The first stop for security news | Threatpost

Attackers Use Event Logs to Hide Fileless Malware

By Nate Nelson — May 4^th 2022 at 13:24

A sophisticated campaign utilizes a novel anti-detection method.

The first stop for security news | Threatpost

China-linked APT Caught Pilfering Treasure Trove of IP

By Nate Nelson — May 4^th 2022 at 17:32

A state-sponsored threat actor designed a house-of-cards style infection chain to exfiltrate massive troves of highly sensitive data.

The first stop for security news | Threatpost

VHD Ransomware Linked to North Korea’s Lazarus Group

By Elizabeth Montalbano — May 5^th 2022 at 12:20

Source code and Bitcoin transactions point to the malware, which emerged in March 2020, being the work of APT38, researchers at Trellix said.

The first stop for security news | Threatpost

USB-based Wormable Malware Targets Windows Installer

By Elizabeth Montalbano — May 6^th 2022 at 11:10

Activity dubbed ‘Raspberry Robin’ uses Microsoft Standard Installer and other legitimate processes to communicate with threat actors and execute nefarious commands.

The first stop for security news | Threatpost

FBI: Rise in Business Email-based Attacks is a $43B Headache

By Sagar Tiwari — May 9^th 2022 at 17:23

A huge spike in fraudulent activities related to attacks leveraging business email accounts is a billion-dollar-problem.

The first stop for security news | Threatpost

Hackers Actively Exploit F5 BIG-IP Bug

By Threatpost — May 10^th 2022 at 12:35

The bug has a severe rating of 9.8, public exploits are released.

The first stop for security news | Threatpost

Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

By Nate Nelson — May 11^th 2022 at 12:13

A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.

The first stop for security news | Threatpost

Malware Builder Leverages Discord Webhooks

By Nate Nelson — May 12^th 2022 at 13:01

Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.

The first stop for security news | Threatpost

Sysrv-K Botnet Targets Windows, Linux

By Sagar Tiwari — May 17^th 2022 at 13:53

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.

The first stop for security news | Threatpost

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

By Elizabeth Montalbano — May 18^th 2022 at 14:01

Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.

The first stop for security news | Threatpost

Cybergang Claims REvil is Back, Executes DDoS Attacks

By Elizabeth Montalbano — May 26^th 2022 at 10:30

Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.

DuckDuckGo Isn’t as Private as You Think

By Andy Greenberg — May 28^th 2022 at 13:00

Plus: A $150 million Twitter fine, a massive leak from a Chinese prison in Xinjiang, and an ISIS plot to assassinate George W. Bush.

Threatpost | The first stop for security news

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

By Elizabeth Montalbano — June 1^st 2022 at 10:38

Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.

The first stop for security news | Threatpost

Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack

By Elizabeth Montalbano — June 1^st 2022 at 10:38

Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.

Threatpost | The first stop for security news

Scammers Target NFT Discord Channel

By Sagar Tiwari — June 2^nd 2022 at 11:44

Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.

The first stop for security news | Threatpost

Scammers Target NFT Discord Channel

By Sagar Tiwari — June 2^nd 2022 at 11:44

Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.

Threatpost | The first stop for security news

Evil Corp Pivots LockBit to Dodge U.S. Sanctions

By Elizabeth Montalbano — June 3^rd 2022 at 12:42

The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity.

The first stop for security news | Threatpost

Evil Corp Pivots LockBit to Dodge U.S. Sanctions

By Elizabeth Montalbano — June 3^rd 2022 at 12:42

The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity.

Threatpost | The first stop for security news

Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again

By Nate Nelson — June 3^rd 2022 at 13:46

Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.'

The first stop for security news | Threatpost

Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again

By Nate Nelson — June 3^rd 2022 at 13:46

Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.'

An Actively Exploited Microsoft Zero-Day Flaw Still Has No Patch

By Lily Hay Newman — June 3^rd 2022 at 14:14

The company continues to downplay the severity of the Follina vulnerability, which remains present in all supported versions of Windows.

Google May Owe You a Chunk of $100 Million

By Andrew Couts — June 4^th 2022 at 13:00

Plus: The US admits to cyber operations supporting Ukraine, SCOTUS investigates its own, and a Michael Flynn surveillance mystery is solved.

The Hacker Gold Rush That's Poised to Eclipse Ransomware

By Lily Hay Newman — June 5^th 2022 at 11:00

As governments crack down on ransomware, cybercriminals may soon shift to business email compromise—already the world's most profitable type of scam.

AlphaBay Is Taking Over the Dark Web—Again

By Andy Greenberg — June 6^th 2022 at 13:46

Five years after it was torn offline, the resurrected dark web marketplace is clawing its way back to the top of the online underworld.

Threatpost | The first stop for security news

Follina Exploited by State-Sponsored Hackers

By Nate Nelson — June 7^th 2022 at 12:45

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

The first stop for security news | Threatpost

Follina Exploited by State-Sponsored Hackers

By Nate Nelson — June 7^th 2022 at 12:45

A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.

A Long-Awaited Defense Against Data Leaks May Have Just Arrived

By Lily Hay Newman — June 7^th 2022 at 13:00

MongoDB claims its new “Queryable Encryption” lets users search their databases while sensitive data stays encrypted. Oh, and its cryptography is open source.

Hackers Can Steal Your Tesla by Creating Their Own Personal Keys

By Dan Goodin, Ars Technica — June 9^th 2022 at 20:20

A researcher found that a recent update lets anyone enroll their own key during the 130-second interval after the car is unlocked with an NFC card.

Conti's Attack Against Costa Rica Sparks a New Ransomware Era

By Matt Burgess — June 12^th 2022 at 11:00

A pair of ransomware attacks crippled parts of the country—and rewrote the rules of cybercrime.

Threatpost | The first stop for security news

Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

By Sagar Tiwari — June 13^th 2022 at 12:36

Researchers demonstrated a possible way to track individuals via Bluetooth signals.

The first stop for security news | Threatpost

Bluetooth Signals Can Be Used to Track Smartphones, Say Researchers

By Sagar Tiwari — June 13^th 2022 at 12:36

Researchers demonstrated a possible way to track individuals via Bluetooth signals.

Russia Is Taking Over Ukraine’s Internet

By Matt Burgess — June 15^th 2022 at 11:00

In occupied Ukraine, people’s internet is being routed to Russia—and subjected to its powerful censorship and surveillance machine.

Threatpost | The first stop for security news

Travel-related Cybercrime Takes Off as Industry Rebounds

By Sagar Tiwari — June 15^th 2022 at 13:37

Upsurge in the tourism industry after the COVID-19 pandemic grabs the attention of cybercriminals to scam the tourists.

Threatpost | The first stop for security news

DragonForce Gang Unleash Hacks Against Govt. of India

By Nate Nelson — June 15^th 2022 at 13:59

In response to a comment about the Prophet Mohammed, a hacktivist group in Malaysia has unleashed a wave of cyber attacks in India.

The first stop for security news | Threatpost

Travel-related Cybercrime Takes Off as Industry Rebounds

By Sagar Tiwari — June 15^th 2022 at 13:37

Upsurge in the tourism industry after the COVID-19 pandemic grabs the attention of cybercriminals to scam the tourists.

The first stop for security news | Threatpost

DragonForce Gang Unleash Hacks Against Govt. of India

By Nate Nelson — June 15^th 2022 at 13:59

In response to a comment about the Prophet Mohammed, a hacktivist group in Malaysia has unleashed a wave of cyber attacks in India.

Threatpost | The first stop for security news

Facebook Messenger Scam Duped Millions

By Nate Nelson — June 16^th 2022 at 10:59

One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.

The first stop for security news | Threatpost

Facebook Messenger Scam Duped Millions

By Nate Nelson — June 16^th 2022 at 10:59

One well crafted phishing message sent via Facebook Messenger ensnared 10 million Facebook users and counting.

Police Linked to Hacking Campaign to Frame Indian Activists

By Andy Greenberg — June 16^th 2022 at 11:00

New details connect police in India to a plot to plant evidence on victims' computers that led to their arrest.

Here’s Why You’re Still Stuck in Robocall Hell

By Lily Hay Newman — June 17^th 2022 at 11:00

Despite major progress fighting spam and scams, the roots of the problem go far deeper than your phone company’s defenses.

An Alleged Russian Spy Was Busted Trying to Intern at The Hague

By Matt Burgess — June 18^th 2022 at 13:00

Plus: Firefox adds new privacy protections, a big Intel and AMD chip flaw, and more of the week’s top security news.

The Ghost of Internet Explorer Will Haunt the Web for Years

By Lily Hay Newman — June 20^th 2022 at 11:00

Microsoft's legacy browser may be dead—but its remnants are not going anywhere, and neither are its lingering security risks.

Threatpost | The first stop for security news

Voicemail Scam Steals Microsoft Credentials

By Elizabeth Montalbano — June 21^st 2022 at 11:20

Attackers are targeting a number of key vertical markets in the U.S. with the active campaign, which impersonates the organization and Microsoft to lift Office365 and Outlook log-in details.

Threatpost | The first stop for security news

Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack

By Sagar Tiwari — June 21^st 2022 at 12:34

A reported a "potentially dangerous piece of functionality" allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive.

The first stop for security news | Threatpost

Voicemail Scam Steals Microsoft Credentials

By Elizabeth Montalbano — June 21^st 2022 at 11:20

Attackers are targeting a number of key vertical markets in the U.S. with the active campaign, which impersonates the organization and Microsoft to lift Office365 and Outlook log-in details.

The first stop for security news | Threatpost

Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack

By Sagar Tiwari — June 21^st 2022 at 12:34

A reported a "potentially dangerous piece of functionality" allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive.

Threatpost | The first stop for security news

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

By Elizabeth Montalbano — June 23^rd 2022 at 12:21

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

The first stop for security news | Threatpost

Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug

By Elizabeth Montalbano — June 23^rd 2022 at 12:21

The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.

Google Warns of New Spyware Targeting iOS and Android Users

By Lily Hay Newman — June 23^rd 2022 at 17:30

The spyware has been used to target people in Italy, Kazakhstan, and Syria, researchers at Google and Lookout have found.

The Post-Roe Privacy Nightmare Has Arrived

By Andrew Couts — June 25^th 2022 at 13:00

Plus: Microsoft details Russia’s Ukraine hacking campaign, Meta’s election integrity efforts dwindle, and more.

Threatpost | The first stop for security news

‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade

By Elizabeth Montalbano — June 28^th 2022 at 12:17

Cyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad.

The first stop for security news | Threatpost

‘Killnet’ Adversary Pummels Lithuania with DDoS Attacks Over Blockade

By Elizabeth Montalbano — June 28^th 2022 at 12:17

Cyber collective Killnet claims it won’t let up until the Baltic country opens trade routes to and from the Russian exclave of Kaliningrad.

You Need to Update Windows and Chrome Right Now

By Kate O'Flaherty — June 30^th 2022 at 11:00

Plus: Google issues fixes for Android bugs. And Cisco, Citrix, SAP, WordPress, and more issue major patches for enterprise systems.

A New, Remarkably Sophisticated Malware Is Attacking Routers

By Dan Goodin, Ars Technica — June 30^th 2022 at 13:00

Researchers say the remote-access Trojan ZuoRAT is likely the work of a nation-state and has infected at least 80 different targets.

The Worst Hacks and Breaches of 2022 So Far

By Lily Hay Newman — July 4^th 2022 at 11:00

From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year’s first half.

How to Avoid the Worst Instagram Scams

By Matt Burgess — July 6^th 2022 at 11:00

Fake sellers. Competitions. Crypto cons. There are plenty of grifts on the platform, but you don’t have to get sucked in.

Apple’s Lockdown Mode Aims to Counter Spyware Threats

By Lily Hay Newman — July 6^th 2022 at 17:04

Starting with iOS 16, people who are at risk of being targeted with spyware will have some much-needed help.

Threatpost | The first stop for security news

Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol

By Nate Nelson — July 7^th 2022 at 11:31

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

The first stop for security news | Threatpost

Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol

By Nate Nelson — July 7^th 2022 at 11:31

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

Will These Algorithms Save You From Quantum Threats?

By Amit Katwala — July 8^th 2022 at 15:10

Quantum-proof encryption is here—decades before it can be put to the test.