Cybersecurity News

Cybersecurity News including Analytics, CISO, Cloud Security, Cybercrime, Data Security, DevOps, GRC, IoT, Social Engineering, Threats & Breaches and more.

Attack Kit Hijacks DNS of Home and Business Routers

Attack Kit Hijacks DNS of Home and Business Routers

For the past year, attackers have been using an exploit kit that changes the DNS settings of home and small-business routers through users’ browsers. The tool, dubbed Novidade, was first used in Brazil in August 2017, but researchers from antivirus firm Trend Micro have identified multiple variants since then and ... Read More
Mobile Fraud, Threats Soar

Two Dozen Click Fraud Apps Found in Google Play

Attackers managed to pass Google’s defenses and place 22 Android apps on Google Play that engaged in sophisticated advertising click fraud when installed on users’ phones. The majority of the apps were created after June 2018 and were collectively downloaded more than 2 million times until their removal around Nov ... Read More
Vulnerable to BEC Fraud

Email Spam Campaign Targets U.S. Retail, Restaurant Sectors

A cybercriminal group has launched a malware campaign via personalized spear-phishing emails against large retail, restaurant and grocery chains in the United States, as well as against other organizations from the food and beverage industries. The spam campaigns, which distributed several Trojans including Remote Manipulator System (RMS) and FlawedAmmyy, were ... Read More
North Korean APT Group Targets Academia via Malicious Chrome Extensions

North Korean APT Group Targets Academia via Malicious Chrome Extensions

Security researchers have uncovered an APT group with possible ties to North Korea that has targeted academic institutions since May. The group, dubbed Stolen Pencil by researchers from Netscout, send spear-phishing emails which direct users to a website that asks them to install a “font manager” Chrome extension in order ... Read More
Barracuda Networks ATO Attacks

Business Email Compromise Gang Targeted 50,000 Company Executives

A Nigerian gang with members based in the U.K. is perpetrating a business email compromise operation aimed squarely at executives at companies with locations worldwide. The gang has compiled a target list of 50,000 email addresses belonging to company executives, the majority of them chief financial officers. Researchers from email ... Read More
Czech Republic Blames Russia for Yearlong Email Breach

Czech Republic Blames Russia for Yearlong Email Breach

The Czech government’s Security Information Service (BIS) revealed in a report that hackers associated with the Russian government are responsible for an email breach, compromising the email system of the country’s Ministry of Foreign Affairs (MFA) and reading sensitive communications for more than a year. According to the new report, ... Read More
Orkus Applies AI to Enforce Cloud Security Governance

Orkus Applies AI to Enforce Cloud Security Governance

As more applications move into the cloud, it is clear governance has become a major issue. Cybersecurity criminals are now routinely looking for weak controls such as commonly used passwords that they can easily compromise. To provide cybersecurity teams tools to assess and maintain those controls, Orkus this week launched ... Read More
Hackers Exploit UPnP in Routers to Expose Private Networks to Attacks

Hackers Exploit UPnP in Routers to Expose Private Networks to Attacks

Hackers are exploiting insecure UPnP implementations in routers to expose millions of computers from inside private networks to SMB attacks. Universal Plug and Play (UPnP) is a service that allows devices to discover each other inside local networks and automatically open ports for data sharing, media streaming and other services ... Read More
U.S. Charges Two Iranians for SamSam Ransomware Attacks

U.S. Charges Two Iranians for SamSam Ransomware Attacks

The U.S. Department of Justice has charged two Iranian men for creating and distributing a ransomware program called SamSam that caused massive disruptions in hospitals, municipalities and public institutions over the past few years. SamSam appeared in late 2015 and immediately stood out because, unlike most ransomware at the time ... Read More
Cisco Takes Another Stab at Patching Recent WebEx Vulnerability

Cisco Takes Another Stab at Patching Recent WebEx Vulnerability

Cisco Systems has released a new patch for a remotely exploitable privilege escalation vulnerability after security researchers found that its previous fix was incomplete. The company first patched the vulnerability, known as WebExec or CVE-2018-15442, Oct. 24. The flaw was located in WebExService, a service installed on Windows machines by the ... Read More
Loading...