Members of an advanced persistent threat (APT) group, masquerading as teleworking employees with legitimate credentials, accessed a US organization's network and planted a backdoor called Supernova on its SolarWinds Orion server for conducting reconnaissance, domain mapping, and data theft. The attackers had access to the network for nearly one year, from March 2020 to February 2021. READ MORE...
The REvil ransomware gang is known for audacious attacks on the world's biggest organizations, and its demands for astronomical ransoms to match. But the gang's latest squeeze on Apple just hours before its splashy new product launch was a bold move, even for the notorious ransomware-as-a-service gang. The original attack was launched against Quanta, a Global Fortune 500 manufacturer of electronics, which claims Apple among its customers. READ MORE...
Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero (XMR) cryptocurrency mining bots. This modular malware can infect both Windows and Linux systems, and it was first spotted last year while using the EternalBlue exploit to spread across compromised networks and enslave vulnerable Windows computers. READ MORE...
Following a wave of ransomware attacks, network-attached storage (NAS) appliance manufacturer QNAP Systems says it is urgently working on finding a solution to remove malware from infected NAS devices. The Taiwanese company, which makes both NAS and professional network video recorder (NVR) solutions, has long been urging users to improve the security of their devices. READ MORE...
Twitter caused quite the panic Thursday night when they accidentally sent emails asking users to confirm their accounts, which looked suspiciously like a phishing attack. These emails began around 10 PM EST, with numerous Twitter accounts operated by BleepingComputer and its writers receiving the emails. These emails used the subject "Confirm your Twitter account" and included a button labeled 'Confirm Now. READ MORE...
The hackers behind a nascent strain of ransomware hit a snag this week when a security researcher found a flaw in the payment system and, he says, helped victims save $27,000 in potential losses. Stanford University student and security researcher Jack Cable got a call Wednesday from a family friend, who is a doctor, asking for help because cybercriminals had locked the doctor's computer. READ MORE...
Users of Apple products have long loved the ability to wirelessly share files with each other, using AirDrop to transmit files between their iPhones and Macbooks. But researchers at the Technical University of Darmstadt in Germany have discovered that security weaknesses could allow an attacker to obtain a victim's phone number and even email address. READ MORE...
"Basically, I'm going to keep talking to you, but I'm going to disappear," longtime security researcher Katie Moussouris told me in a private Clubhouse room in February. "We'll still be talking, but I'll be gone." And then her avatar vanished. I was alone, or at least that's how it seemed. "That's it," she said from the digital beyond. "That's the bug. I am a f***ing ghost." READ MORE...