Turla’s ComRAT v4 uses Gmail web UI to receive commands, steal data
Researchers have uncovered version of the ComRat backdoor, one of the Turla Group’s oldest malware families, that distinguishes itself by using Gmail’s web UI to receive commands and nick data.
The newly uncovered version of ComRAT, known for stealing sensitive...
Phishing campaigns leverage Google Firebase storage
New phishing campaigns tracked by Trustware deploy schemes that harvest credentials by taking advantage of “the reputation and services” of the Google Cloud’s Firebase mobile and web application development platform.
The bogus emails cut across industries and tap Firebase’s data...
Attackers’ use of virtual machine to hide ransomware is a first, say researchers
Virtual machines are an important tool for threat analysts as they debug and investigate malware. But now there is a documented case of malicious cyber actors exploiting a VM to their advantage in an attempt to hide a Ragnar...
Patch round-up: Cisco repairs RCE bug; notable fixes from VMware, Google, Adobe
Cisco Systems on Wednesday fixed a critical remote code execution vulnerability in its Unified Contact Center Express solution — one of a flurry of patches and bug disclosures announced this week by tech giants such as Microsoft, Apple and Google.
Found...
Israel, Iran trade cyberattacks
Following a month of cyberattacks involving Iran and Israel, experts are reluctant to predict all-out digital warfare between the nation states, despite the obvious recent tit for tat that underscores age-old, religion-based tensions.
The latest salvo came May 21 by...
Ratcliffe confirmed as DNI on second nomination
Nine months after President Trump heeded bipartisan criticism and withdrew the nomination of Rep. John Ratcliffe, R-Texas, for the director of national intelligence (DNI), Ratcliffe was confirmed as DNI by the Senate in a 49-44 vote.
Ratcliffe, nominated by Trump...
Achieving “security in sunshine” through a security champions program
In today’s world, every business can be thought of as a software business, comprising hundreds of thousands of applications. However, every application holds an average of 26.8 serious vulnerabilities
— a number indicative of today’s modern security landscape where web...
ZeuS byproduct ‘Silent Night’ Zbot ‘not a game-changer’
The Silent Night Zbot, a new variant of the infamous banking trojan ZeuS that wreaked havoc in mid-2009 may be impressive in its design but it’s “not any game changer,” according to a deep-dive report from Malwarebytes and HYAS.
Calling...
Nigerian ‘Scattered Canary’ gang exploits CARES Act with fraudulent unemployment claims
Adding COVID-19 exploitation to its nefarious arsenal targeting governments, the Nigerian Scattered Canary criminal gang most recently attempted to exploit the CARES Act on May 17, filing two fraudulent unemployment claims through Hawaii’s Department of Labor and Industrial Relations...
Colorado and Ohio become latest states to disclose PUA program data leaks
Colorado and Ohio have become the latest states to disclose the accidental exposure of information belonging to citizens who applied to the federal Pandemic Unemployment Assistance program as a means of seeking some financial security during the ongoing COVID-19...
Consumers demand opt-out power from COVID-19 contact tracing apps
To encourage widespread acceptance of Bluetooth-based COVID-19 contact tracing applications, developers should allow consumers to opt out of data sharing at any time, and they should also be more forthcoming about their security efforts and data usage, according to...
Modular backdoor sneaked into video game developers’ servers
A suspected Chinese APT group used a newly discovered modular backdoor to infect at least one video game developer’s build orchestration server and another company’s game servers, researchers have reported.
Although these attacks appear to have taken place prior to...
Cybersecurity makes World Economic Forum’s top 10 Covid-19 global fallout list
The World Economic Forum mainly concerns itself with high-level macroeconomic issues such as global recessions and world economic development. That’s why it was significant this week when the WEF cited cybersecurity as one of its “Top 10 Fallout” issues...
Home Chef confirms data breach after eight million records sold on dark web
The recent breach of Home Chef, confirmed this week, after malicious actor Shiny Hunters sold eight million of its records on the dark web underscores the looming security challenge of managing employees who access business data from outside the...
Covid-related malspam Adwind RAT impersonates U.S. Treasury to steal taxpayer credentials
The advocacy group Abuse.ch has found a Covid-19-related malspam Adwind RAT that impersonates the U.S. Treasury Department and more than likely looks to steal a taxpayer’s credentials.
In a recent Twitter post, the group shows a fraudulent letter from the...
How To Achieve Balance Between Cybersecurity And The User Experience
Usability and security go hand in hand. If you have usability, then by default, you should have security designed into it.
Determining Liability For Security Breaches Isn’t Black And White
Between the volume of successful cyberattacks and the rising cost of the fallout from those attacks, it's understandable for companies and individuals to want to hold someone responsible.
Why Your Approach To Cybersecurity May Require Shifting Your Mindset
Leaders must redefine the concept of a strong cyber posture and relegate event-based security to its rightful place — as an inferior approach to managing cyber risks and threats.
Trump’s New Intelligence Chief Spells Trouble
John Ratcliffe is the least-qualified director of national intelligence in history—and a staunch partisan as well.
Jailbreak Tool Updated to Unlock iPhones Running iOS 13.5
The unc0ver jailbreaking tool has been updated with support for the latest iOS releases, courtesy of a zero-day vulnerability, the team behind the utility announced.
read more
