Phishing campaigns are using AMP URLs to avoid detection
Researchers have found a new phishing tactic which uses Google Accelerated Mobile Pages (AMP) to make URLs look trustworthy. The tactic is designed to slip past both software and users on the lookout for strange and untrustworthy domain names. AMP is an open-source HTML framework designed to make web content load faster on mobile devices. The framework was originally created by Google, but over 30 news publishers and several technology companies have collaborated on the project. READ MORE...
Old-school hacktivism is back because it never went away
Hacktivism may have dropped off of organization radars over the past few years, but it is now very visibly coming from what is believed to be Bangladesh, thanks to a group tracked by cybersecurity firm Group-IB. Mysterious Team Bangladesh (MTB) first appeared in 2020, but didn't really get going until mid-2022. The bulk of its activity took place after June 2022 and hit its peak (so far) in May of the same year. READ MORE...
Piles of Unpatched IoT, OT Devices Attract ICS Cyberattacks
Despite efforts across both the public and private sectors to shore up industrial control system (ICS) cybersecurity, threat actors continue to find increasing opportunity against unpatched Internet of Things (IoT) and operational technology (OT) devices. New research from Nozomi Networks looked at public IoT/OT cyber incidents over the past six months and found that various threat actors, including ransomware and DDoS cyber attackers, have unleashed a barrage of cyberattacks against ICS systems. READ MORE...
Hackers can abuse Microsoft Office executables to download malware
The list of LOLBAS files - legitimate binaries and scripts present in Windows that can be abused for malicious purposes, will soon include the main executables for Microsoft's Outlook email client and Access database management system. The main executable for the Microsoft Publisher application has already been confirmed that it can download payloads from a remote server. READ MORE...
Krebs on Security: Teach a Man to Phish and He's Set for Life
One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. Like attaching a phishing email to a traditional, clean email message, or leveraging link redirects on LinkedIn, or abusing an encoding method that makes it easy to disguise booby-trapped Microsoft Windows files as relatively harmless documents. READ MORE...
FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022
In collaboration with CISA, the NSA, and the FBI, Five Eyes cybersecurity authorities have issued today a list of the 12 most exploited vulnerabilities throughout 2022. Cybersecurity agencies in the United States, Australia, Canada, New Zealand, and the United Kingdom called on organizations worldwide to address these security flaws and deploy patch management systems to minimize their exposure to potential attacks. READ MORE...
CISA Calls Urgent Attention to UEFI Attack Surfaces
The US government's cybersecurity agency CISA is calling attention to under-researched attack surfaces in UEFI, warning that the dominant firmware standard presents a juicy target for malicious hackers. "UEFI is a critical attack surface. Attackers have a clear value proposition for targeting UEFI software," the agency said in a call-to-action penned by CISA technical advisor Jonathan Spring and vulnerability management director Sandra Radesky. READ MORE...
Dozens of RCE Vulnerabilities Impact Milesight Industrial Router
Dozens of vulnerabilities impacting the Milesight UR32L industrial router could be exploited to execute arbitrary code or commands, Cisco's Talos security researchers warn. A cost-effective solution, the UR32L router provides WCDMA and 4G LTE support, Ethernet ports, and remote device management, which make it suitable for a broad range of M2M/IoT applications. READ MORE...
- ...in 1914, President Woodrow Wilson and the U.S. declare neutrality in World War I.
- ...in 1977, President Jimmy Carter signs legislation creating the US Department of Energy.
- ...in 2007, NASA launches the Phoenix Mars probe to investigate the Martian surface for evidence of water and microbial life.
- ...in 2011, Paul McCartney performs a live concert at Great American Ball Park in Cincinnati, Ohio.
