Items tagged with cybersecurity
The CEO of the password manager LastPass, Karim Toubba, has published a blog post on the company’s website disclosing a recent security breach. According to the blog post, this incident affected both LastPass and its affiliate company GoTo, with a similar blog post appearing on the GoTo website. With the help of the...
Read more...
The proliferation of “smart” devices within the home has raised privacy concerns as it has become more apparent that the companies selling these devices often have access to data and media collected by the devices. Eufy, a sub-brand of the popular Chinese electronics manufacturer Anker Innovations, tries to capitalize...
Read more...
TikTok’s meteoric rise is due, in part, to viral challenges that spread on the social media platform. Some of these challenges are not only dumb, but down right dangerous. One of the more recent challenges revolves around a TikTok filter that masks people’s bodies with a blur of color intended to match the background...
Read more...
The holiday season at the end of the year is a busy time for online shoppers, between taking advantage of the best Black Friday and Cyber Monday deals and ordering gifts for friends and family. Sadly, threat actors have no qualms with taking advantage of the high volume of packages in transit during this time to...
Read more...
Researchers at the cybersecurity firm ESET have discovered an active Android malware campaign that began in January 2022. The campaign in question distributes spyware injected into legitimate VPN apps. The researchers have tied this campaign to an advanced persistent threat (APT) group known as “Bahamut.”
Bahamut...
Read more...
This week, the United States Department of Justice (DOJ) announced the seizure of seven domain names that cybercriminals used to carry out a cryptocurrency scam. The scam in question is known as a “pig butchering” scheme, as the scammers metaphorically led their victims to the slaughter. In these sorts of schemes, the...
Read more...
Three days ago, users of the sports betting service DraftKings began reporting that their accounts had been hacked. In cases in which the hacked accounts contained funds, users reported the hackers attempting to withdraw their funds to newly added bank cards. Yesterday, DraftKings acknowledged these reports publicly...
Read more...
Researchers at the cybersecurity company Cyble have published a technical analysis of a new ransomware known as “AXLocker.” Aside from the regular data encryption performed by ransomware, AXLocker also searches victims’ systems for Discord login tokens, then hands these tokens over to the threat actor behind the...
Read more...
Two weeks ago, the Biden administration convened the second International Counter Ransomware Summit, warning that ransomware attacks are outpacing efforts to mitigate them. Now, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and...
Read more...
Almost a year ago exactly, DuckDuckGo introduced a new App Tracking Protection feature for its Android browser app as part of the company’s plan to build an all-in-one privacy app that extends beyond just web browsing and search results. DuckDuckGo initially launched this new feature in closed beta, but, as of...
Read more...
The cybersecurity firm Cyjax has published a new report detailing an ongoing phishing campaign that has made use of over 42,000 domains going back to 2017. The campaign targets WhatsApp users with surveys promising rewards from major international brands, such as McDonald’s and Coca-Cola. Cyjax researchers have...
Read more...
Around 8,000 Android and iOS apps rely on code provided by Pushwoosh to monitor user activity and send custom push notifications. According to a report by Reuters, Pushwoosh has made efforts to portray itself as a US-based company, obscuring the fact that the company operates out of Russia. Among the clients that...
Read more...
Google’s Project Zero team, which finds and analyzes zero-day security vulnerabilities, has revealed that an unnamed commercial surveillance company developed spyware that exploited three vulnerabilities specific to Samsung phones equipped with Exynos SoCs. Project Zero managed to obtain a sample of the exploit chain...
Read more...
It seems like every other day there's a news story telling you to be afraid of this or that commonplace thing, right? Well relax, because this isn't one of those stories, exactly. No one's infecting your computer when you view a PNG image. However, executable code hidden in PNG images is a key part of this story.
ESET are the ones who located
Read more...
Researchers at the cybersecurity firm Zimperium have discovered a botnet made up of web browsers infected by malware. The malware in question is known as Cloud9 and takes the form of browser extensions. When installed, these browser extensions take control of infected browsers to steal valuable information and perform...
Read more...
Two iOS developers used a jailbroken iPhone to decrypt and analyze network traffic between the device and Apple. What the developers found is that many of Apple’s own apps frequently send detailed user behavior data along with unique device identifiers back to Apple even when analytics sharing, personalized ads, and...
Read more...
On Monday, the US Department of Justice (DOJ) revealed that Internal Revenue Service – Criminal Investigation (IRS-CI) Special Agents raided James Zhong’s house in Gainesville, Georgia back in November 2021. The raid, which was authorized by a search warrant, resulted in the seizure of 50,676 Bitcoin. After...
Read more...
Earlier this year, threat researchers at the cybersecurity company IronNet discovered a phishing-as-a-service (PhaaS) platform known as Robin Banks. While the name may be humorous, the platform itself is no laughing matter, as it serves to aid cybercriminals in stealing innocent users’ banking credentials. After...
Read more...
Threat researchers at the cybersecurity firm Proofpoint have discovered an extensive malware campaign targeting readers of online news outlets. A threat actor tracked as TA569, also known as SocGholish, has managed to compromise the infrastructure of a media company that serves content to a large number of news...
Read more...
Yesterday, the cloud storage provider Dropbox disclosed a recent phishing attack targeting the company’s employees that resulted in unauthorized access to 130 of its GitHub repositories. Fortunately, the incident didn’t escalate to a breach affecting any users’ Dropbox content, passwords, or payment information...
Read more...
A Reddit user looking download and install the free image editor GIMP has discovered a devious malware campaign using contextual Google search ads to trick unsuspecting users into installing the RedLine stealer malware. The user who uncovered and reported this campaign almost fell prey to it himself, until Windows...
Read more...
Today and tomorrow, the White House is convening the second International Counter Ransomware Summit with representatives from over thirty countries and fifteen cybersecurity companies in attendance. This event comes after last year’s first ever summit of the same name, which was held virtually. Leading up to this...
Read more...
