Items tagged with cybersecurity
Cheaters never prosper, especially when they are being targeted by ransomware-laden files scattered about the internet. Whether or not comeuppance like this is deserved, Japanese Minecraft players looking for alternate accounts to cheat or circumvent bans are being infected by the Chaos ransomware variant in a ghastly...
Read more...
If you were a threat actor, what better way to get a payload onto someone’s device than through a program that nearly everyone has installed like Google Chrome? Unfortunately, this appears to be what is happening with the Infostealer malware, masquerading as a legitimate update to the popular web browser from Google...
Read more...
The US government reported earlier this month that ransomware payments topped $81 million dollars in the first quarter of 2021 alone. This fact is in part the reason why the US government is looking to add new laws to combat ransomware. This also creates an environment where groups like Fin7 find creative ways of...
Read more...
Malware on Windows devices has become a real problem in the last few years, specifically with a recent uptick in ransomware. It appears that Microsoft has been trying to combat this issue, though, with updates to Microsoft Defender, so it has more teeth than ever before. However, what if Microsoft is part of the...
Read more...
A lot of folks buying (legitimate) software are disgruntled about the rise of "software as a service," or SaaS. Proponents claim that the continued payments enable further development of useful applications, while opponents complain that they end up paying far more than they might under a more traditional "buy to own"...
Read more...
T-Mobile is now investigating a massive customer data breach claim that could affect up to 100 million users. The leak, which appeared on a leak and database selling forums on Saturday, claimed to have 30 million unique social security numbers and driver's license information.
In the samples provided, it also...
Read more...
Not everything has to be high-tech to perform dastardly deeds these days, and the same is true of malware. However, malware can slip by conventional security solutions using some email tricks and social engineering and still infect end-users, as Microsoft reports.
This Tuesday, the Microsoft Security Intelligence...
Read more...
Yesterday, criminal hackers stole approximately $600 million in varying cryptocurrencies from the PolyNetwork, a blockchain interoperability company. Now, in an interesting turn of events, the hackers have begun returning the stolen funds in what was to be one of the biggest cryptocurrency thefts ever.
As it stands...
Read more...
Digital security and cyber safety are paramount in an era where people are constantly out to make a quick buck and steal your information. Thus, Norton LifeLock and Avast agreeing to a merger to form a new cyber safety business comes as no surprise in the ever-shifting threat landscape.
Announced yesterday, the...
Read more...
Ransomware infections have been on the rise lately, affecting companies like Gigabyte or, more famously, Kaseya. Subsequently, the fight against the ransomware plague needs to meet and exceed threat actors’ efforts, and Microsoft is looking to help. In collaboration with the Microsoft Threat Intelligence Center...
Read more...
Network Attached Storage (NAS) devices from Synology are being targeted by the StealthWorker Botnet in an ongoing brute-force attack that could lead to ransomware infections. Perhaps we should just drop the “network attached” of NAS portion for now.
According to an August 4th report, Synology’s Product Security...
Read more...
Earlier in the month, Tenable security researchers discovered a vulnerability allowing attackers to bypass authentication on millions of routers from 17 different vendors. However, it now appears that threat actors are actively exploiting this to deploy malicious Mirai botnet payloads.
Evan Grant of Tenable...
Read more...
Earlier in July, the PrintNightmare vulnerability was discovered, wherein a threat actor could exploit the vulnerability to gain system-level access to a device. This was only speculation at first, but that has now changed, as cybersecurity researcher Benjamin Delpy has shown.
Since the discovery of PrintNightmare...
Read more...
If you want to be stealthy, perhaps not wearing a hot pink suit is a good choice. When it comes to cybersecurity, avoiding computer languages that people have come to know and recognize is a good idea as well. Threat actors have seemingly figured out the latter as some malware has now been built using “exotic”...
Read more...
In the past, there have been some big slip-ups when commentators did not know that they were on-air and began speaking their mind to other people. This seems to have happened again at the Tokyo Olympics when an Italian TV announcer did not realize he was live on-air when he asked for his computer password.
Posted...
Read more...
Hackers and threat actors are constantly searching for new ways to breach systems for cybersecurity research or exploitation, respectively. Thankfully, French researcher Gilles Lionel got to an NTLM Relay Attack, dubbed PetitPotam, first. Now, Microsoft has released a mitigation technique that IT admins should...
Read more...
Whether it’s a typo, a line of code in the wrong place, or a placeholder for testing that never got removed, developers can introduce vulnerabilities into apps that a threat actor could exploit. It seems Android developers seem to have the problem quite a bit, as new research suggested over 60% of Android apps had...
Read more...
Earlier this year, the Colonial Pipeline ransomware incident crippled fuel delivery to the Eastern Seaboard, sending people into a panic and decreasing the supply of gas, if only briefly. Amazingly, this is only the first time something of this scale has happened, but hopefully, it will be the last. The Department of...
Read more...
Just on the heels of Microsoft taking on the cyberweapons market and malware found targeting journalists and politicians, a new cyberweapon has been discovered in a similar fashion. Targeting thousands of activists, journalists, politicians, the piece of malware called Pegasus, from Israeli surveillance company NSO...
Read more...
Just as there is a traditional weapons market, a private sector cyberweapons market enables people and organizations to attack anyone worldwide for a fee. However, Microsoft takes this threat of cyberweapons seriously, and is now working to fight the problem head-on.
Yesterday, Microsoft's Cristin Goodwin, General...
Read more...
Earlier this year, a vulnerability within Apple’s WebKit for Safari was discovered by Google’s Threat Analysis Group (TAG) and then tracked as CVE-2021-1879. Now, it is reported that this vulnerability was likely exploited by a familiar Russian government-backed threat actor: Nobelium.
Yesterday, Google TAG...
Read more...
It appears that REvil, the threat actor group behind attacks on JBS Global and Kaseya, among others, has gone dark. While this could be a good thing, it may not be worth holding your breath as there are other explanations for REvil “disappearing” in the short term.
Prior to the July 4th holiday in the United States...
Read more...
