YouTube is being used to distribute a novel bundle of malware but probably not in the way you'd expect. The videos promote cracks and cheats for several popular games, but links in the video description expose viewers to malware downloads. The malware itself propagates these videos by taking over user accounts to...
Read more...
The Cyber Division of the US Federal Bureau of Investigation (FBI) has published a notice warning the healthcare industry of cyberattacks targeting healthcare payment processors. The attacks generally come in the form of phishing attacks that leverage employees’ publicly available Personally Identifiable Information...
Read more...
Cybersecurity researchers at Proofpoint have been keeping tabs on an Advanced Persistent Threat (APT) known as TA453 and recently found the threat actor employing a phishing technique that makes use of sock puppet email accounts. Sock puppets are alternate accounts or personas used in a deceptive manner by a single...
Read more...
The cybersecurity firm Group-IB published research today detailing how various threat actors are stealing Steam login credentials using browser windows. Specialists from the computer emegency response team at Group-IB (CERT-GIB) discovered over 150 phishing resources mimicking Steam in just the month of July. Steam...
Read more...
Research conducted by a team at the firmware security firm Binarly reveals that six vulnerabilities remain unpatched in various enterprise-grade HP laptops and desktops despite HP having developed patches for these vulnerabilities. Binarly discovered three of these vulnerabilities last year and notified HP of their...
Read more...
No matter how you pronounce it, GIFs are fun and entertaining for most people, and a mild annoyance for the rest. Unfortunately for users of Microsoft Teams, they are also a danger to their systems. A new malware known as GIFShell has surfaced, and the attack vector is Microsoft Teams.
Found by Security researcher...
Read more...
After introducing video end-to-end encryption (E2EE) for a subset of its wired doorbell and camera devices over a year ago, Ring has announced that it is now extending this capability to its wireless devices. While the company doesn’t specify in its announcement which of its battery-powered devices will support E2EE...
Read more...
Scammers and fraudsters have been targeting YouTube creators with sophisticated email campaigns. The emails pose as legitimate notices from Google which claim to be a copyright report and possible strike against the channel. These include a Google Drive link to the purported report, which actually contains a malware...
Read more...
The outdoor recreational apparel brand The North Face has reportedly been hit by a major credential stuffing attack. In a credential stuffing attack, threat actors take user login credentials exposed in unrelated data breaches and enter them into a targeted website or service. This form of cyberattack takes advantage...
Read more...
Cybersecurity researchers from Palo Alto Networks’ Unit 42 have discovered a campaign exploiting multiple vulnerabilities in D-Link routers to spread botnet malware. A botnet is a network of compromised consumer or enterprise devices controlled by a threat actor to carry out malicious tasks, such as mining...
Read more...
The international phenoms that are Minecraft and Roblox are practically ubiquitous in gaming today. The two games are available on multiple platforms including consoles, PC, and even mobile devices. Unfortunately, their significant popularity, especially amongst younger generations, makes them an excellent target for...
Read more...
Last week, Microsoft revealed a vulnerability in the TikTok Android app that threat actors potentially could have exploited to hijack TikTok user accounts with a single click. Fortunately, TikTok patched the vulnerability earlier this year before its disclosure. However, shortly after Microsoft publicly disclosed the...
Read more...
Ransomware attacks have been targeting school districts, hospitals, government organizations, businesses, and even hospitals in recent years. It's a rather nasty piece of work; it can cause loss of data, stolen data, more viruses, and even inaccessibility to systems necessary for operations. An entire town in Canada...
Read more...
A nasty bit of Android malware previously lurking on the Google Play Store has returned with additional capabilities. Known as SharkBot, the malware is designed to steal user login credentials, particularly credentials used to access financial applications. The malware has also been found to initiate money transfers...
Read more...
On September 2, 2022, Samsung reported that it had discovered a security breach of their U.S. systems. Unfortunately for some Samsung customers, this means that their personal information may have leaked out into the wild. The report states that the initial indication came in July, and by August it had established the...
Read more...
A new report by Microsoft details a vulnerability in the TikTok Android app that threat actors could have exploited to hijack user accounts with a single click. The vulnerability appears in the National Vulnerability Database with the Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-28799 and a high...
Read more...
We frequently write about Android malware smuggled onto the Google Play Store in the form of what appear to be legitimate apps. However, the Play Store isn’t the only Google-run app store with a malware problem. A new report by McAfee Labs identifies five extensions on the Chrome Web Store that contain malicious...
Read more...
The James Webb Space Telescope (JWST) came online this year after more than 20 years of design and development. It's a real watershed moment for astronomy, and unfortunately, yet another way for internet ne'er-do-wells to distribute malware. Security researchers have identified a new malware campaign that has...
Read more...
Do you ever feel like company advertisers are doing more than listening to you? Let's face it, they probably are. You might be concerned to hear that your pocket smart device is also tracking where you are. This is not new information for most people. Many use GPS mapping apps, such as Google Maps, Waze, and Apple...
Read more...
The password manager LastPass has published a blog post notifying users of a recent data breach. According to the CEO, Karim Toubba, the breach affected parts of the company’s development environment but did not touch any databases containing user data or passwords. Rather than stealing user information, it seems that...
Read more...
A new report by cybersecurity firm Mandiant details an ongoing hacking campaign targeting Microsoft 365. The threat actor behind this campaign is an advanced persistent threat (APT) known as “Cozy Bear” or simply “APT29.” APT29 is thought to be a Russian hacking group sponsored by the Russian Foreign Intelligence...
Read more...
Plex, a company that provides media streaming solutions, sent out emails early this morning informing users of a data breach. According to the notice, Plex launched an investigation yesterday after discovering suspicious activity on one of its databases. The investigation revealed that a third-party actor managed to...
Read more...
