CISA Issues Directive To Patch This Exploited Chrome Flaw By December 26

Last week, Google began pushing out an update to its Chrome browser that fixes a critical security vulnerability in the browser’s JavaScript engine. Google noted in its blog post about the update that an exploit for this vulnerability is out in the wild. Then, on Monday, the Cybersecurity and Infrastructure Security Agency (CISA) announced the discovery of evidence that threat actors are actively leveraging this exploit in cyberattacks. The agency accordingly added the exploited Chrome vulnerability to its known exploited vulnerability catalog, giving federal agencies a due date of December...

Beware Of This Convincing PayPal Scam That's Looking To Rob You Over The Holidays

by Paul Lilly - Tue, Dec 06, 2022

In most cases, it's pretty easy to recognize a phishing scam. Telltale signs include typos, bad grammar, unsolicited attachments, and spoofed email addresses and hyperlinks, to name just a few. So imagine my surprise when I received an email that exhibited none of those traits, at least not initially, in an attempt to swindle me out of $479 in PayPal funds. Here's how the clever scam works. I received an email from PayPay with the subject line, "Billing Department updated your invoice" followed by an invoice number (which I'll refrain from sharing to avoid being targeted as an active recipient)....

Why US Whistleblower Edward Snowden May Have Sworn An Oath Of Allegiance To Russia

by Nathan Wasson - Mon, Dec 05, 2022

Edward Snowden, the former NSA contractor turned mass surveillance whistleblower, officially became a Russian citizen in September of this year when Russian president Vladimir Putin signed a decree granting citizenship to Snowden and seventy-four other foreigners residing in the country. Last week, Snowden’s lawyer, Anatoly Kucherena, told Russian state media that Snowden received his Russian passport. However, in order to obtain this documentation of his newly-gained citizenship, Snowden may have had to swear an oath of allegiance to Russia. Last Friday, the Russian news agency Interfax...

These Android Apps In Google Play Infected 2M Devices With Malware, Delete ASAP

by Aaron Leong - Mon, Dec 05, 2022

In the latest detection statistics by Dr. Web antivirus for Android, it found that more than two million users were being bamboozled into installing and using certain apps that were actually backdoors for malware, phishing, and adware. These apps were disguised as rewards apps, utilities or system optimizers that instead caused device performance issues, ads, and other malicious malware. Many of the reported high-risk apps have been removed from the Google Play Store, but you should ensure that these reported apps are removed from your device nonetheless. The apps above are shells for a module...

Schoolyard Bully Android Malware Wants Your Facebook Login, Not Your Lunch Money

by Nathan Wasson - Fri, Dec 02, 2022

The cybersecurity firm Zimperium, has published a blog post detailing a recently discovered Android malware campaign that has been ongoing since 2018. This campaign spreads a set of malicious apps the researchers are calling the “Schoolyard Bully Trojan” on account of the fact that the malicious apps are disguised as educational apps offering a wide range of books for users to read. However, rather than trying to steal your lunch money with banking malware, the Schoolyard Bully Trojan is out to swipe users’ Facebook account credentials. That said, as we’ll discuss, this...

LastPass Breached Again And This Time It Exposed Customer Details To Hackers

by Nathan Wasson - Thu, Dec 01, 2022

The CEO of the password manager LastPass, Karim Toubba, has published a blog post on the company’s website disclosing a recent security breach. According to the blog post, this incident affected both LastPass and its affiliate company GoTo, with a similar blog post appearing on the GoTo website. With the help of the cybersecurity firm Mandiant, LastPass determined that the threat actors behind this recent incident were able to access some customer information. However, users’ passwords were not exposed in the data breach, as LastPass protects this data with end-to-end encryption. This...

Anker Apologizes For Eufy Cameras Uploading Unencrypted Content Without User Consent

by Nathan Wasson - Wed, Nov 30, 2022

The proliferation of “smart” devices within the home has raised privacy concerns as it has become more apparent that the companies selling these devices often have access to data and media collected by the devices. Eufy, a sub-brand of the popular Chinese electronics manufacturer Anker Innovations, tries to capitalize on these concerns by presenting itself as a privacy-preserving alternative to other smart device brands. According to Eufy, its line of security cameras and video doorbells protect users’ privacy by storing data locally, rather than in the cloud. However, a recent...

How TikTok's 'Invisible Body' Challenge Is Tricking Users Into Installing Malware

by Nathan Wasson - Tue, Nov 29, 2022

TikTok’s meteoric rise is due, in part, to viral challenges that spread on the social media platform. Some of these challenges are not only dumb, but down right dangerous. One of the more recent challenges revolves around a TikTok filter that masks people’s bodies with a blur of color intended to match the background. The new “Invisible Body” challenge dares TikTok users to record themselves partially or fully naked with the invisible filter applied to hide their nudity. While this challenge may be vain or ill-advised, it seems that it may also be somewhat dangerous, as...

Beware, Scammers Are Targeting Holiday Shoppers With A USPS Phishing Scam

by Nathan Wasson - Mon, Nov 28, 2022

The holiday season at the end of the year is a busy time for online shoppers, between taking advantage of the best Black Friday and Cyber Monday deals and ordering gifts for friends and family. Sadly, threat actors have no qualms with taking advantage of the high volume of packages in transit during this time to conduct widespread cyberattacks against their recipients. We recently encountered one such attack in the form of a phishing campaign masquerading as a United States Postal Service (USPS) notification service. This particular phishing campaign is designed to lure users to a fraudulent USPS...

Hackers Are Packing Malware Into VPN Apps For Android, Security Researchers Warn

by Nathan Wasson - Fri, Nov 25, 2022

Researchers at the cybersecurity firm ESET have discovered an active Android malware campaign that began in January 2022. The campaign in question distributes spyware injected into legitimate VPN apps. The researchers have tied this campaign to an advanced persistent threat (APT) group known as “Bahamut.” Bahamut has been active since at least 2017, when it was first identified. The APT group conducts cyberespionage primarily in the Middle East and South Asia, working to steal sensitive information at the behest of paying clients. Bahamut has developed its own spyware, which it has...

Apply This Emergency Google Chrome Zero-Day Patch Before You Shop Black Friday Deals

by Paul Lilly - Fri, Nov 25, 2022

Between all the scintillating Black Friday deals and the Cyber Monday bargains that will follow, you may end up spending a lot of time surfing online retail stores for discounts. That's all well and good, but if you're among the more than 2 billion people who use Google's Chrome browser, take a moment to apply the latest emergency update to protect yourself from another zero-day security flaw. Google started pushing out the patch on Thanksgiving, when you were likely preoccupied with gorging on turkey and watching a slate of football games (I don't care what the refs decided, that was a catch by...

Hackers Are Spoofing MSI's Afterburner Utility To Infect Gamers With Malware

by Mark Tyson - Thu, Nov 24, 2022

A cyber risk and security analysis company by the name of Cyble has discovered that there are a number of websites distributing a version of MSI Afterburner laced with various strains of malware. Those who accidentally download this widely popular graphics card utility via one of the cunningly crafted spoof domains could face malware issues such as; unwanted crypto mining software, and information stealing software. MSI’s Afterburner is a very popular free utility for owners of graphics cards, for owners of all brands (not just MSI) and architectures (AMD or Nvidia). However, enthusiasts...

US Feds Slaughter Pig Butchering Cryptocurrency Scam By Seizing Shady Domains

by Nathan Wasson - Wed, Nov 23, 2022

This week, the United States Department of Justice (DOJ) announced the seizure of seven domain names that cybercriminals used to carry out a cryptocurrency scam. The scam in question is known as a “pig butchering” scheme, as the scammers metaphorically led their victims to the slaughter. In these sorts of schemes, the scammers meet their victims online, then slowly build up trust over time by developing phony relationships. Once the scammers determine that their victims are sufficiently trusting of them, the scammers begin to introduce the idea of taking some sort of action. In this...

How DraftKings Hackers Pilfered $300K From Bettors And How To Protect Yourself

by Nathan Wasson - Tue, Nov 22, 2022

Three days ago, users of the sports betting service DraftKings began reporting that their accounts had been hacked. In cases in which the hacked accounts contained funds, users reported the hackers attempting to withdraw their funds to newly added bank cards. Yesterday, DraftKings acknowledged these reports publicly, announcing an investigation and directing affected customers to contact the company’s Customer Experience Team. Later that day, DraftKings posted an official statement attributing the account breaches to a widespread credential stuffing attack. In credential stuffing attacks,...

Sinister AXLocker Ransomware Adds Insult To Injury By Stealing Your Discord Account

by Nathan Wasson - Mon, Nov 21, 2022

Researchers at the cybersecurity company Cyble have published a technical analysis of a new ransomware known as “AXLocker.” Aside from the regular data encryption performed by ransomware, AXLocker also searches victims’ systems for Discord login tokens, then hands these tokens over to the threat actor behind the ransomware. While victims are busy attempting to recover their encrypted data, the threat actor can use these stolen credentials to access victims’ Discord accounts, which the threat actor may use to further distribute the ransomware. Ransomware is a growing cause...

FBI Advisory Warns Active Hive Ransomware Gang Has Extorted $100M And Counting

by Nathan Wasson - Fri, Nov 18, 2022

Two weeks ago, the Biden administration convened the second International Counter Ransomware Summit, warning that ransomware attacks are outpacing efforts to mitigate them. Now, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) have released a joint cybersecurity advisory alerting network defenders and organizations to the danger posed by the Hive ransomware gang. According to the advisory, the gang has struck over 1,300 companies and collected around $100 million in ransom fees from its...

DuckDuckGo Releases App Tracking Protection On Android With A Bold Claim

by Nathan Wasson - Thu, Nov 17, 2022

Almost a year ago exactly, DuckDuckGo introduced a new App Tracking Protection feature for its Android browser app as part of the company’s plan to build an all-in-one privacy app that extends beyond just web browsing and search results. DuckDuckGo initially launched this new feature in closed beta, but, as of yesterday, the feature is now available in open beta for all users of the company’s Android app. In a blog post announcing the open beta, DuckDuckGo touted its App Tracking Protection feature as more powerful than Apple’s App Tracking Transparency feature on iOS and iPadOS....

McDonald's, Coca-Cola Among Impersonated Brands In Massive Phishing Campaign

by Nathan Wasson - Wed, Nov 16, 2022

The cybersecurity firm Cyjax has published a new report detailing an ongoing phishing campaign that has made use of over 42,000 domains going back to 2017. The campaign targets WhatsApp users with surveys promising rewards from major international brands, such as McDonald’s and Coca-Cola. Cyjax researchers have attributed this campaign to a Chinese threat actor they’ve named “Fangxiao,” which is simplified Chinese for “imitate.” The phishing campaign spreads over WhatsApp beginning with messages sent to unsuspecting users. These messages contain links that redirect...

How Russian Code Infiltrated Android And iOS Apps Used By The CDC And US Army

by Nathan Wasson - Tue, Nov 15, 2022

Around 8,000 Android and iOS apps rely on code provided by Pushwoosh to monitor user activity and send custom push notifications. According to a report by Reuters, Pushwoosh has made efforts to portray itself as a US-based company, obscuring the fact that the company operates out of Russia. Among the clients that included Pushwoosh’s code in their apps are the Centers for Disease Control and Prevention (CDC) and US Army. Both organizations have since removed this code from their apps, citing deception on the part of Pushwoosh and national security concerns. Mobile app developers often rely...

Google Blows Cover On Commercial Spyware Targeting Millions Of Samsung Phones

by Nathan Wasson - Fri, Nov 11, 2022

Google’s Project Zero team, which finds and analyzes zero-day security vulnerabilities, has revealed that an unnamed commercial surveillance company developed spyware that exploited three vulnerabilities specific to Samsung phones equipped with Exynos SoCs. Project Zero managed to obtain a sample of the exploit chain back in 2020 and reported the three vulnerabilities to Samsung. The phone maker then published patches for these vulnerabilities in March 2021. Samsung users should make sure their mobile devices are running SMR-(Samsung Mobile Security)-MAR-2021 or later to prevent a possibly...

Google Pixel Phones Are Vulnerable To An Easy Lock-Screen Bypass Hack, Update Now

by Chris Goetting - Fri, Nov 11, 2022

Google issues monthly security patches for its Pixel phones and to other Android devices via the Android Open Source Project. Each of these patches includes important fixes to protect end users from emerging threats or disclosed flaws. November’s security update is particularly important for Pixel owners as it addresses a relatively low-skill bypass of the user’s lock screen. Security researcher David Schütz stumbled upon the full lock screen bypass almost on accident. Over on his blog, he recounts how upon returning home after traveling he was faced with a dying-then-dead battery...

Cloud9 Botnet Employs Malicious Extensions To Take Control Of Browsers and Windows

by Nathan Wasson - Thu, Nov 10, 2022

Researchers at the cybersecurity firm Zimperium have discovered a botnet made up of web browsers infected by malware. The malware in question is known as Cloud9 and takes the form of browser extensions. When installed, these browser extensions take control of infected browsers to steal valuable information and perform DDoS attacks. The malware within these extensions is also capable of leveraging various vulnerabilities to escape the browser and infect the Windows operating system. Unlike other malicious browser extensions, the extensions containing the Cloud9 malware have never been available...

1 2 3 4 5 Next