A leaked database also contains the nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers. A breach of Swarmshop, an online hub for selling stolen personal and payment records, has led to the exposure of more than 600,000 payment card numbers and nearly 70,000 sets of US Social Security numbers and Canadian Social Insurance numbers, Group-IB researchers report. READ MORE...
A newly discovered cryptomining worm is stepping up its targeting of Windows and Linux devices with a batch of new exploits and capabilities. Research company Juniper started monitoring what it's calling the Sysrv botnet in December. One of the botnet's malware components was a worm that spread from one vulnerable device to another without requiring any user action. It did this by scanning the Internet for vulnerable devices and, when found, infecting them using a list of exploits. READ MORE...
Belden has disclosed that additional data was accessed and copied during their November 2020 cyberattack related to employees' healthcare benefits and family members covered under their plan. Belden is a US-based manufacturer of network connectivity devices, including routers, firewalls, switches, cabling, and connectors. Belden generated $2.5 billion in revenue for 2019 and employs approximately 9,000 people. READ MORE...
Google Chrome is now blocking HTTP, HTTPS, and FTP access to TCP port 10080 to prevent the ports from being abused in NAT Slipstreaming 2.0 attacks. Last year, security researcher Samy Kamkar disclosed a new version of the NAT Slipstreaming vulnerability that allows scripts on malicious websites to bypass visitors' NAT firewall and gain access to any TCP/UDP port on the visitor's internal network. Using these vulnerabilities, threat actors can perform a wide range of attacks. READ MORE...
Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco's Talos division report. With the COVID-19 pandemic forcing many organizations to switch to telework, interactive communication platforms such as Discord and Slack saw increased adoption and adversaries didn't wait long to start abusing these tools. READ MORE...
Cybercriminals are encouraging users to send the "offers" via WhatsApp to their friends as well. Malicious Android apps disguised as TikTok and offers for free Lenovo laptops are being used in ad-stuffing attacks underway against devices on the Jio telecom network in India, security researchers warn. Researchers from Zscaler report this threat actor has been operating various phishing scams since March 2020, all using recent headlines as lures. READ MORE...
Over the course of the next 20 years, nation-states will see a rise in targeted offensive cyber-operations and disinformation in an increasingly "volatile and confrontational" global security landscape, according to a new U.S. intelligence assessment. The U.S. intelligence community's Global Trends report, issued on Thursday, notes many of theses offensive cyber-operations will likely target civilian and military infrastructure. READ MORE...
A company whose software has been widely used to administer law school entrance exams during the coronavirus pandemic has agreed to an independent audit of the software after a U.S. senator raised cybersecurity concerns about the product. Alabama-based ProctorU's web-browser extension software has allowed people across the U.S. to take the LSAT exam from home during the pandemic. But Sen. Ron Wyden, D-Ore. , worried that that same accessibility, if left unsecured. READ MORE...
It's a bigger problem than is immediately apparent, and has the potential for hacks as big as Equifax and as widespread as SolarWinds. The universal need for speed and lack of resource in commercial app development requires developers to use free open-source software libraries. The difficulty is that there is no easy way to manage the open-source vulnerabilities that get included via the libraries into the finished commercial app. READ MORE...
Cisco Systems said it will not fix a critical vulnerability found in three of its SOHO router models. The bug, rated 9.8 in severity out of 10, could allow unauthenticated remote users to hijack targeted equipment and gain elevated privileges within effected systems. The three Cisco router models (RV110W, RV130, and RV215W) and one VPN firewall device (RV130W) are of varying age and have reached "end of life" and will not be patched, according to Cisco. READ MORE...