Items tagged with cybersecurity

We wrote last week about research showing that Meta takes advantage of the in-app browser feature on mobile devices to inject JavaScript into web pages viewed in the Facebook, Instagram, and Messenger mobile apps. Now that same researcher has found that the TikTok in-app browser injects JavaScript which functions... Read more...
Threat intelligence firm Recorded Future has published a report concerning a long-term credential theft campaign targeting humanitarian, think tank, and government organizations. A hacking group known as RedAlpha is carrying out this ongoing campaign, and is known to have been active as far back as 2015. However, it... Read more...
An Android Banking Trojan with an already extensive toolkit recently gained a ransomware module. While banking malware is an all too prevalent a threat for mobile devices, ransomware isn’t a technique commonly deployed against mobile devices, making this particular piece of malware notable. Banking trojans come in the... Read more...
Facebook’s collection and sale of user data for advertising purposes took a huge hit when Apple introduced its App Tracking Transparency (ATT) feature, with Facebook projecting that it will lose out on $10 billion in revenue this year. However, it appears that Meta, Facebook’s parent company, may still have some... Read more...
Cloudflare says that it was hit by the same smishing (sms phishing) attack that recently resulted in a user data breach at Twilio. However, unlike Twilio, Cloudflare managed to prevent the attack from escalating to a data breach thanks to its strong security measures. While the attackers managed to steal login... Read more...
Microsoft has finally released a security update that addresses a zero-day vulnerability that went unpatched for more than two years. The vulnerability, known as DogWalk, appears in the national vulnerability index as CVE-2022-34713. Microsoft has assigned the vulnerability a high severity rating of 7.8. The company’s... Read more...
If we’ve learned anything from reporting on phishing attacks, it’s that no company, organization, or institution is immune from becoming the victim of one. Even the US Department of Defense recently fell victim to a $23.5 million phishing scam. If anything, larger organizations simply make for larger and more... Read more...
The US Government’s Cybersecurity and Infrastructure Security Agency (CISA) maintains a list of exploited vulnerabilities and releases notices urging organizations, particularly government agencies and contractors, to patch said vulnerabilities. However, CISA isn’t the only one looking out for US infrastructure. Ken... Read more...
Malware campaigns employ different techniques to smuggle malicious software onto computing devices without the notice of users or anti-virus systems. Threat actors who develop and distribute malware frequently rely on various forms of mimicry to take advantage of users’ trust in legitimate websites, services, and... Read more...
In May of last year, Colonial Pipeline was struck by a ransomware attack, prompting the Colonial Pipeline Company to take certain systems offline in an attempt to contain the attack. As a result, all pipeline operations were temporarily halted, shutting off the flow of fuel to the eastern seaboard. Shortly thereafter... Read more...
Google is engaged in a never ending game of cat and mouse with threat actors on its Play Store who employ different techniques to sneak malware-ridden apps onto the app store. We fairly regularly write about newly discovered batches of malicious apps that went unrecognized as such long enough to infect hundreds of... Read more...
Ransomware can be both disruptive and costly for its victims. A recent report found that the total downtime resulting from ransomware attacks in 2021 cost schools a whopping $3.56 billion. The sudden encryption of data on computer systems critical to an organization’s regular operations presents a major problem when... Read more...
While malware and phishing are two different kinds of cyberattacks, threat actors sometimes use both methods in malicious campaigns. A threat actor known as Roaming Mantis appears to be doing exactly that in a new campaign documented by researchers at the cybersecurity firm SEKOIA. Roaming Mantis has previously... Read more...
We cover both ransomware and Elden Ring fairly regularly here at HotHardware, but it’s a sad day when those two things meet. The ransomware attacks that often receive the most coverage are those that disrupt major supply lines and infrastructure, raising national security concerns. However, ransomware gangs carry out... Read more...
Phishing attacks employ various methods to trick users into handing over sensitive information, such as login credentials. Over time, as users have become more suspicious and email clients, web browsers, and IT departments have implemented anti-phishing measures, scammers have had to get creative and devise more... Read more...
Earlier this year, we wrote about a vulnerability in Honda’s remote keyless entry (RKE) system that hackers could exploit to lock, unlock, and start certain Honda and Acura vehicles. This particular vulnerability was the result of Honda using fixed codes in its RKE system. Many Honda and Acura key fobs send the same... Read more...
Last year, a hacker who goes by the name “pompompurin” managed to breach a Federal Bureau of Investigation (FBI) web portal and send out thousands of hoax emails from an official FBI email address. Just a couple weeks prior, pompompurin gained unauthorized access to the internal network of the stock trading app... Read more...
Last week, we wrote about spyware that researchers gave the name “Hermit” and attributed to the Italian spyware vendor RCS Labs. Hermit falls within the same class of spyware as NSO Group’s Pegasus spyware, which infected at least nine phones belonging to US State Department employees. This sort of spyware is usually... Read more...
Last month, a ransomware gang known as ALPHV struck The Allison Inn & Spa, stealing employee and customer data. ALPHV then published this information to the open web, where it could be indexed by search engines and viewed without the use of the Tor network. While the website that presented the data for download wasn’t... Read more...
Earlier this year, multiple US law enforcement agencies completed a joint operation with authorities from the United Kingdom, Europol, Portugal, Germany, Sweden, and Romania. This coordinated police action, dubbed Operation TOURNIQUET, culminated in the seizure of the RaidForums domain names, as well as the arrest of... Read more...
Last month, we wrote about malicious Android apps containing a trojan that researchers have dubbed “SMSFactory.” This bit of malware exists to infect Android phones and conduct SMS billing fraud. SMSFactory uses SMS and phone permissions to regularly send premium text messages and make calls to premium numbers... Read more...
Shortly after Russia invaded Ukraine near the beginning of this year, some prominent hacking groups announced that they would be joining the war within the digital realm. The hacking collective Anonymous declared cyberwar against the Russian government and has since been conducting cyberattacks on Russian and... Read more...
First ... Prev 2 3 4 5 6 Next