It’s late again, dinner makes you think better. You suddenly remember what you forgot to announce about the new strategy and there’s steps you want everyone to do before that project meeting tomorrow. So, as usual, you race off and write another email to the senior leadership team members while it’s top-of mind. No time…
Google Play Store has yet again been found to be hosting malicious applications designed to steal cryptocurrencies. The malware dubbed Clipper has been discovered on the Play Store on February 1 by researchers at ESET internet security firm who reported on their findings at the weekend. Clarifying that there are Google Chrome and other browser add-ons…
According to security researchers from RiskIQ and Trend Micro, cybercriminals of a new subgroup of Magecart, labeled as “Magecart Group 12,” recently successfully compromised nearly 277 e-commerce websites by using supply-chain attacks. Typically, the Magecart hackers who have carried out attacks against some big businesses including Ticketmaster, British Airways, and Newegg, compromise e-commerce sites and insert malicious JavaScript…
Tampa Bay Credit Union members had their debit card information spoofed after threat actors generated false cards using the financial institution’s bin numbers. Threat actors identified the credit union’s bin numbers, the first six numbers on a debit card, and used software from the dark web to attach the Bin numbers to actual account holder’s…
TA505, a well-resourced organized cybercrime ring, is known for ongoing malware authoring and development, with everything from fully-fledged backdoors to what seems like beta-stage code making appearances in its campaigns. A new backdoor named ServHelper, developed by TA505, has been found, acting as both a remote desktop agent as well as a downloader. The primary motive is,…
The FBI has seized the domains of 15 high-profile distributed denial-of-service (DDoS) websites after a coordinated effort by law enforcement and several tech companies. The orders were granted under federal seizure laws, and the domains were replaced with a federal notice. Some of the sites named in the indictments reported attacks exceeding 40 gigabits per…
One bug accidentally allowed Google to index user passwords. WordPress 5.0 users are being urged to update their CMS software to fix a number of serious bugs. The update (WordPress 5.0.1) addresses seven flaws and was issued less than a week after WordPress 5.0 was released. The most serious of the flaws is a bug…
The Australian government has passed the controversial and mind-bogglingly complex Access and Assistance Bill 2018 into law. The opposition Labor party shelved its plans to improve the scheme and waved it through in response to overwhelming pressure from the Liberal-National Coalition government, desperate to see it made law before Christmas. Since it gives authorities the right to demand access to…
A small subset of professional criminal actors is responsible for the bulk of cybercrime-related damage, employing tools and techniques as sophisticated, targeted and insidious as most nation-state actors, says the State of Cybercrime Report 2018. These sophisticated and capable criminal gangs operate largely outside of the dark web, although they may leverage low-level criminal tools occasionally…
I found a great article in SecurityWeek by Alastair Paterson, the CEO of Digital Shadows. Could not have said it better myself, and he alerted everyone about an attack vector that was even a new one to me: email archives.
