Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news

International Law Enforcement Operation Takes Down NetWire RAT
Mar13

International Law Enforcement Operation Takes Down NetWire RAT

An international law enforcement operation has resulted in the seizure of the infrastructure used to support the NetWire remote access Trojan (RAT). NetWire was first detected in 2012 and has been sold on cybercrime forums for more than a decade. NetWire has consistently been one of the most popular and widely distributed RATs for several years due to its low cost and reliability. The RAT is primarily distributed via email using...

Read More

Suspected Core Members of the DoppelPaymer Ransomware Gang Arrested

Europol has announced that two individuals suspected of being core members of the DoppelPaymer ransomware group have been arrested in a coordinated law enforcement operation involving the Federal Bureau of Investigation (FBI), the Dutch Police, and law enforcement agencies in Germany and Ukraine. DoppelPaymer ransomware first appeared in 2019 and has been used in many attacks on critical infrastructure organizations and the public and...

Read More
FTC Proposes Multi-Million-Dollar Penalty for BetterHelp to Resolve Consumer Privacy Violations
Mar06

FTC Proposes Multi-Million-Dollar Penalty for BetterHelp to Resolve Consumer Privacy Violations

The Federal Trade Commission (FTC) has announced another enforcement action stemming from the disclosure of consumers’ sensitive health information to marketing companies for advertising purposes. The FTC has proposed a $7.8 million financial penalty to resolve alleged violations of the FTC Act by BetterHelp, a California-based provider of online counseling services. BetterHelp offers consumers counseling services under a range...

Read More
Trezor Confirms Customers Being Targeted in Phishing Campaign
Mar02

Trezor Confirms Customers Being Targeted in Phishing Campaign

Trezor users are being targeted in a multi-channel phishing campaign that attempts to trick them into disclosing their recovery seeds, which will allow their wallets to be stolen. Trezor provides hardware-based wallets for cryptocurrency, which are a more secure way of storing cryptocurrency than software-based wallets; however, that does not mean cryptocurrency cannot be stolen. Users are provided with a 12-24-character seed or...

Read More
LastPass Says DevOps Engineer’s Home Computer was Hacked
Feb28

LastPass Says DevOps Engineer’s Home Computer was Hacked

LastPass has provided another update on the second data breach it experienced last year and has confirmed that the second attack – which was linked to the summer hacking incident – involved the hacking of the home computer of a DevOps engineer. In August 2022, hackers gained access to the LastPass developer environment and stole some proprietary source code and internal documents, but said the breach was limited to its development...

Read More
Atlassian Confirms SiegedSec Hackers Stole Employee Data and Office Floor Plans
Feb22

Atlassian Confirms SiegedSec Hackers Stole Employee Data and Office Floor Plans

The enterprise software provider, Atlassian, has confirmed that a hacking group has downloaded sensitive employee data and office floor plans, but says its systems were not breached. A threat group called SiegedSec recently announced on their Telegram channel that they had hacked into the software of Atlassian and exfiltrated sensitive data. In the announcement, they said they had stolen sensitive data from the $44 billion software...

Read More

FBI Says New York Field Office Cyber Intrusion Has Been Contained

Hackers have taken a rather bold step by hacking into a computer system used by the Federal Bureau of Investigation (FBI) New York Field Office. The cyberattack was first reported by CNN on Friday, and the FBI has now reported that the intrusion has been successfully contained and that it was an isolated incident, although the investigation into the scope and overall impact of the intrusion is ongoing. CNN reported that the computer...

Read More
HardBit 2.0 Ransomware Actors Request Insurance Details to Tailor Ransom Demands
Feb21

HardBit 2.0 Ransomware Actors Request Insurance Details to Tailor Ransom Demands

The HardBit ransomware gang has recently updated its ransomware to version 2.0 and has adopted a new tactic when extorting victims – Convincing them that it is in their best interests to disclose information about their cyber insurance policy. The operators try to find out how much the insurance company will cover and will set their ransom demand accordingly. The aim is to get the biggest payout possible and ensure the insurance...

Read More
Zero-Day GoAnywhere MFT Vulnerability Exploited by Clop Ransomware Gang
Feb14

Zero-Day GoAnywhere MFT Vulnerability Exploited by Clop Ransomware Gang

A zero-day vulnerability in the GoAnywhere MFT secure file transfer tool has allegedly been exploited by the Clop ransomware gang to attack more than 130 organizations. The vulnerability – CVE-2023-0669 – can be remotely exploited to gain access to unpatched GoAnywhere MFT instances that have their admin console exposed to the Internet. Successful exploitation of the flaw will allow arbitrary code to be executed. BleepingComputer says...

Read More
Dashlane Publishes Password Manager Source Code
Feb08

Dashlane Publishes Password Manager Source Code

The password manager provider Dashlane has made the surprising announcement that the source code for its mobile app has been released on GitHub, in what the company claims is the first step in a push to make its platform more transparent. The source code for both its Android and iOS apps has now been published on GitHub, along with the code for its Mac and Apple Watch apps, with the code for the web extension due to similarly be...

Read More
Massive Global Ransomware Campaign Hits Thousands of VMWare ESXi Servers
Feb06

Massive Global Ransomware Campaign Hits Thousands of VMWare ESXi Servers

A massive ransomware campaign exploiting a 2-year-old vulnerability in VMWare ESXi servers has seen more than 3,200 servers attacked since Friday. An unknown threat actor is exploiting the flaw to deliver a new ransomware variant dubbed ESXiArgs, named after the .args extension used for encrypted files. The new ransomware uses the sosemanuk algorithm to encrypt files, which is relatively rare. This algorithm was used by Babuk...

Read More
Spate of DDoS Attacks on Hospitals as Hacktivist Group Responds to Increased Support for Ukraine
Feb01

Spate of DDoS Attacks on Hospitals as Hacktivist Group Responds to Increased Support for Ukraine

Healthcare providers in the United States and other NATO countries have been warned about the risk of distributed denial of service (DDoS) attacks by the Russian hacktivist group Killnet. More than a dozen hospitals and health systems in the United States have been attacked over the past few days, including Stanford Healthcare, University of Michigan Health, University of Pittsburg Medical Center, Duke University Hospital, Buena Vista...

Read More
QNAP Warns of Critical Vulnerability in its NAS Devices
Jan31

QNAP Warns of Critical Vulnerability in its NAS Devices

The network-attached storage (NAS) device maker QNAP has warned customers about a critical remote code injection vulnerability affecting devices running QTS or QuTS hero firmware and has urged users to update the firmware immediately to prevent exploitation of the flaw, which has been assigned a CVSS severity score of 9.8/10 The vulnerability, tracked as CVE-2022-27596, can be exploited remotely on Internet-exposed QNAP devices...

Read More

Some Popular Password Managers Found to Auto-Fill Passwords on Untrusted Websites

Last week, Google announced that it had discovered a security issue with certain password managers, which could be tricked into autosuggesting passwords on untrusted pages. One of the benefits of a password manager is when a password is set for an account, it is tied to a specific URL or domain. When the user lands on that domain or URL, the password for that resource will be auto-filled for convenience. This feature helps to protect...

Read More
Unskilled Cybercriminals Could Use ChatGPT for Phishing Emails and Malware
Jan18

Unskilled Cybercriminals Could Use ChatGPT for Phishing Emails and Malware

Last month, OpenAI launched an AI-based system called ChatGPT that is capable of answering queries and generating natural language text, which can be used for essays, emails, articles, blog posts, resumes, wedding speeches, poems, song lyrics, and even computer code. Google was so alarmed at the capability of the solution to write web content that it issued a code-red to protect its search business, and there is genuine concern that...

Read More
Norton LifeLock Customers Warned that Password Vaults May be At Risk
Jan17

Norton LifeLock Customers Warned that Password Vaults May be At Risk

The antivirus software and cybersecurity firm Norton has recently started notifying certain Norton LifeLock customers that a malicious actor has gained access to their Norton accounts and potentially also accessed their password vaults. Users have been advised to change the password for their Norton account and Password Manager immediately. The news comes shortly after one of the world’s most popular password managers – LastPass...

Read More
One-fifth of the U.S. Department of the Interior Passwords Successfully Cracked in Password Test
Jan13

One-fifth of the U.S. Department of the Interior Passwords Successfully Cracked in Password Test

A recent investigation of the password management practices of the U.S. Department of the Interior has identified multiple password failures which are putting its internal network and applications at risk of compromise. The investigation was conducted by the Department of the Interior Office of Inspector General (DOI OIG) to determine how well the Department’s password management and enforcement controls were working. The...

Read More
January 2023 Patch Tuesday: Microsoft Fixes Almost 100 Vulnerabilities, 1 Exploited 0Day
Jan10

January 2023 Patch Tuesday: Microsoft Fixes Almost 100 Vulnerabilities, 1 Exploited 0Day

Patches have been released to fix almost 100 vulnerabilities on January 2023 Patch Tuesday, including one actively exploited zero-day Windows Advanced Local Procedure Call (ALPC) elevation of privilege vulnerability and another zero-day that has been publicly disclosed. In total, 98 vulnerabilities have been fixed, 11 of which are rated critical, 7 of which are remote code execution vulnerabilities and 4 are elevation of privilege...

Read More
LastPass Sued for Data Breach to Recover $53,000 in Lost Cryptocurrency
Jan09

LastPass Sued for Data Breach to Recover $53,000 in Lost Cryptocurrency

The recent data breach at LastPass, which saw customers’ encrypted password vaults stolen, has sparked its first lawsuit from a customer who claims to have lost $53,000 in cryptocurrency due to the data breach. The breach in question was detected by LastPass in August 2022, when the company confirmed that unauthorized individuals gained access to its developer environment and stole proprietary source code and technical documentation,...

Read More
Zoho: Patch This Critical ManageEngine Vulnerability Now!
Jan05

Zoho: Patch This Critical ManageEngine Vulnerability Now!

A critical SQL injection vulnerability has been identified in multiple Zoho ManageEngine products. Zoho is urging all business users of the affected software solutions to patch the vulnerability immediately to prevent exploitation. The patch adds proper validation and escaping special characters to prevent the vulnerability from being exploited. The vulnerability is tracked as CVE-2022-47523 and affects its Password Manager Pro,...

Read More
LockBit Ransomware Gang Apologizes for Attack on Canadian Children’s Hospital
Jan03

LockBit Ransomware Gang Apologizes for Attack on Canadian Children’s Hospital

An affiliate of the LockBit ransomware gang recently conducted an attack on the Hospital for Sick Children (SickKids) in Toronto, Canada. The attack occurred on December 18, 2022, and files were encrypted on multiple systems, including its internal and corporate systems, the phone system, and website, although patient medical records were reportedly not affected. As is often the case with ransomware attacks on hospitals, systems are...

Read More
Hacker Claims to Have Scraped the Data of 400 Million Twitter Users
Dec30

Hacker Claims to Have Scraped the Data of 400 Million Twitter Users

A hacker has recently posted a listing on a popular hacking forum advertising a data set that includes the public and private data of approximately 400 million Twitter users. The data was allegedly obtained by exploiting an API vulnerability in 2021 that has since been patched. The same vulnerability was exploited previously in a 5.4 million record data breach – one which the Irish Data Protection Commission has just started...

Read More

270,000 Patients Affected by Louisiana Hospital Cyberattack

Lake Charles Memorial Health System has confirmed that the sensitive information of almost 270,000 patients was compromised in an October 2022 cyberattack. The attack was detected by the health system’s security team on October 21, 2022, with the internal investigation concluding on October 25, 2022, that hackers had gained access to its network and exfiltrated files containing patient data. A website notice states that notification...

Read More
What´s Stopping the Passwordless Revolution?
Dec27

What´s Stopping the Passwordless Revolution?

A couple of years ago, security industry professionals claimed businesses were experiencing a passwordless revolution and some forecast adoption rates in excess of 90% by the end of 2022. However, according to the latest Bitwarden 2023 Password Decisions Survey, fewer than half of respondents have deployed – or now plan to deploy – passwordless technologies. Back in 2020, Microsoft claimed that passwordless adoption would increase...

Read More
LastPass Data Breach: From Bad to Worse, and Worse Still
Dec23

LastPass Data Breach: From Bad to Worse, and Worse Still

It started with a breach of the LastPass developer environment. No customer data was involved in that breach, but then came the news that some customers were impacted, not in the first breach but a second, that was linked to the first. The data stolen in the first breach allowed a second hack. But no fear, customer password vaults were not affected. Now, LastPass has issued another update and said some customer password vaults are at...

Read More
Security Agency Recommends Businesses Change their Approach to Combat Phishing
Dec22

Security Agency Recommends Businesses Change their Approach to Combat Phishing

The UK National Cyber Security Centre (NCSC) has issued advice to businesses to help them improve their defenses against phishing, one of the most common ways that malicious actors gain initial access to business networks. Phishing targets employees, who are weak links in the security chain. Employees are prone to make mistakes, and all it takes is for one employee to fail to recognize a phishing threat for a threat actor to gain...

Read More
Fortnite Developer Agrees to Pay $520 Million to Settle FTC Complaint
Dec21

Fortnite Developer Agrees to Pay $520 Million to Settle FTC Complaint

Epic Games, the developer of the hugely popular battle royale game Fortnite, has agreed to pay $520 million to settle claims that it violated the Children’s Online Privacy Protection Act (COPPA) and used “dark patterns” to obtain payments from players. COPPA was signed into law in 1998 and compliance has been mandatory since April 21, 2000. COPPA imposes restrictions on operators of websites and online services regarding...

Read More
Chinese APT Actor Activity Exploiting Critical Flaw in Citrix ADC and Citrix Gateway
Dec20

Chinese APT Actor Activity Exploiting Critical Flaw in Citrix ADC and Citrix Gateway

U.S. federal authorities are urging Citrix ADC and Citrix Gateway users to patch an unauthenticated remote code execution vulnerability that is being actively exploited by Chinese state-sponsored hackers. The vulnerability – tracked as CVE-2022-27518 – is a critical Citrix Application Delivery Controller (ADC) and Gateway Authentication bypass vulnerability with a CVSS v3 base score of 9.8 out of 10. An unauthenticated...

Read More
Bitwarden Announces New Self-Hosting Deployment Option
Dec19

Bitwarden Announces New Self-Hosting Deployment Option

Bitwarden is one of just a handful of vault-based password managers that offers the option of self-hosting its software on a local device or network server. Earlier this month, the company announced a new “lightweight” deployment option that is less resource intensive and that will ultimately work across multiple databases and architectures. Self-hosting can sometimes be considered more trouble than it is worth. You need to have the...

Read More
Survey Reveals Serious Password Manager Mistake That Puts Millions at Risk of Identity Theft
Dec16

Survey Reveals Serious Password Manager Mistake That Puts Millions at Risk of Identity Theft

Passwords are often a security weak point, but not because of the level of security they provide. If a sufficiently long password is set following password best practices, the account would be well secured. A password of 15 characters containing upper- and lower-case characters, numbers, and symbols would take about a billion years to crack using the GPUs currently available, according to a study by Hive Systems. Increase it to 18...

Read More
Ransomware Attack on HSE in Ireland Has Cost More Than €80 Million
Dec14

Ransomware Attack on HSE in Ireland Has Cost More Than €80 Million

In 2021, the Conti ransomware gang conducted a ransomware attack on the Health Services Executive (HSE) in Ireland. Approximately 98,000 patients and 18,200 members of staff potentially had their personal information stolen in the data breach, and more than a year on, notification letters are still being issued to those individuals. Like many ransomware attacks, it started with a phishing email. In this case, the email had a Microsoft...

Read More
Almost 50 Bugs Fixed by Microsoft on December 2022 Patch Tuesday, Including 2 Zero-days
Dec14

Almost 50 Bugs Fixed by Microsoft on December 2022 Patch Tuesday, Including 2 Zero-days

December 2022 Patch Tuesday sees Microsoft release patches to fix 49 flaws across its product suite, including fixes for two zero-day flaws, one of which is being actively exploited in the wild. Six of the vulnerabilities are rated critical, 40 are rated important, and 2 are moderate. 13 of the flaws have been rated as “more likely to be exploited”.  Patches were also released to fix 24 vulnerabilities in Microsoft Edge earlier this...

Read More
TrueBot Malware Infections Spike and Link to Evil Corp is Confirmed
Dec12

TrueBot Malware Infections Spike and Link to Evil Corp is Confirmed

Security researchers at Cisco Talos say there has been a marked increase in infections with TrueBot malware and the creation of two botnets, one focused on the United States and the other worldwide, with a particular focus on Mexico and Brazil. TrueBot malware, aka Silence downloader, is linked to the Silence Group, a group that has been active since at least 2016 and is known to conduct high-impact targets on financial institutions....

Read More
63 Unique Zero Day Bugs Identified and Exploited at Pwn2Own Toronto 2022
Dec12

63 Unique Zero Day Bugs Identified and Exploited at Pwn2Own Toronto 2022

A contest run by Trend Micro’s Zero Day initiative at Pwn2Own Toronto 2022 that rewards hackers for identifying and exploiting zero-day vulnerabilities has seen exploits demonstrated for 63 unique zero-day bugs in consumer products, earning hackers a total of $989,750 in prize money. This was the 10th year that the contest has been held, and this year saw 26 contestants and teams try to hack the commercial software solutions of 66...

Read More
Bitwarden Adds Passwordless Authentication to its Password Manager
Dec09

Bitwarden Adds Passwordless Authentication to its Password Manager

Password managers improve security by making it easy for users to set strong and unique passwords for their accounts. They also make logging in convenient, as users never need to remember their passwords or type them in. They will be autofilled when the user lands on a site that requires a login. However, users still need to enter the master password for their password vault. While this is a minor inconvenience, Bitwarden has...

Read More
Rackspace Confirms Hosted Exchange Outage Caused by a Ransomware Attack
Dec07

Rackspace Confirms Hosted Exchange Outage Caused by a Ransomware Attack

The cloud computing company Rackspace has confirmed that its ongoing Hosted Exchange outage was the result of a ransomware attack. The attack was detected on December 2, with the Texas-based company confirming proactive measures were taken to contain the breach by isolating its Hosted Exchange environment, with the investigation confirming this was a ransomware attack. At this early stage of the investigation, it has yet to be...

Read More
Warning Issued About Possible Expansion of Destructive Cyberattacks Beyond Ukraine’s Borders
Dec05

Warning Issued About Possible Expansion of Destructive Cyberattacks Beyond Ukraine’s Borders

A hybrid war is being waged in Ukraine involving conventional military operations and non-military methods such as cyberattacks on critical infrastructure and private companies. While Moscow continues to deny conducting cyberattacks as part of the war efforts, governments in the United States and Europe have attributed the escalating number of cyberattacks on the Ukrainian government and private companies in Ukraine to Russian...

Read More
LastPass Suffers Second Hacking Incident – Some Customer Data Compromised
Nov30

LastPass Suffers Second Hacking Incident – Some Customer Data Compromised

In August 2022, hackers gained access to the development environment of LastPass and stole some of its source code and proprietary technical information only. LastPass investigated the breach and confirmed that no customer information was accessed or stolen in the attack, but determined they had access to the development environment for 4 days. Now the world’s most popular password manager has now announced that customer data has been...

Read More
Public and Nonpublic Information of 5.4 Million Twitter Users Leaked
Nov28

Public and Nonpublic Information of 5.4 Million Twitter Users Leaked

A collection of public and non-public information of 5.4 million Twitter users has been released on a hacking forum and can be downloaded free of charge. This is not a recent data breach, but a batch of data that was first listed for sale in December 2021, which the hacker listed for $30,000 at the time. Public information on Twitter users was scraped and combined with legitimate phone numbers and email addresses, which are not...

Read More

The Worst Passwords of 2022 Revealed

The List of the worst passwords of 2022 has been published, pointing the spotlight on poor password practices. Despite the risks, these terrible passwords are still used by many people to “secure” their accounts. The worst passwords of 2022 do nothing of the sort. These passwords are top of the list in brute force attempts to access accounts and will provide almost instant access to any account that they have been used to secure. The...

Read More
CISA Releases Updated Version of its Infrastructure Resilience Planning Framework
Nov25

CISA Releases Updated Version of its Infrastructure Resilience Planning Framework

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an updated version of its Infrastructure Resilience Planning Framework (IRPF). The IRPF was developed to be used by state, local, tribal and territorial (SLTT) planners to improve the resilience of critical infrastructure services in the face of multiple threats and changes, to ensure services that are vital to the social and economic well-being of the...

Read More
Multiple Threat Actors Exploiting Windows 0Day That Prevents Generation of MotW Warnings
Nov22

Multiple Threat Actors Exploiting Windows 0Day That Prevents Generation of MotW Warnings

A phishing campaign has been detected that exploits a zero-day Windows vulnerability to drop Qbot malware, a password-stealing Trojan cum malware dropper. QBot has been observed delivering the Brute Ratel and Cobalt Strike post-exploitation tool kits, and ransomware payloads such as Egregor and Black Basta. When files are downloaded from the Internet from untrusted locations, a Mark of the Web attribute is added to the files that...

Read More
FBI, CISA, HHS Issue Warning About Hive Ransomware Attacks
Nov21

FBI, CISA, HHS Issue Warning About Hive Ransomware Attacks

A joint security alert has been issued to the healthcare and public health sector (HPH) warning about Hive ransomware attacks. The Hive ransomware gang has been aggressively targeting the HPH sector since at least June 2021. According to the alert, the group has generated more than $100 million in ransom payments and has attacked more than 1,300 companies. Several industry sectors have been targeted by the gang, including Government...

Read More
Password Attacks Have Increased by 74% in the Past Year
Nov17

Password Attacks Have Increased by 74% in the Past Year

The 2022 Microsoft Digital Defense Report has highlighted a worrying cybercrime trend – A massive increase in password attacks. In the past year there has been a 74% increase in password attacks, which are now occurring at a rate of 921 attacks per second. Password spraying and credential stuffing attacks are increasing despite improving cybersecurity awareness. Password spraying is a brute force attack that involves the use of a list...

Read More
Iranian APT Actor Breached US Government Organization Using Log4Shell Exploit
Nov17

Iranian APT Actor Breached US Government Organization Using Log4Shell Exploit

An Iranian Advanced Persistent Threat (APT) actor has exploited the Log4Shell vulnerability (CVE-2021-44228) in an unpatched VMware Horizon server of a Federal Civilian Executive Branch (FCEB) organization, according to a recent alert from the Cybersecurity and Infrastructure Security Agency (CISA). CISA and the Federal Bureau of Investigation launched an investigation into suspected APT activity in mid-June 2022. The investigation...

Read More
Massive WhatsApp Phishing Campaign Detected Involving 42,000 Malicious Domains
Nov15

Massive WhatsApp Phishing Campaign Detected Involving 42,000 Malicious Domains

A massive phishing campaign is being conducted via WhatsApp that alerts recipients that they have won a prize and need to visit a website using the provided link to claim it. The campaign was identified by security researchers at Cyjax, who have attributed the campaign to a Chinese threat group they are tracking as Fangxiao, after they successfully deanonymized some of the domains used in the campaign and bypassed the Cloudflare...

Read More
CISA Issues Guidance on Vulnerability Categorization, Prioritization, and Management
Nov14

CISA Issues Guidance on Vulnerability Categorization, Prioritization, and Management

Many organizations struggle with vulnerability management due to the number and complexity of new resources and limited resources to devote to remediating vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently issued guidance to help organizations improve vulnerability management by implementing an efficient process for assessing and remediating vulnerabilities. Large organizations generally...

Read More
Cybersecurity Education Failing to Improve Password Hygiene
Nov13

Cybersecurity Education Failing to Improve Password Hygiene

Businesses are realizing the importance of providing security awareness training for the workforce to teach cybersecurity best practices, how to recognize phishing emails, and to highlight the importance of practicing good cyber hygiene. Training the workforce is an essential element of any cybersecurity strategy, as employees are targeted by threat actors. If employees are not trained, human weaknesses are likely to be exploited by...

Read More
Summary of the NIST Password Recommendations
Nov11

Summary of the NIST Password Recommendations

The National Institute of Standards and Technology (NIST) has created password guidance for federal agencies to ensure passwords achieve their intended purpose – preventing unauthorized account access. The NIST password recommendations were updated recently to include new password best practices and some of the long-standing best practices for password security have now been scrapped as, in practice, they were having a negative...

Read More
Q3 Sees Insider Threat Incidents Reach All-Time High
Nov10

Q3 Sees Insider Threat Incidents Reach All-Time High

The Kroll Q3 2022 Threat Landscape report shows an increase in insider threat incidents, which reached the highest level to date in Q3, accounting for 35% of all unauthorized access incidents. Kroll has attributed the increase to the phenomenon known as the great resignation, where large numbers of employees are changing jobs following the COVID-19 pandemic. These incidents commonly occur during the employee termination process and...

Read More
Six Actively Exploited Zero Day Vulnerabilities Patched by Microsoft on November Patch Tuesday
Nov09

Six Actively Exploited Zero Day Vulnerabilities Patched by Microsoft on November Patch Tuesday

Microsoft released patches to fix 68 vulnerabilities on November 2022 Patch Tuesday, 11 of which are rated critical with the remainder rated important. This round of patches includes fixes for six zero-day vulnerabilities that are being actively exploited in real-world attacks. Two of the zero-day flaws – CVE-2022-41082 (EoP – important) & CVE-2022-41040 (RCE – critical) – have been dubbed ProxyNotShell and...

Read More
Medibank Refuses to Pay Ransomware Gang to Prevent Release of Customer Data
Nov08

Medibank Refuses to Pay Ransomware Gang to Prevent Release of Customer Data

In October, Medibank, one of the largest private health insurers in Australia, suffered a ransomware attack that involved the theft of the data of almost 10 million customers. The group behind the attack is thought by some security researchers to be the notorious REvil ransomware gang. The new operation is known as BlogXX, after the name of the website used by the group. In conversations with victims, the group calls itself Sodinokibi...

Read More
MFA Bypassed in Dropbox Phishing Attack Targeting GitHub Credentials
Nov04

MFA Bypassed in Dropbox Phishing Attack Targeting GitHub Credentials

Dropbox has announced that it has suffered a phishing-related data breach in which hackers gained access to proprietary code stored in GitHub repositories. The San Francisco-based file hosting service provider said customer accounts were not compromised, but hackers gained access to 130 code repositories on GitHub using credentials stolen from employees after they responded to phishing emails. Dropbox said no user content, passwords,...

Read More
U.S News Websites Delivering Malware Through Compromised Third-Party JavaScript Code
Nov03

U.S News Websites Delivering Malware Through Compromised Third-Party JavaScript Code

A media company that provides video content and advertising on the websites of major news outlets in the United States has been compromised, and its infrastructure is being used to push the SocGholish JavaScript malware framework out to hundreds of newspapers in the United States. According to cybersecurity firm Proofpoint, more than 250 U.S. news outlets have had the malicious code intermittently displayed on their websites. Some of...

Read More
OpenSSL Vulnerability Downgraded from Critical to High Severity
Nov01

OpenSSL Vulnerability Downgraded from Critical to High Severity

On October 25, 2022, a warning was issued about a critical vulnerability in OpenSSL that had the potential to be as bad as the 2014 Heartbleed bug. No information was released at the time about the nature of the flaw, other than it being a critical flaw in OpenSSL versions 3.0-3.0.6, and that a patch was due to be released on November 1 between 13:00 and 17:00 UTC. The OpenSSL Project has now confirmed that two vulnerabilities have...

Read More
Survey Reveals Younger Generations More Likely to Take Cybersecurity Risks
Nov01

Survey Reveals Younger Generations More Likely to Take Cybersecurity Risks

Organizations can invest heavily in cybersecurity and implement multiple layers of defense to stop malicious actors from gaining access their networks, but those defenses can still be breached, and in the majority of cases those breaches are due to an error by a single employee. The risk of employees making mistakes cannot be eradicated, but it can be managed and reduced by providing training on cybersecurity and introducing...

Read More
Why You Stop Using Your Web Browser as a Password Manager
Oct31

Why You Stop Using Your Web Browser as a Password Manager

Passwords are often all that stands between a cybercriminal and your sensitive personal information. If the password for an online account is guessed, all information in that account can be obtained and misused. This is why it is important to add multifactor authentication to all online accounts to improve security. This Cybersecurity Awareness Month, the Director of the Cybersecurity and Infrastructure Security Agency (CISA) said...

Read More
Half of Businesses Have Adopted Passwordless Authentication to Some Degree
Oct27

Half of Businesses Have Adopted Passwordless Authentication to Some Degree

Bitwarden has published the findings of its 2023 Password Decisions Survey, which explores password practices and habits, strategies that have been adopted for managing passwords, how businesses are protecting against cyberattacks, and the methods adopted to reduce password risks. The survey was conducted on 800 IT decision-makers, 400 in the UK and 400 in the US. How Passwords are Being Managed A password manager is the most secure...

Read More
What are the Disadvantages of Password Managers?
Oct26

What are the Disadvantages of Password Managers?

You will no doubt have heard that one of the most important steps to take to improve security is to use a password manager. A password manager is a software solution to help people create and manage their passwords and follow password best practices. Why People Need to Use a Password Manager Passwords are a convenient way of preventing unauthorized account access, similar to a lock on a front door that requires a key to unlock. The...

Read More
Apple Fixes Actively Exploited 0Day Vulnerability Affecting iPhones and iPads
Oct26

Apple Fixes Actively Exploited 0Day Vulnerability Affecting iPhones and iPads

Apple has released a batch of security updates to fix known vulnerabilities in its iOS operating system, including a fix for zero-day iOS vulnerability that is being actively exploited in the wild in attacks on iPhones and iPads. The 0day vulnerability – tracked as CVE-2022-42827 – is an out-of-bounds write vulnerability in the kernel that affects iPhone 8 and later, all models of iPad Pro, iPad Air 3rd generation and...

Read More
Healthcare Industry Warned About Daixin Team Cybercrime Group
Oct25

Healthcare Industry Warned About Daixin Team Cybercrime Group

A joint security alert has been issued by the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) about Daixin Team – A ransomware and data extortion group that predominantly conducts attacks on the healthcare and public health sector (HPH). Daixin Team first started conducting ransomware and data extortion attacks in June 2022. The group...

Read More
Threat Actors Advertising Tool for Exploiting Vulnerabilities in Veeam Backup & Replication
Oct25

Threat Actors Advertising Tool for Exploiting Vulnerabilities in Veeam Backup & Replication

Several remote code execution vulnerabilities have been identified in the Veeam Backup & Replication application which have been exploited by threat actors, with some threat actors advertising a weaponized tool that will achieve remote code execution by exploiting the flaws. Veeam Backup & Replication is a backup app built that is used for backing up and restoring virtual environments built on VMware vSphere, Nutanix AHV, and...

Read More
Study Suggests Risk of Malware Infection from GitHub-Hosted PoC Exploits is Over 10%
Oct24

Study Suggests Risk of Malware Infection from GitHub-Hosted PoC Exploits is Over 10%

A recent study, conducted by researchers at Leiden Institute of Advanced Computer Science, suggests the risk of being infected with malware from downloading proof-of-concept (PoC) exploit code from GitHub is more than 10%. GitHub is a popular code-hosting platform that is used by more than 83 million developers worldwide for contributing to the open source community and sharing, tracking, and controlling changes to their code. GitHub...

Read More
Cybersecurity Awareness Month: Time to Improve Password Security
Oct24

Cybersecurity Awareness Month: Time to Improve Password Security

The theme of October 2022 Cybersecurity Awareness Month is “See Yourself in Cyber” which focuses on people. As the Cybersecurity and Infrastructure Security Agency (CISA) explained, cybersecurity may seem like a complex subject, but it is really all about people. Everyone has a role to play in cybersecurity and should take steps to stay safe online and protect their privacy, and every employee has a responsibility when it comes to the...

Read More
Information of up to 3 Million Advocate Aurora Health Patients Impermissibly Disclosed to Meta and Others
Oct20

Information of up to 3 Million Advocate Aurora Health Patients Impermissibly Disclosed to Meta and Others

Advocate Aurora Health has recently announced that patient data has been impermissibly disclosed to Meta/Facebook and Google as a result of the use of third-party tracking code snippets on its websites and web applications. The breach has affected up to 3 million patients, making it the largest breach to be reported by a single healthcare provider this year. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule...

Read More
Zimbra Zero-Day Flaw Exploited to Infect at Least 1,600 Servers with Web Shells
Oct17

Zimbra Zero-Day Flaw Exploited to Infect at Least 1,600 Servers with Web Shells

Patches have been released by Zimbra to fix an actively exploited flaw affecting Zimbra Collaboration (Zimbra Collaboration Suite). The critical flaw, tracked as CVE-2022-41352, is a remote code execution vulnerability affecting the cpio utility used by the Amavis open source content filter to scan and extract files. If the flaw is successfully exploited, an attacker can use the cpio package to gain incorrect access to any other user...

Read More
October Patch Tuesday: 90+ Vulnerabilities Patched, but Not ProxyNotShell Flaws
Oct12

October Patch Tuesday: 90+ Vulnerabilities Patched, but Not ProxyNotShell Flaws

Microsoft released patches to fix 96 vulnerabilities across its suite of products on October 2022 Patch Tuesday, including fixes for two zero-day vulnerabilities, one of which is being actively exploited in the wild. 13 of the patches address critical vulnerabilities, 71 are rated important, 1 is rated moderate, and the severity of 11 of the flaws is unknown. In late September, Microsoft announced that two zero-day vulnerabilities had...

Read More
New Callback Phishing Tactics Used to Gain Access to Devices
Oct10

New Callback Phishing Tactics Used to Gain Access to Devices

Ransomware gangs have resurrected a callback phishing technique for gaining initial access to networks, where initial contact is made with the victim via email and a telephone number is provided for the victim to call, along with an important reason for making contact. This is usually a pending charge for a fake subscription to a product or service or a free trial that is due to come to an end, resulting in a charge being applied....

Read More
FBI Warns of Increase in Pig Butchering Cryptocurrency Investment Scams
Oct04

FBI Warns of Increase in Pig Butchering Cryptocurrency Investment Scams

The Federal Bureau of Investigation (FBI) has issued a warning following a rise in ‘pig butchering’ cryptocurrency investment scams. These scams are usually conducted via social media by scammers who are willing to invest time into building relationships with their victims (pigs). After earning their trust, the scammers convince them to invest in cryptocurrencies via fake cryptocurrency platforms. In contrast to other forms of social...

Read More
Hackers Hide Backdoor Malware in Old Windows Logo
Oct03

Hackers Hide Backdoor Malware in Old Windows Logo

A hacking group known as Witchetty (aka LookingFrog) is using steganography to hide backdoor malware within a Windows logo. The campaign is ongoing and has so far seen targeted attacks conducted on governments in the Middle East and a stock exchange in Africa, according to a recent report from Symantec. The threat actor has strong links with the Chinese state-sponsored threat group APT10 and the TA10 operatives behind attacks on...

Read More
Safe and Secure Password Sharing for Businesses
Oct03

Safe and Secure Password Sharing for Businesses

In an ideal world, every employee would have their own password for the accounts and resources they need to access from the moment they started employment or commence a new project. In practice, that is often not the case. IT teams are busy and have to deal with many pressing issues, and setting up new accounts and permissions, can be a slow process. Sometimes, an employee or a group of employees will be required to collaborate on a...

Read More
Microsoft Confirms Two Exchange Server Zero-Day Vulnerabilities Being Actively Exploited
Sep30

Microsoft Confirms Two Exchange Server Zero-Day Vulnerabilities Being Actively Exploited

Microsoft has confirmed that two zero-day vulnerabilities in Microsoft Exchange Server are being actively exploited in the wild and that patches are currently being developed to address the flaws. The vulnerabilities affect Microsoft Exchange Server 2013, 2016, and 2019, one of which is a Server-Side Request Forgery (SSRF) vulnerability, tracked as CVE-2022-41040, and the second, tracked as CVE-2022-41082, is a remote code execution...

Read More
IRS Warns of Exponential Increase in IRS-Themed Smishing Attacks
Sep29

IRS Warns of Exponential Increase in IRS-Themed Smishing Attacks

The U.S. Internal Revenue Service (IRS) has issued a warning following a massive increase in SMS-based phishing (smishing) attacks over the past few weeks. The IRS-themed messages include links to malicious websites that attempt to steal sensitive personal and financial information. The IRS says it observed an increase in smishing attacks on taxpayers in the fall of 2020, with the attacks continuing throughout the pandemic, but this...

Read More
Cybersecurity Awareness Month 2022 Focuses on People
Sep28

Cybersecurity Awareness Month 2022 Focuses on People

Cybersecurity Awareness Month 2022 runs from October 1 to October 31, with the month of October having been dedicated to improving awareness about cybersecurity since 2004. Throughout October, the U.S. Cybersecurity and Infrastructure Security (CISA) and the National Cybersecurity Alliance (NCA) will lead a collaborative effort  between government and industry to improve cybersecurity awareness in the United States and beyond. The...

Read More
Erbium Information Stealer Distributed via Fake Software Cracks
Sep27

Erbium Information Stealer Distributed via Fake Software Cracks

A new malware-as-a-service (MaaS) operation – Erbium – is gaining popularity in the cybercrime community. The MaaS provides strong customer support, the malware is competitively priced, and it has extensive functionality. According to a recent report from Cyfirma, the MaaS operation has been advertising on Russian language hacking forums since at least July. Initially, the malware was offered for just $9 per week, although due...

Read More
Why Changes May Soon be Required to ISO 27001 Password Management Policies
Sep22

Why Changes May Soon be Required to ISO 27001 Password Management Policies

Most accredited organization´s ISO 27001 password management policies are based on the 2013 version of the standard for information security management systems. However, with new controls about to be announced in an updated version of ISO 27001, it may be necessary to amend existing policies to reflect the new controls. If your organization is ISO 27001 accredited, the accreditation is based on the 2013 version of the information...

Read More
The Emotet Botnet Is Being Used to Deliver Quantum and BlackCat Ransomware
Sep21

The Emotet Botnet Is Being Used to Deliver Quantum and BlackCat Ransomware

Security researchers at AdvIntel have recently confirmed that the Emotet botnet is currently being used to deliver ransomware payloads, with the operators of the botnet teaming up with the Quantum and BlackCat ransomware operations. Emotet started life as a banking Trojan and was first detected in 2014. Over the years the malware has received several upgrades to add further capabilities, with the malware-infected devices now serving...

Read More
LastPass Says Hackers Accessed Systems for 4 Days
Sep20

LastPass Says Hackers Accessed Systems for 4 Days

The world’s most popular password manager, LastPass, has provided more information on its August 2022 cyberattack and data breach. The forensic investigation has confirmed that an unauthorized individual gained access to its internal systems for a period of four days; however, no evidence was found to indicate that an individual or individuals had access to any parts of its network before or after that timeline. LastPass CEO, Karim...

Read More
Phishing Campaign Uses a Queen Elizabeth II Lure to Steal Credentials
Sep16

Phishing Campaign Uses a Queen Elizabeth II Lure to Steal Credentials

Whenever there is a major news story that is attracting considerable public interest, phishers are quick to respond, so it is no surprise that they have responded to the death of Queen Elizabeth II. A campaign has recently been identified that masquerades as a notification from Microsoft about an initiative to commemorate her reign. If you live in the United Kingdom, you will almost certainly have received notifications in your inbox...

Read More
September 2022 Patch Tuesday: Microsoft Patches 5 Critical Vulnerabilities and Actively Exploited 0Day
Sep14

September 2022 Patch Tuesday: Microsoft Patches 5 Critical Vulnerabilities and Actively Exploited 0Day

Microsoft released patches to fix 63 vulnerabilities on September 2022 Patch Tuesday, 5 of which have been rated critical, including one zero-day vulnerability affecting Windows that is being actively exploited in the wild. A second zero-day vulnerability has been publicly disclosed but has been rated important with Microsoft believing exploitation is less likely. The actively exploited zero-day is tracked as CVE-2022-37969, has a...

Read More
Ransomware Gangs Adopt Stealthier Technique That Accelerates Encryption Process
Sep13

Ransomware Gangs Adopt Stealthier Technique That Accelerates Encryption Process

Several ransomware gangs have changed their file encryption techniques, and instead of encrypting entire files they are now opting for intermittent encryption, with files only partially encrypted. This technique allows files to be encrypted far more quickly and helps the attackers evade security solutions, which often fail to detect the encryption due to the lower intensity of file IO operations and the greater similarity between...

Read More
12% of Enterprise IT Assets Lack Endpoint Protection
Sep12

12% of Enterprise IT Assets Lack Endpoint Protection

A recent study has revealed 12% of enterprise IT assets do not have enterprise protection installed, and 5% are not covered by patch management processes. The lack of protection and unpatched vulnerabilities could be exploited by threat actors to gain access to enterprise networks. Sevco Security conducted the study using data from 500,000 IT assets and published the findings of the study in its State of Cybersecurity Attack Surface...

Read More
Almost 200,000 Accounts Compromised in The North Face Credential Stuffing Campaign
Sep08

Almost 200,000 Accounts Compromised in The North Face Credential Stuffing Campaign

Customers of the outdoor clothing company, The North Face, said the online accounts of almost 200,000 customers have been compromised. Unusual activity was detected in certain customer accounts on August 11, 2022, with the investigation into a potential data breach confirming customer accounts had been compromised in a credential stuffing campaign between July 26, 2022, and August 19, 2022. If the threat actor was able to access a...

Read More
Ransomware Warning Issued to U.S. School Districts Following Major Attack 2nd Largest U.S. School District
Sep07

Ransomware Warning Issued to U.S. School Districts Following Major Attack 2nd Largest U.S. School District

The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), have issued a joint security alert warning U.S. school districts about the Vice Society ransomware gang, days after the second-largest school district in the United States was crippled by a ransomware attack. Major Ransomware Attack Reported by Los Angeles Unified...

Read More
Bitwarden Set to Accelerate Product Expansion with $100 Million Investment
Sep07

Bitwarden Set to Accelerate Product Expansion with $100 Million Investment

The open source password manager provider, Bitwarden, has secured a $100 million minority growth investment to support its user community, scale its password management solution, accelerate product expansion, and provide stronger online security for individuals and enterprise customers. The latest round of funding was led by the growth equity firm PSG, with existing investor Battery Ventures also participating. There was a major...

Read More
TikTok Denies Theft of 2 Billion Data Records and Source Code
Sep06

TikTok Denies Theft of 2 Billion Data Records and Source Code

On September 3, 2022, a hacker operating under the name of AgainstTheWest claimed on a hacking forum that TikTok and WeChat had been breached and a database had been stolen from an Alibaba cloud repository that contained the personal information of users of the platforms. TikTok and WeChat are both Chinese companies; however, the companies are not owned by the same parent company, which suggests that the hacking claim may not be...

Read More
Luca Stealer Malware Targets Cryptocurrency Wallets and Password Managers
Sep05

Luca Stealer Malware Targets Cryptocurrency Wallets and Password Managers

A new malware variant dubbed Luca Stealer is growing in popularity following the release of its source code for free in July. At present, it appears that attacks are at a relatively low level, but the number of variants detected has increased in recent weeks and there is concern that Luca Stealer could become a significant threat. Luca Stealer is suspected of being used in an attack on the Solana blockchain network (SOL) in early...

Read More
NSA and CISA Issue Guidance for Developers on Securing the Software Supply Chain
Sep02

NSA and CISA Issue Guidance for Developers on Securing the Software Supply Chain

Guidance has been released by the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) on steps that can be taken by developers to secure the software supply chain. Cybercriminals and nation-state threat actors have targeted the software supply chain to efficiently attack large numbers of businesses, such as the SolarWinds...

Read More
What Happens If My Password Manager is Hacked?
Aug31

What Happens If My Password Manager is Hacked?

If you follow the news, or if you use the LastPass password manager, you will no doubt be aware that LastPass was hacked this month, and it is not the first time that has happened at LastPass, as it was also hacked back in 2015. If password managers can be hacked, you may be asking yourself questions such as what happens if my password manager is hacked? Should I be using a password manager? Do I need to change all my passwords? These...

Read More
Mid-Year Threat Report Suggests Ransomware Losses Likely to Exceed $30 Billion by 2023
Aug30

Mid-Year Threat Report Suggests Ransomware Losses Likely to Exceed $30 Billion by 2023

Ransomware is the most serious threat to large and medium-sized businesses, and global ransomware damages have been predicted to exceed $30 billion by 2023, according to the Mid-Year Cyber Protection Operation Centers Report from Acronis. Attacks are showing no sign of slowing as cybercriminal gangs continue to make huge profits from their attacks. According to the report, the Conti ransomware gang was paid $2.7 billion in...

Read More
More than 130 Companies Fall Victim to SMS Phishing Campaign Targeting Okta Credentials
Aug29

More than 130 Companies Fall Victim to SMS Phishing Campaign Targeting Okta Credentials

A highly successful phishing campaign has been identified that targets Okta credentials. Okta is an American identity and access management company that provides cloud-based software solutions to help companies manage and secure user authentication. Researchers at Group-IB analyzed the campaign and reported that 136 companies are known to have been attacked, although only 2/3 of the attacked companies were able to be identified. Some...

Read More
LastPass Hacked: Source Code Stolen
Aug26

LastPass Hacked: Source Code Stolen

LastPass, one of the world’s most popular password managers, has confirmed it has been hacked and portions of its source code have been stolen. Password managers are a must these days. The average person has around 100 passwords (NordPass), so remembering all of those passwords would be impossible without taking some shortcuts that compromise security. The easiest solution is to use a password manager. With a password manager,...

Read More
Claroty Reports 57% Increase in Disclosed XIoT Vulnerabilities in 1H, 2022
Aug25

Claroty Reports 57% Increase in Disclosed XIoT Vulnerabilities in 1H, 2022

There was a 57% increase in reported vulnerabilities affecting extended Internet of things (XIoT) devices in the first half of 2022, compared to the last half of 2021, according to the recently published State of XIoT Security: 1H, 2022 report from cybersecurity firm Claroty. XIoT is an umbrella term that covers connected cyber-physical devices within industrial, healthcare, and commercial enterprise IoT environments. Data collected...

Read More
Residential Proxies Increasingly Used to Hide Credential Stuffing Attacks
Aug24

Residential Proxies Increasingly Used to Hide Credential Stuffing Attacks

Cyber threat actors are increasingly using hacked residential routers to hide their credential stuffing attacks, according to a recent alert from the Federal Bureau of Investigation (FBI). Credential stuffing is a type of brute force attack where a threat actor uses a large list of usernames and passwords that have been compromised in previous data breaches to access accounts on unrelated websites. The attack relies on the reuse of...

Read More
U.S. Healthcare Provider Confirms Unauthorized Disclosure of 1.36 Million Patient Records to Meta
Aug23

U.S. Healthcare Provider Confirms Unauthorized Disclosure of 1.36 Million Patient Records to Meta

A healthcare provider has confirmed the impermissible disclosure of patient information to Meta through the misconfiguration of Meta Pixel tracking code on its website. Earlier this year, The Markup published a report on an investigation into the use of Meta Pixel tracking code on the websites of hospitals. Meta Pixel is used to track user activity on websites and advertising performance; however, the data collected through Meta Pixel...

Read More
2 ‘Actively Exploited’ RCE Vulnerabilities Patched in iPhones, iPads, iPods, and Macs
Aug19

2 ‘Actively Exploited’ RCE Vulnerabilities Patched in iPhones, iPads, iPods, and Macs

Two critical zero-day vulnerabilities have been patched by Apple that may have been actively exploited in the wild. Exploitation of the flaws allows threat actors to remotely execute code on vulnerable iPhone, iPad, and Mac devices. The vulnerabilities affect the 6S iPhone and later models, 6th generation iPads and later, iPad Air 2 and later, iPad mini 4 and later, all iPad Pro models, the 7th generation iPod touch, Mac computer with...

Read More
IBM X-Force Provides Insights into the Rapidly Changing OT Threat Landscape
Aug19

IBM X-Force Provides Insights into the Rapidly Changing OT Threat Landscape

IBM X-Force has analyzed data from its incident response and managed security services (MSS) and has provided valuable insights into the rapidly expanding operational technology (OT) cyber threat landscape. This year, cybersecurity agencies have issued multiple alerts about threats to OT and the potential for attacks on critical infrastructure, new malware threats have been identified that target OT, and many new vulnerabilities have...

Read More
Hackers are Actively Exploiting 5 Vulnerabilities in the Zimbra Collaboration Suite
Aug18

Hackers are Actively Exploiting 5 Vulnerabilities in the Zimbra Collaboration Suite

Five vulnerabilities have been identified in the Zimbra Collaboration Suite (ZCS) that are being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency has recently issued a security advisory to raise awareness of the flaws and to share mitigations to reduce the risk of compromise. ZCS is used by more than 200,000 businesses worldwide. The first vulnerability – tracked as CVE-2022-27924 (CVSS...

Read More
2022 Sees Major Increase in Malicious Browser Downloads
Aug17

2022 Sees Major Increase in Malicious Browser Downloads

According to Kaspersky, in H1, 2022, 1,300,000 attempts were made to install malicious browser extensions, which is a substantial increase from 2021, when 1,823,263 attempts were made for the entire year. From January 1, 2020, to June 30, 2022, 6,795,056 attempts were made by 4.3 million users of Kaspersky software to install malicious browser extensions. There are many legitimate browser extensions, such as ad blockers, spell...

Read More
Microsoft Disrupts Ongoing Russia-Linked Phishing Campaign
Aug16

Microsoft Disrupts Ongoing Russia-Linked Phishing Campaign

Microsoft has announced it has taken steps to disrupt phishing campaigns conducted by a Russia-linked threat actor tracked as SEABORGIUM. The threat actor originates from Russia and conducts operations closely aligned with Russian interests. The threat group has been in operation since at least 2017, and the group is known to conduct phishing and credential theft campaigns, mostly targeting organizations in the United States and the...

Read More