Activity dubbed ‘Raspberry Robin’ uses Microsoft Standard Installer and other legitimate processes to communicate with threat actors and execute nefarious commands.

The first stop for security news | Threatpost

Podcast: The State of the Secret Sprawl

By Jeffrey Esposito — May 9^th 2022 at 10:43

In this podcast with Mackenzie Jackson, developer advocate at GitGuardian, we dive into the report and also the issues that corporations face with public leaks from groups like Lapsus and more, as well as ways that developers can keep their code safe.

The first stop for security news | Threatpost

FBI: Rise in Business Email-based Attacks is a $43B Headache

By Sagar Tiwari — May 9^th 2022 at 17:23

A huge spike in fraudulent activities related to attacks leveraging business email accounts is a billion-dollar-problem.

The first stop for security news | Threatpost

Low-rent RAT Worries Researchers

By Nate Nelson — May 10^th 2022 at 00:24

Researchers say a hacker is selling access to quality malware for chump change.

The first stop for security news | Threatpost

Conti Ransomware Attack Spurs State of Emergency in Costa Rica

By Elizabeth Montalbano — May 10^th 2022 at 11:54

The threat group has leaked data that it claims was stolen in the breach and is promising more government-targeted attacks.

The first stop for security news | Threatpost

Hackers Actively Exploit F5 BIG-IP Bug

By Threatpost — May 10^th 2022 at 12:35

The bug has a severe rating of 9.8, public exploits are released.

The first stop for security news | Threatpost

Ransomware Deals Deathblow to 157-year-old College

By Nate Nelson — May 11^th 2022 at 11:02

Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.

The first stop for security news | Threatpost

Actively Exploited Zero-Day Bug Patched by Microsoft

By Elizabeth Montalbano — May 11^th 2022 at 11:12

Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.

The first stop for security news | Threatpost

Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

By Nate Nelson — May 11^th 2022 at 12:13

A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.

The first stop for security news | Threatpost

Intel Memory Bug Poses Risk for Hundreds of Products

By Sagar Tiwari — May 11^th 2022 at 12:27

Dell and HP were among the first to release patches and fixes for the bug.

The first stop for security news | Threatpost

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

By Elizabeth Montalbano — May 12^th 2022 at 10:45

The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.

The first stop for security news | Threatpost

You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius

By Tony Lauro — May 12^th 2022 at 11:57

Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.

The first stop for security news | Threatpost

Malware Builder Leverages Discord Webhooks

By Nate Nelson — May 12^th 2022 at 13:01

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

The first stop for security news | Threatpost

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

By Elizabeth Montalbano — May 13^th 2022 at 12:06

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.

The first stop for security news | Threatpost

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

By Sagar Tiwari — May 16^th 2022 at 11:46

Microsoft's May Patch Tuesday update is triggering authentication errors.

The first stop for security news | Threatpost

iPhones Vulnerable to Attack Even When Turned Off

By Elizabeth Montalbano — May 17^th 2022 at 13:19

Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.

The first stop for security news | Threatpost

Sysrv-K Botnet Targets Windows, Linux

By Sagar Tiwari — May 17^th 2022 at 13:53

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.

The first stop for security news | Threatpost

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

By Sagar Tiwari — May 18^th 2022 at 13:54

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

The first stop for security news | Threatpost

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

By Elizabeth Montalbano — May 18^th 2022 at 14:01

Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.

The first stop for security news | Threatpost

DOJ Says Doctor is Malware Mastermind

By Nate Nelson — May 18^th 2022 at 14:36

The U.S. Department of Justice indicts middle-aged doctor, accusing him of being a malware mastermind.

The first stop for security news | Threatpost

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

By Elizabeth Montalbano — May 19^th 2022 at 13:03

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

The first stop for security news | Threatpost

380K Kubernetes API Servers Exposed to Public Internet

By Elizabeth Montalbano — May 20^th 2022 at 11:11

More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.

The first stop for security news | Threatpost

Closing the Gap Between Application Security and Observability

By Threatpost — May 20^th 2022 at 12:42

Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. 

The first stop for security news | Threatpost

Snake Keylogger Spreads Through Malicious PDFs

By Elizabeth Montalbano — May 23^rd 2022 at 12:07

Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.

The first stop for security news | Threatpost

Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches

By Threatpost — May 23^rd 2022 at 12:47

Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.

The first stop for security news | Threatpost

Fronton IOT Botnet Packs Disinformation Punch

By Sagar Tiwari — May 24^th 2022 at 13:59

Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.

The first stop for security news | Threatpost

Verizon Report: Ransomware, Human Error Among Top Security Risks

By Elizabeth Montalbano — May 25^th 2022 at 12:45

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.

The first stop for security news | Threatpost

Zoom Patches ‘Zero-Click’ RCE Bug

By Sagar Tiwari — May 25^th 2022 at 13:02

The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.

The first stop for security news | Threatpost

Link Found Connecting Chaos, Onyx and Yashma Ransomware

By Nate Nelson — May 25^th 2022 at 13:18

A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.

The first stop for security news | Threatpost

Cybergang Claims REvil is Back, Executes DDoS Attacks

By Elizabeth Montalbano — May 26^th 2022 at 10:30

Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.

The first stop for security news | Threatpost

Critical Flaws in Popular ICS Platform Can Trigger RCE

By Elizabeth Montalbano — May 27^th 2022 at 10:32

Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.

The first stop for security news | Threatpost

Zero-Day ‘Follina’ Bug Lays Microsoft Office Open to Attack

By Sagar Tiwari — May 30^th 2022 at 14:53

Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.

The first stop for security news | Threatpost

ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats

By Elizabeth Montalbano — May 31^st 2022 at 11:38

The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.

The first stop for security news | Threatpost

EnemyBot Malware Targets Web Servers, CMS Tools and Android OS

By Sagar Tiwari — May 31^st 2022 at 12:24

Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.

The first stop for security news | Threatpost

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

By Elizabeth Montalbano — June 1^st 2022 at 10:38

Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.

The first stop for security news | Threatpost

Being Prepared for Adversarial Attacks – Podcast

By Jeffrey Esposito — June 2^nd 2022 at 10:20

There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s […]

The first stop for security news | Threatpost

International Authorities Take Down Flubot Malware Network

By Elizabeth Montalbano — June 2^nd 2022 at 11:18

The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.

The first stop for security news | Threatpost

Scammers Target NFT Discord Channel

By Sagar Tiwari — June 2^nd 2022 at 11:44

Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.

The first stop for security news | Threatpost

Cybercriminals Expand Attack Radius and Ransomware Pain Points

By Threatpost — June 2^nd 2022 at 13:08

Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of "triple extortion" ransomware attacks.

The first stop for security news | Threatpost

Evil Corp Pivots LockBit to Dodge U.S. Sanctions

By Elizabeth Montalbano — June 3^rd 2022 at 12:42

The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity.

The first stop for security news | Threatpost

Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again

By Nate Nelson — June 3^rd 2022 at 13:46

Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.'

The first stop for security news | Threatpost

Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw

By Elizabeth Montalbano — June 7^th 2022 at 11:21

The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.

The first stop for security news | Threatpost

Follina Exploited by State-Sponsored Hackers

By Nate Nelson — June 7^th 2022 at 12:45

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

The first stop for security news | Threatpost

Conducting Modern Insider Risk Investigations

By Sponsored Content — June 7^th 2022 at 12:45

Insider Risk Management requires a different approach than to those from external threats. IRM is unique from other domains of security in that the data sources which serve as inputs are as often people as they are tools. Shifting the analyst‘s mindset when handling risks presented by insiders requires us to move through the stages of inquiry, investigation, and determining outcomes.

The first stop for security news | Threatpost

Cyber Risk Retainers: Not Another Insurance Policy

By Matt Dunn — June 7^th 2022 at 13:25

The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk.

The first stop for security news | Threatpost

Black Basta Ransomware Teams Up with Malware Stalwart Qbot

By Elizabeth Montalbano — June 8^th 2022 at 11:17

The novel cybercriminal group tapped the ever-evolving info-stealing trojan to move laterally on a network in a recent attack, researchers have found.

The first stop for security news | Threatpost

Paying Ransomware Paints Bigger Bullseye on Target’s Back

By Nate Nelson — June 8^th 2022 at 13:05

Ransomware attackers often strike targets twice, regardless of whether the ransom was paid.

The first stop for security news | Threatpost

Taming the Digital Asset Tsunami

By Rob N. Gurzeev — June 8^th 2022 at 13:36

Rob Gurzeev, CEO and Co-Founder of CyCognito, explores external attack surface soft spots tied to an ever-expanding number of digital assets companies too often struggle to keep track of and manage effectively.

The first stop for security news | Threatpost

Feds Forced Travel Firms to Share Surveillance Data on Hacker

By Elizabeth Montalbano — June 9^th 2022 at 17:44

Sabre and Travelport had to report the weekly activities of former “Cardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.

The first stop for security news | Threatpost

Potent Emotet Variant Spreads Via Stolen Email Credentials

By Elizabeth Montalbano — June 10^th 2022 at 11:02

The dangerous malware appears to be well and truly back in action, sporting new variants and security-dodging behaviors in a wave of recent phishing campaigns.

The first stop for security news | Threatpost

U.S. Water Utilities Prime Cyberattack Target, Experts

By Nate Nelson — June 10^th 2022 at 13:27

Environmentalists and policymakers warn water treatment plants are ripe for attack.

The first stop for security news | Threatpost

Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

By Sagar Tiwari — June 13^th 2022 at 12:36

Researchers demonstrated a possible way to track individuals via Bluetooth signals.

The first stop for security news | Threatpost

Linux Malware Deemed ‘Nearly Impossible’ to Detect

By Elizabeth Montalbano — June 14^th 2022 at 10:55

Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access.

The first stop for security news | Threatpost

Kaiser Permanente Exposes Nearly 70K Medical Records in Data Breach

By Elizabeth Montalbano — June 14^th 2022 at 11:08

Attackers gained access to private account details through an email compromise incident that occurred in April.