Avaddon ransomware launches data leak site to extort victims
Avaddon ransomware is the latest cybercrime operation to launch a data leak site that will be used to publish the stolen data of victims who do not pay a ransom demand. Since the Maze operators began publicly leaking files stolen in ransomware attacks, other operations soon followed suit and began creating data leak sites to publish stolen files. These sites are designed to scare victims into paying a ransomware under threat that their files will be leaked to the public. READ MORE...
Hacked government, college sites push malware via fake hacking tools
A large scale hacking campaign is targeting governments and university websites to host articles on hacking social network accounts that lead to malware and scams. BleepingComputer first learned about this campaign after security intelligence firm Cyble shared a screenshot of the UNESCO.org site compromised to host an article on how to hack Instagram accounts. Clicking on the embedded link brought you to a website that pretends to be an Instagram hacking tool that can hack into user's accounts. READ MORE...
DEF CON 2020 Wrap-Up: Hacking Phones, Cars and Satellites
Tens of researchers showcased their work last week at the DEF CON hacking conference. They presented research on hacking phones, cars, satellite communications, traffic lights, smart home devices, printers, and popular software services, among many others. Here is a summary of some of the most interesting presentations from DEF CON 2020: Hacking Samsung smartphones via Find My Mobile. A series of vulnerabilities affecting Samsung's Find My Mobile could have been chained to track a phone. READ MORE...
Upgraded Agent Tesla malware steals passwords from browsers, VPNs
New variants of Agent Tesla remote access Trojan now come with modules dedicated to stealing credentials from applications including popular web browsers, VPN software, as well as FTP and email clients. Agent Tesla is a commercially available .Net-based infostealer with both remote access Trojan (RAT) and with keylogging capabilities active since at least 2014. This malware is currently very popular with business email compromise (BEC) scammers who use it to infect their victims. READ MORE...
SBA phishing scams: from malware to advanced social engineering
A number of threat actors continue to take advantage of the ongoing coronavirus pandemic through phishing scams and other campaigns distributing malware. In this blog, we look at 3 different phishing waves targeting applicants for Covid-19 relief loans. The phishing emails impersonate the US Small Business Administration (SBA), and are aimed at delivering malware, stealing user credentials or committing financial fraud. In each of these campaigns, criminals are spoofing the sender's email so that it looks like the official SBA's. READ MORE...
Businesses prioritize security and collaboration tools to manage sustained remote work environments
77 percent of IT professionals believe they were prepared to manage the rapid shift to remote work during the COVID-19 outbreak, according to TeamViewer. Among those surveyed, the percentage working from home had abruptly jumped from 28 percent prior to the pandemic to 71 percent during the outbreak. The survey included more than 200 IT executives in the U.S. across various industries. Manage remote work: High productivity, effectiveness and morale. READ MORE...
DDoS Attacks Cresting Amid Pandemic
Attacks were way up year-over-year in the second quarter as people continue to work from home. The number of distributed denial-of-service (DDoS) attacks spiked in the second quarter of 2020, researchers said. According to the latest Kaspersky quarterly DDoS attacks report, DDoS events were three times more frequent in comparison to the second quarter last year (up 217 percent), and were up 30 percent from the number of DDoS attacks observed in the first quarter of 2020. READ MORE...
vBulletin fixes ridiculously easy to exploit zero-day RCE bug
A simple one-line exploit has been published for a zero-day pre-authentication remote code execution (RCE) vulnerability in the vBulletin forum software. vBulletin is an immensely popular online forum software utilized by large brands such as Electronic Arts, Zynga, Sony, Pearl Jam, NASA, Steam, and many more. In September 2019, an unknown security researcher disclosed a zero-day RCE vulnerability in vBulletin's versions 5.0 through 5.4, which was tracked as CVE-2019-16759. READ MORE...
Michigan State University discloses credit card theft incident
Michigan State University (MSU) today disclosed that attackers were able to steal credit card and personal information from roughly 2,600 users of its shop.msu.edu online store. The attackers were able to inject malicious scripts designed to harvest and exfiltrate customers' payment cards after exploiting a now-addressed website vulnerability. Such attacks are known as web skimming attacks. READ MORE...
Vulnerabilities in Qualcomm Chips Expose Billions of Devices to Attacks
Security researchers have identified hundreds of vulnerabilities that expose devices with Qualcomm Snapdragon chips to attacks. During a presentation at DEF CON last week, Check Point security researcher Slava Makkaveev revealed how vulnerabilities in the compute digital-signal processor (DSP) - a subsystem that enables the processing of data with low power consumption - could open the door for Android applications to perform malicious attacks. READ MORE...
Securing human resources from cyber attack
As COVID-19 forced organizations to re-imagine how the workplace operates just to maintain basic operations, HR departments and their processes became key players in the game of keeping our economy afloat while keeping people alive. Without a doubt, people form the core of any organization. The HR department must strike an increasingly delicate balance while fulfilling the myriad of needs of workers in this "new normal" and supporting organizational efficiency. READ MORE...
- ...in 1934, Alcatraz prison opens.
- ...in 1942, film actress and inventor Hedy Lamarr receives a patent for a frequency-switching communication system. It later becomes the basis for cellular and Wi-Fi technology.
- ...in 1966, the first Chevy Camaro drove out of the manufacturing plant in Cincinnati.
- ...in 1972, the last U.S. ground combat unit departs South Vietnam.
