Massive phishing campaign uses 500+ domains to steal credentials
Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet. The resources used for this attack show the sheer size of the cybercriminal effort to collect login data to be used in various attacks. Similar to Google, Naver provides a diverse set of services that range from web search to email, news, and the NAVER Knowledge iN online Q&A platform. READ MORE...
Attackers using default credentials to target businesses, Raspberry Pi and Linux top targets
Findings from a Bulletproof report highlight the issue posed by poor security hygiene as automated attacks remain a high security threat to businesses. The research gathered throughout 2021, showed that 70% of total web activity is currently bot traffic. With attackers increasingly deploying automated attack methods, default credentials are the most common passwords used by these bad actors, acting in effect as a 'skeleton key' for criminal access. READ MORE...
Phony Instagram 'Support Staff' Emails Hit Insurance Company
A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published by Armorblox on Wednesday, the attack combined brand impersonation with social engineering and managed to bypass Google's email security by using a valid domain name, eventually reaching the mailboxes of hundreds of employees. READ MORE...
New Linux botnet exploits Log4J, uses DNS tunneling for comms
A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies. The newly found malware, dubbed B1txor20 by researchers at Qihoo 360's Network Security Research Lab (360 Netlab), focuses its attacks on Linux ARM, X64 CPU architecture devices. READ MORE...
Banks on alert for Russian reprisal cyberattacks on Swift
Big banks fear that Swift faces a growing threat of Russian cyberattacks after seven of the country's lenders were kicked off the global payments messaging system over the weekend. VTB, Russia's second-biggest bank, and Promsvyazbank, which finances Russia's war machine, were among the lenders removed on Saturday from Swift as part of the West's sanctions campaign against Moscow in response to its invasion of Ukraine. READ MORE...
NVIDIA staff shouldn't have chosen passwords like these…
Last month, the LAPSUS$ hacking group stole up to one terabyte of internal data from graphics card maker NVIDIA. The hackers claimed to steal source code from the GPU chip manufacturer, as well as the email addresses and password hashes of some 71,335 employees. Obviously, any theft of data is not good news. And to make matters worse, many of the passwords were subsequently cracked and circulated via hacking forums. READ MORE...
Researcher uses Dirty Pipe exploit to fully root a Pixel 6 Pro and Samsung S22
A researcher has successfully used the critical Dirty Pipe vulnerability in Linux to fully root two models of Android phones-a Pixel 6 Pro and Samsung S22-in a hack that demonstrates the power of exploiting the newly discovered OS flaw. The researcher chose those two handset models for a good reason: they are two of the few-if not the only-devices known to run Android version 5.10.43, the only release of Google's mobile OS that's vulnerable to Dirty Pipe. READ MORE...
FBI warns of MFA flaw used by state hackers for lateral movement
The FBI says Russian state-backed hackers gained access to a non-governmental organization (NGO) cloud after enrolling their own device in the organization's Duo MFA following the exploitation of misconfigured default multifactor authentication (MFA) protocols. To breach the network, they used credentials compromised in a brute-force password guessing attack to access an un-enrolled and inactive account, not yet disabled in the organization's Active Directory. READ MORE...
- ...in 1751, President James Madison, known as the "Father of the Constitution" and cowriter of The Federalist Papers, is born in the Virginia Colony.
- ...in 1926, physicist Robert Goddard launches the first ever liquid-propellant rocket (fueled by gasoline and liquid oxygen) from a field in Auburn, MA.
- ...in 1995, the state of Mississippi formally ratifies the 13th Amendment, becoming the last state to approve the abolition of slavery, nearly 130 years after the fact.
- ...in 2020, the Dow Jones Industrial Average falls by 2,997.10, the single largest point drop in history.
