Chile's Comisión para el Mercado Financiero (CMF) has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities. The CMF operates under the Ministry of Finance and is the regulator and inspector for banks and financial institutions in Chile. recently disclosed ProxyLogon vulnerabilities in their Microsoft Exchange servers to install web shells and attempt to steal credentials. READ MORE...
Chinese nation-state hackers have been linked to an attack on the Parliament of Finland that took place last year and led to the compromise of some parliament email accounts. "Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs," Parliament officials said at the time. The attack was detected by the Finnish Parliament's security team and is being investigated by the Finnish National Bureau of Investigation (NBI). READ MORE...
Two Polish government websites were hacked Wednesday and used briefly to spread false information about a non-existent radioactive threat, in what a Polish government official said had the hallmarks of a Russian cyberattack. The National Atomic Energy Agency and Health Ministry websites briefly carried claims of a supposed nuclear waste leak coming from neighboring Lithuania and threatening Poland. READ MORE...
Researchers said they've found a trojanized code library in the wild that attempts to install advanced surveillance malware on the Macs of iOS software developers. It came in the form of a malicious project the attacker wrote for Xcode, a developer tool that Apple makes freely available to developers writing apps for iOS or another Apple OS. The project was a copy of TabBarInteraction, a legitimate open source project that makes it easier for developers to animate iOS tab bars. READ MORE...
Attacks employing the TrickBot malware continue, leveraging phishing emails as the initial infection vector, the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) warn. In a joint advisory published on Wednesday, the two agencies revealed that a sophisticated group of cybercrime actors is leveraging a traffic infringement phishing scheme to lure victims into downloading the TrickBot malware. READ MORE...
The American Rescue Act is the latest zeitgeisty lure being circulated in an email campaign. Cybercriminals have wasted no time in hopping on the American Rescue Plan - the COVID-19 relief legislation just signed into law - as a lure for email-based scams. According to researchers at Cofense, a campaign began circulating in March that capitalized on Americans' interest in the forthcoming $1,400 relief payments and other aid. READ MORE...
Fake Huawei and Flash sites helped steal info about 5G tech. Security vendor McAfee has detected an attack it believes was likely aimed at telecoms companies in the hope of stealing information related to 5G networks. McAfee has named the attack "Operation Diànxùn" and says it resembles past attacks perpetrated by groups named RedDelta and Mustang Panda. Both groups have been associated with China by other security researchers. READ MORE...
A 22-year-old from Cyprus has received a sentence for pleading guilty to computer fraud conspiracy and computer fraud for allegedly hacking websites and extorting them for money, the Department of Justice announced Thursday. The Cypriot, Joshua Polloso Epifaniou, allegedly exploited security vulnerabilities to steal sensitive personal information from user and customer databases between October 2014 and November 2016, READ MORE...
If you sell Web-based software for a living and ship code that references an unregistered domain name, you are asking for trouble. But when the same mistake is made by a Fortune 500 company, the results can range from costly to disastrous. Here's the story of one such goof committed by Fiserv [NASDAQ:FISV], a $15 billion firm that provides online banking software and other technology solutions to thousands of financial institutions. READ MORE...