Nation-state hackers have been running cyber-espionage operations against medical research organizations in the U.S. that are studying the novel coronavirus, according to the FBI. "We have certainly seen reconnaissance activity and some intrusions into some of those institutions, especially those that have publicly identified themselves as working on COVID-19 related research," the deputy assistant director of the FBI's cyber division, Tonya Ugoretz, said Thursday. READ MORE...
A massive television ad fraud campaign that abuses the programmatic advertising ecosystem for connected TV (CTV) has successfully impersonated more than 2 million people in over 30 countries so far during its run, defrauding more than 300 different brands out of their ad dollars. The recently uncovered CTV operation was bent on tricking advertisers into thinking there were real people watching TV on the other side of the screen, when in reality they were bots. READ MORE...
A mysterious set of hackers has in recent months launched data-stealing attacks against Azerbaijan government officials and companies in the country's wind industry, researchers from Cisco Talos said Thursday. The attackers are using a new hacking tool, whose code is littered with references to English playwright William Shakespeare, to try to gain remote access to target computers and exfiltrate data automatically. READ MORE...
Videoconferencing platform Zoom is rolling out a number of measures meant to stem criticism over how it has handled security as users flock to the application during the coronavirus pandemic. Zoom chief executive Eric Yuan laid out steps Wednesday that the company is taking against problems such as data hacking and harassment by individuals who crash sessions in what is referred to as "Zoombombing." READ MORE...
Some new variants of the Agent Tesla info-stealer malware now come with a dedicated module for stealing WiFi passwords from infected devices, credentials that might be used in future attacks to spread to and compromise other systems on the same wireless network. The new samples are heavily obfuscated and are designed by the malware's author to collect wireless profile credentials from compromised computers. READ MORE...
Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. As a result, domain name registrars are under increasing pressure to do more to combat scams and misinformation during the COVID-19 pandemic. READ MORE...
In a vivid example of why cloud infrastructure needs strong security, a simple Docker container honeypot was used for four different criminal campaigns in the span of 24 hours, in a recent lab test. Akamai security researcher Larry Cashdollar set up the Docker image to see what kind of notice it might attract from the wider web's cadre of cyberattackers. He implemented SSH protocol for encryption and implemented a "guessable" root password. READ MORE...
The Pentagon's latest bug bounty challenge, Hack the Air Force 4.0, has resulted in the discovery of over 400 vulnerabilities and rewards totaling more than $290,000. Hack the Air Force 4.0, conducted by the U.S. Department of Defense in collaboration with the Defense Digital Service and bug bounty platform HackerOne, was the Pentagon's tenth bug bounty program. READ MORE...
Office printers don't have to be security threats: with foresight and maintenance they're very easily threat-proofed. The problem is that system administrators rarely give the humble printer (or scanner, or multifunction printer) much attention. But hackers haven't forgotten about printers. Last summer, a Russian hacker group penetrated numerous organizations by first infiltrating unprotected printers, which were connected to the same network as every other device. READ MORE...