Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution

A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research. Attributing the operation to a nation-state actor, IBM Security X-Force researchers said the attacks took aim at the vaccine cold chain, companies responsible for storing and delivering...

2h

How Organizations Can Prevent Users from Using Breached Passwords

There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door? No matter how extensive your security solutions are, protecting the various systems in your...

3h

Hackers-For-Hire Group Develops New 'PowerPepper' In-Memory Malware

Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US. Dubbed "PowerPepper" by Kaspersky researchers, the malware has been attributed...

3h

TrickBot Malware Gets UEFI/BIOS Bootkit Feature to Remain Undetected

TrickBot, one of the most notorious and adaptable malware botnets in the world, is expanding its toolset to set its sights on firmware vulnerabilities to potentially deploy bootkits and take complete control of an infected system. The new functionality, dubbed "TrickBoot" by Advanced Intelligence (AdvIntel) and Eclypsium, makes use of readily available...

1d

Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking

A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit, Yango Pro, Microsoft Edge, Xrecorder, and PowerDirector,...

1d

Experts Uncover 'Crutch' Russian Malware Used in APT Attacks for 5 Years

Cybersecurity researchers today took the wraps off a previously undocumented backdoor and document stealer that has been deployed against specific targets from 2015 to early 2020. Codenamed "Crutch" by ESET researchers, the malware has been attributed to Turla (aka Venomous Bear or Snake), a Russia-based advanced hacker group known for its extensive...

1d

Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems. The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as part of its October 2020 Critical Patch Update and subsequently...

2d

CISO with a small security team? Learn from your peers' experience with this free e-book

CISOs with small security teams hold an intensive juggling act. They're responsible for sustaining the company's security resilience, ensuring compliance is adhered to and implementing privacy controls. In between these tasks, they need to follow up on board updates, lead cross-team communications and collaboration, and fight fires that may or may...

2d

Google Hacker Details Zero-Click 'Wormable' Wi-Fi Exploit to Hack iPhones

Google Project Zero white-hat hacker Ian Beer on Tuesday disclosed details of a now-patched critical "wormable" iOS bug that could have made it possible for a remote attacker to gain complete control of any device in the vicinity over Wi-Fi. The exploit makes it possible to "view all the photos, read all the email, copy all the private messages and...

2d

Incomplete 'Go SMS Pro' Patch Left Millions of Users' Data Still Exposed Online

A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. The security misstep made it possible for an attacker to come up with a trivial script to access media files transferred between users, including private...

2d