January 20, 2021 FreakOut Malware Campaign Targets Linux Devices A new malware variant is being used in attacks on Linux devices that sees the devices added to a botnet and used for cryptocurrency mining ... Read more
January 13, 2021 Microsoft Releases Patch for Actively Exploited Windows Defender Zero Day and 9 Other Critical Flaws The first Patch Tuesday of 2021 has seen Microsoft release patches to fix 83 vulnerabilities across its range of products, including one zero-day vulnerability in ... Read more
January 7, 2021 Hardcoded Password Vulnerability in Zyxel Devices Being Actively Exploited Cybercriminals have started exploiting the hardcoded credential vulnerability (CVE-2020-29583) in Zyxel networking products that was announced by Zyxel on December 23, 2020. The vulnerability, identified ... Read more
January 5, 2021 New PayPal Phishing Scam Advises Users via SMS that their Account has been Limited A new PayPal phishing scam is being conducted via SMS messages that informs users that their PayPal account has been permanently set to ‘limited’ status, ... Read more
December 21, 2020 More Than 3 Million Chrome and Edge Users Have Malware-Infected Browser Extensions Approximately 3 million users of Google Chrome and Microsoft Edge have been infected with malware that has been hidden in browser extensions, according to a ... Read more
December 18, 2020 Contact Form 7 Vulnerability Places 5 Million WordPress Sites at Risk of Takeover A critical vulnerability has been identified in the popular WordPress plugin, Contact Form 7, which has been installed on approximately 5 million websites. The vulnerability, ... Read more
December 15, 2020 Document Delivery Lure Used in Large Scale Spear Phishing Campaign Targeting Enterprise Employees Last week, researchers at Abnormal Security identified a coordinated phishing attack targeting enterprise employees that attempts to steal their Microsoft Office 365 credentials. The emails ... Read more
December 10, 2020 Spear Phishing Campaign Spoofing Microsoft.Com Sees Emails Delivered to Office 365 Inboxes Researchers at Israeli cybersecurity firm Ironscales have identified a spear phishing campaign targeting Office 365 users that spoofs the Microsoft.com domain. Several thousand Office 365 ... Read more
November 25, 2020 Patch MobileIron Vulnerability Immediately, Warns NCSC The UK National Cyber Security Centre (NCSC) has issued an alert that confirms Advanced Persistent Threat (APT) groups and cybercriminals are currently exploiting the MobileIron ... Read more
November 17, 2020 Malsmoke Campaign Delivers ZLoader Malware via Popups on High Traffic Adult Websites A malware distribution campaign identified by security researchers at Malwarebytes is now distributing a ZLoader malware variant via popups on popular adult websites. The campaign ... Read more
November 11, 2020 Use of SSL Certificates in Malware and Phishing Attacks Up 260% in 2020 Abuse of SSL certificates in phishing and malware attacks has increased by 260% in the first 9 months of 2020, according to a new report ... Read more
November 6, 2020 Three Actively Exploited Zero Days in the iOS Operating System Patched by Apple Patches have been released to correct three zero-day vulnerabilities in the iOS operating systems that are currently being exploited in the wild. The vulnerabilities affect ... Read more
November 4, 2020 Zero-Day Windows Flaw Allowing Sandbox Escape Being Actively Exploited in the Wild Google Project Zero has disclosed a high severity Windows vulnerability that has yet to be patched by Microsoft after the flaw was observed being exploited ... Read more
October 27, 2020 Finnish Psychotherapy Provider and Patients Blackmailed and Threatened with Publication of Sensitive Data A national network of psychotherapy clinics in Finland has suffered a cyberattack in which highly sensitive patient data were stolen. The company was issued with ... Read more
October 23, 2020 Phishing Campaign Spoofs Microsoft Teams A large-scale phishing campaign is being conducted that spoofs Microsoft Teams in an attempt to get users to part with their Microsoft Office 365 credentials. ... Read more
October 16, 2020 Silent Librarian Threat Group Recommenced Spear Phishing Campaign on Universities The Silent Librarian hacker group – aka TA407 – has recommenced a spear phishing campaign targeting universities. The hacking group is known for sending spear ... Read more
October 13, 2020 Coalition of Tech Firms Takedown TrickBot Botnet The backend infrastructure of the TrickBot botnet has been taken down by a coalition of tech companies and government agencies, including Microsoft ESET, NTT, Black ... Read more
October 9, 2020 Multiple Threat Groups are Exploiting the Microsoft Zerologon Vulnerability Microsoft has issued a warning following the discovery of multiple threat groups using exploits for the Zerologon vulnerability – CVE-2020-1472 – in the core authentication ... Read more
October 8, 2020 Male Chastity Device Vulnerability Could be Exploited to Cause Permanent Locking Vulnerabilities have been identified in a male chastity device that could be exploited to cause the device to permanently lock. Should that happen, and you ... Read more
October 8, 2020 Phishing Campaign Offering Inside Info on President Trump’s COVID Diagnosis and Health Phishers commonly use lures claiming to provide further information on topics that are attracting a lot of media attention. At the start of the coronavirus ... Read more
September 24, 2020 Zerologon Exploits Now Being Used in the Wild, Warns Microsoft Earlier this month, the DHS Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive about a critical vulnerability— CVE-2020-1472—that affected Microsoft Windows Netlogon Remote Protocol ... Read more
September 16, 2020 Billions of Devices Vulnerable to ‘BLESA’ Bluetooth Spoofing Vulnerability A vulnerability has been discovered in the Bluetooth Low Energy (BLE) reconnection process that could be exploited by an attacker to bypass the reconnection authentication ... Read more
September 15, 2020 Phishing Campaign Uses Real Time Active Directory Validation of Credentials A new phishing technique has been identified where the attackers validate Office 365 credentials in real time using Active Directory. One of the problems with ... Read more
September 10, 2020 Almost a Quarter UK Corporate-Owned Computers and Smartphones Have No Antivirus Software Installed A worrying percentage of businesses are not adequately protecting the devices they issue to their employees, according to new research commissioned by Kaspersky. Kaspersky commissioned ... Read more
September 3, 2020 New Cryptocurrency Stealing KryptoCibule Malware Family Identified For the past two years, a cryptocurrency-stealing malware named KryptoCibule has been used to mine cryptocurrency on victims’ machines, steal cryptocurrency wallets, and hijack transactions. ... Read more
September 1, 2020 Phishing Campaign Offering PPE Delivers Agent Tesla RAT Researchers at Area 1 Security have identified a phishing scam that spoofs legitimate chemical companies, exporters and importers to deliver the Agent Tesla Remote Access ... Read more
August 28, 2020 New Version of Qbot Trojan Can Hijack Email Threads Check Point researchers have identified a new version of the Qbot Trojan, a malware threat that first appeared 12 years ago. Qbot is an information ... Read more
August 21, 2020 New “FritzFrog” P2P Botnet Targeting SSH Servers of Banks, Medical Centers, Government Offices and Universities A new, sophisticated, and stealthy peer-to-peer (P2P) botnet named FritzFrog has been discovered which is being used to target SSH servers. The botnet was identified ... Read more
August 17, 2020 CISA Warns of Phishing Campaign Targeting SBA Loan Accounts The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about an ongoing phishing campaign against government agencies that ... Read more
July 28, 2020 Vulnerability in Cisco’s Network Security Products Being Actively Exploited A high severity flaw in Cisco’s network security products is now being actively exploited. The vulnerability is present in the Cisco products used by many ... Read more