The first stop for security news | Threatpost

Ransomware Attacks are on the Rise

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

The first stop for security news | Threatpost

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

The first stop for security news | Threatpost

Firewall Bug Under Active Attack Triggers CISA Warning

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

The first stop for security news | Threatpost

Fake Reservation Links Prey on Weary Travelers

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

The first stop for security news | Threatpost

iPhone Users Urged to Update to Patch 2 Zero-Days

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

The first stop for security news | Threatpost

Google Patches Chrome’s Fifth Zero-Day of the Year

An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.

The first stop for security news | Threatpost

U.K. Water Supplier Hit with Clop Ransomware Attack

The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.

The first stop for security news | Threatpost

Xiaomi Phone Bug Allowed Payment Forgery

Mobile transactions could’ve been disabled, created and signed by attackers.

The first stop for security news | Threatpost

Black Hat and DEF CON Roundup

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.

The first stop for security news | Threatpost

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.

The first stop for security news | Threatpost

Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws

August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.

The first stop for security news | Threatpost

Phishers Swim Around 2FA in Coinbase Account Heists

Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds.

The first stop for security news | Threatpost

Open Redirect Flaw Snags Amex, Snapchat User Data

Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.

The first stop for security news | Threatpost

VMWare Urges Users to Patch Critical Authentication Bypass Bug

Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.

The first stop for security news | Threatpost

Universities Put Email Users at Cyber Risk

DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails.

The first stop for security news | Threatpost

Securing Your Move to the Hybrid Cloud

Infosec expert Rani Osnat lays out security challenges and offers hope for organizations migrating their IT stack to the private and public cloud environments.

The first stop for security news | Threatpost

Malicious Npm Packages Tapped Again to Target Discord Users

Recent LofyLife campaign steals tokens and infects client files to monitor various user actions, such as log-ins, password changes and payment methods.

The first stop for security news | Threatpost

Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office

Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.

The first stop for security news | Threatpost

IoT Botnets Fuels DDoS Attacks – Are You Prepared?

The increased proliferation of IoT devices paved the way for the rise of IoT botnets that amplifies DDoS attacks today. This is a dangerous warning that the possibility of a sophisticated DDoS attack and a prolonged service outage will prevent businesses from growing.

The first stop for security news | Threatpost

Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems

300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.

The first stop for security news | Threatpost

Authentication Risks Discovered in Okta Platform

Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction.

The first stop for security news | Threatpost

Google Boots Multiple Malware-laced Android Apps from Marketplace

Google removed eight Android apps, with 3M cumulative downloads, from its marketplace for being infected with a Joker spyware variant.

The first stop for security news | Threatpost

CISA Urges Patch of Exploited Windows 11 Bug by Aug. 2

Feds urge U.S. agencies to patch a Microsoft July Patch Tuesday 2022 bug that is being exploited in the wild by August 2.

The first stop for security news | Threatpost

Large-Scale Phishing Campaign Bypasses MFA

Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets.

The first stop for security news | Threatpost

‘Callback’ Phishing Campaign Impersonates Security Firms

Victims instructed to make a phone call that will direct them to a link for downloading malware.

The first stop for security news | Threatpost

Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

The first stop for security news | Threatpost

Latest Cyberattack Against Iran Part of Ongoing Campaign

Iran's steel manufacturing industry is victim to ongoing cyberattacks that previously impacted the country's rail system.

The first stop for security news | Threatpost

Google Patches Actively Exploited Chrome Bug

The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.

The first stop for security news | Threatpost

ZuoRAT Can Take Over Widely Used SOHO Routers

Devices from Cisco, Netgear and others at risk from the multi-stage malware, which has been active since April 2020 and shows the work of a sophisticated threat actor.

The first stop for security news | Threatpost

Leaky Access Tokens Exposed Amazon Photos of Users

Hackers with Amazon users’ authentication tokens could’ve stolen or encrypted personal photos and documents.

The first stop for security news | Threatpost

Patchable and Preventable Security Issues Lead Causes of Q1 Attacks

Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.

The first stop for security news | Threatpost

Mitel VoIP Bug Exploited in Ransomware Attacks

Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.

The first stop for security news | Threatpost

‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade

Cyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad.

The first stop for security news | Threatpost

Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data

CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.

The first stop for security news | Threatpost

Google Warns Spyware Being Deployed Against Android, iOS Users

The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.

The first stop for security news | Threatpost

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

The first stop for security news | Threatpost

Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture

Culture of ‘insecure-by-design’ security is cited in discovery of bug-riddled operational technology devices.

The first stop for security news | Threatpost

Kazakh Govt. Used Spyware Against Protesters

Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders.

The first stop for security news | Threatpost

China-linked APT Flew Under Radar for Decade

Evidence suggests that a just-discovered APT has been active since 2013.

The first stop for security news | Threatpost

U.S. Water Utilities Prime Cyberattack Target, Experts

Environmentalists and policymakers warn water treatment plants are ripe for attack.

The first stop for security news | Threatpost

Follina Exploited by State-Sponsored Hackers

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

The first stop for security news | Threatpost

Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw

The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.