Criminals Use Jackpotting Attack

WordPress 5.0 Gets Security Patch a Week After Release

Only a week has passed since the release of WordPress 5.0—a new major version codenamed “Bebo”—and the WordPress team has already pushed out a security update for it. WordPress 5.0.1, released Dec. 13, fixes seven vulnerabilities, some of which are pretty serious and could soon be exploited by attackers. One ... Read More
Security Boulevard
Security Mistakes Cripple Network

Destructive Shamoon Malware Hits Italian Oil and Gas Firm

Hackers hit the IT infrastructure of an Italian oil and gas company with a new version of a destructive malware program called Shamoon. Shamoon, also known as Disttrack, was first used in 2012 in attacks against Saudi Aramco, Saudi Arabia’s national oil and gas company, and then again in 2016 ... Read More
Security Boulevard
Microsoft Patches Another Actively Exploited Zero-Day Vulnerability

Microsoft Patches Another Actively Exploited Zero-Day Vulnerability

Microsoft released security updates for its products Dec. 11, fixing 38 vulnerabilities including a privilege escalation flaw in the Windows kernel that has been exploited by cyberespionage groups since October. The zero-day vulnerability, tracked as CVE-2018-8611, was reported to Microsoft by researchers from Kaspersky Lab who saw it being used ... Read More
Security Boulevard
Attack Kit Hijacks DNS of Home and Business Routers

Attack Kit Hijacks DNS of Home and Business Routers

For the past year, attackers have been using an exploit kit that changes the DNS settings of home and small-business routers through users’ browsers. The tool, dubbed Novidade, was first used in Brazil in August 2017, but researchers from antivirus firm Trend Micro have identified multiple variants since then and ... Read More
Security Boulevard
Mobile Fraud, Threats Soar

Two Dozen Click Fraud Apps Found in Google Play

Attackers managed to pass Google’s defenses and place 22 Android apps on Google Play that engaged in sophisticated advertising click fraud when installed on users’ phones. The majority of the apps were created after June 2018 and were collectively downloaded more than 2 million times until their removal around Nov ... Read More
Security Boulevard
Vulnerable to BEC Fraud

Email Spam Campaign Targets U.S. Retail, Restaurant Sectors

A cybercriminal group has launched a malware campaign via personalized spear-phishing emails against large retail, restaurant and grocery chains in the United States, as well as against other organizations from the food and beverage industries. The spam campaigns, which distributed several Trojans including Remote Manipulator System (RMS) and FlawedAmmyy, were ... Read More
Security Boulevard
North Korean APT Group Targets Academia via Malicious Chrome Extensions

North Korean APT Group Targets Academia via Malicious Chrome Extensions

Security researchers have uncovered an APT group with possible ties to North Korea that has targeted academic institutions since May. The group, dubbed Stolen Pencil by researchers from Netscout, send spear-phishing emails which direct users to a website that asks them to install a “font manager” Chrome extension in order ... Read More
Security Boulevard
Barracuda Networks ATO Attacks

Business Email Compromise Gang Targeted 50,000 Company Executives

A Nigerian gang with members based in the U.K. is perpetrating a business email compromise operation aimed squarely at executives at companies with locations worldwide. The gang has compiled a target list of 50,000 email addresses belonging to company executives, the majority of them chief financial officers. Researchers from email ... Read More
Security Boulevard
Czech Republic Blames Russia for Yearlong Email Breach

Czech Republic Blames Russia for Yearlong Email Breach

The Czech government’s Security Information Service (BIS) revealed in a report that hackers associated with the Russian government are responsible for an email breach, compromising the email system of the country’s Ministry of Foreign Affairs (MFA) and reading sensitive communications for more than a year. According to the new report, ... Read More
Security Boulevard
Hackers Exploit UPnP in Routers to Expose Private Networks to Attacks

Hackers Exploit UPnP in Routers to Expose Private Networks to Attacks

Hackers are exploiting insecure UPnP implementations in routers to expose millions of computers from inside private networks to SMB attacks. Universal Plug and Play (UPnP) is a service that allows devices to discover each other inside local networks and automatically open ports for data sharing, media streaming and other services ... Read More
Security Boulevard
Loading...