allegedly Hit by AvosLocker Ransomware
If AvosLocker stole Gigabyte's master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a la SolarWinds. [...]
Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign
Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers. [...]
Microsoft Oct. Patch Tuesday Squashes 4 Zero-Day Bugs
Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is an actively exploited zero-day. [...]
Flubot Malware Targets Androids With Fake Security Updates
The banking trojan keeps switching up its lies, trying to fool Android users into clicking on a fake Flubot-deleting app or supposedly uploaded photos of recipients. [...]
New APT ChamelGang Targets Russian Energy, Aviation Orgs
First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks. [...]
Google Emergency Update Fixes Two Chrome Zero Days
This is the second pair of zero days that Google's fixed this month, all four of which have been actively exploited in the wild. [...]
The Top Ransomware Threats Aren’t Who You Think
Move over REvil, Ragnar Locker, BlackMatter, Conti et al: Three lesser-known gangs account for the vast majority of ransomware attacks in the U.S. and globally. [...]
Credential Spear-Phishing Uses Spoofed Zix Encrypted Email
The spoofed email has targeted close to 75K inboxes, slipping past spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and more. [...]
REvil Affiliates Confirm: Leadership Were Cheating Dirtbags
After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court." [...]
Top Steps for Ransomware Recovery and Preparation
Alex Restrepo, Virtual Data Center Solutions at Veritas Technologies, discusses post-attack restoration options, and how to prepare for another one in the future. [...]
5 Steps For Securing Your Remote Work Space
With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home. Here are five recommendations for securing your home office. [...]
SpyFone & CEO Banned From Stalkerware Biz
The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data. [...]
T-Mobile’s Security Is ‘Awful,’ Says Purported Thief
John Binns, claiming to be behind the massive T-Mobile theft of >50m customer records, dissed the security measures of the US's No. 2 wireless biggest carrier. T-Mobile is "humbled," it said, announcing new partnerships with security heavyweights on Friday. [...]
‘Pay Ransom’ Screen? Too Late, Humpty Dumpty – Podcast
Splunk’s Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ahead of encryption leaving your business a pile of broken shells. [...]
Man Sues Parents of Teens Who Hijacked Nearly $1M in Bitcoin
Now adults, the then-teens apparently used clipboard hijacking malware to steal Bitcoin. [...]
ProxyShell Attacks Pummel Unpatched Exchange Servers
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers. [...]
T-Mobile: >40 Million Customers’ Data Stolen
Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection. [...]
Exchange Servers Under Active Attack via ProxyShell Bugs
There’s an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs. [...]
WordPress Sites Abused in Aggah Spear-Phishing Campaign
The Pakistan-linked threat group's campaign uses compromised WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea. [...]
Accenture Confirms LockBit Ransomware Attack
LockBit offered Accenture's purported databases and made a requisite jab at its purportedly sad security. Accenture says it recovered just fine from backups. [...]
eCh0raix Ransomware Variant Targets QNAP, Synology NAS Devices
Some bad actors are honing tools to go after small fry: This variant was refined to target not one, but two vendors’ devices that are common in SOHO setups. [...]
Android Malware ‘FlyTrap’ Hijacks Facebook Accounts
Coupon codes for Netlifx or Google AdWords? Voting for the best football team? Beware: Malicious apps offering such come-ons could inflict a new trojan. [...]
Auditors: Feds’ Cybersecurity Gets the Dunce Cap
Out of eight agencies, four were given D grades in a report for the Senate, while the Feds overall got a C-. [...]
MacOS Flaw in Telegram Retrieves Deleted Messages
Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead. [...]
« newer articles | page 2 | older articles »