Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet. The resources used for this attack show the sheer size of the cybercriminal effort to collect login data to be used in various attacks. Similar to Google, Naver provides a diverse set of services that range from web search to email, news, and the NAVER Knowledge iN online Q&A platform. READ MORE...
Findings from a Bulletproof report highlight the issue posed by poor security hygiene as automated attacks remain a high security threat to businesses. The research gathered throughout 2021, showed that 70% of total web activity is currently bot traffic. With attackers increasingly deploying automated attack methods, default credentials are the most common passwords used by these bad actors, acting in effect as a 'skeleton key' for criminal access. READ MORE...
A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published by Armorblox on Wednesday, the attack combined brand impersonation with social engineering and managed to bypass Google's email security by using a valid domain name, eventually reaching the mailboxes of hundreds of employees. READ MORE...
A recently discovered botnet under active development targets Linux systems, attempting to ensnare them into an army of bots ready to steal sensitive info, installing rootkits, creating reverse shells, and acting as web traffic proxies. The newly found malware, dubbed B1txor20 by researchers at Qihoo 360's Network Security Research Lab (360 Netlab), focuses its attacks on Linux ARM, X64 CPU architecture devices. READ MORE...
Big banks fear that Swift faces a growing threat of Russian cyberattacks after seven of the country's lenders were kicked off the global payments messaging system over the weekend. VTB, Russia's second-biggest bank, and Promsvyazbank, which finances Russia's war machine, were among the lenders removed on Saturday from Swift as part of the West's sanctions campaign against Moscow in response to its invasion of Ukraine. READ MORE...
Last month, the LAPSUS$ hacking group stole up to one terabyte of internal data from graphics card maker NVIDIA. The hackers claimed to steal source code from the GPU chip manufacturer, as well as the email addresses and password hashes of some 71,335 employees. Obviously, any theft of data is not good news. And to make matters worse, many of the passwords were subsequently cracked and circulated via hacking forums. READ MORE...
A researcher has successfully used the critical Dirty Pipe vulnerability in Linux to fully root two models of Android phones-a Pixel 6 Pro and Samsung S22-in a hack that demonstrates the power of exploiting the newly discovered OS flaw. The researcher chose those two handset models for a good reason: they are two of the few-if not the only-devices known to run Android version 5.10.43, the only release of Google's mobile OS that's vulnerable to Dirty Pipe. READ MORE...
The FBI says Russian state-backed hackers gained access to a non-governmental organization (NGO) cloud after enrolling their own device in the organization's Duo MFA following the exploitation of misconfigured default multifactor authentication (MFA) protocols. To breach the network, they used credentials compromised in a brute-force password guessing attack to access an un-enrolled and inactive account, not yet disabled in the organization's Active Directory. READ MORE...