Security researchers at Cybereason are warning of a new mobile banking trojan that steals details from financial apps and intercepts SMS messages to bypass two-factor authentication mechanisms. According to experts who have examined the code of the malware, known as EventBot, it differs substantially from previously known Android malware - suggesting that it might be written by a new group of cybercriminals. READ MORE...
Hackers claim to have gained access to the network of Banco BCR, the state-owned Bank of Costa Rica, and stolen 11 million credit card credentials along with other data. This attack was allegedly conducted by the operators of the Maze Ransomware, who have been behind numerous cyberattacks against high-profile victims such as IT services giant Cognizant, cyber insurer Chubb, and drug testing facility Hammersmith Medicines Research LTD. READ MORE...
I doubt any of us would claim to be fans of CAPTCHA - the puzzles that a website asks you to complete to prove if you're a human being or not. But researchers at Barracuda say that they are seeing cybercriminals deploying Google's reCAPTCHA anti-bot tool in an effort to avoid early detection of their malicious campaigns. Criminals are using reCAPTCHA walls to block the content of their phishing pages from being scanned by URL scanning services. READ MORE...
A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019. Researchers attribute the campaign's success to two parts: First, it leverages multiple Microsoft file-sharing services to convince victims to hand over their credentials. Second, the initial phishing emails are sent from legitimate but previously compromised email addresses - which cloak the fact that they're attacker-controlled. READ MORE...
Several vulnerabilities, most of which have been described as cross-site scripting (XSS) flaws, have been patched in WordPress this week with the release of version 5.4.1. WordPress 5.4.1, described as a short-cycle security and maintenance release, fixes 17 bugs and 7 vulnerabilities affecting version 5.4 and earlier. WordPress developers pointed out that all versions newer than 3.7 have been updated as well. READ MORE...
Ransomware has emerged as one of the top threats facing large organizations over the past few years, with researchers reporting a more than a fourfold increase in detections last year. A recent infection by a fairly new strain called LockBit explains why: after it ransacked one company's poorly secured network in a matter of hours, leaders had no viable choice other than to pay the ransom. READ MORE...