Threat Post

Cybercriminals Step Up Their Game Ahead of U.S. Elections

Threat Post - 2 hours 16 min ago
Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns - but this time, social media giants, the government and citizens are more prepared.
Categories: Threat Post

Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser

Threat Post - 3 hours 41 min ago
The memory-corruption vulnerability exists in the browser’s FreeType font rendering library.
Categories: Threat Post

Ransomware Group Makes Splashy $20K Donation to Charities

Threat Post - Tue, 10/20/2020 - 4:36pm
Cybercriminal gang Darkside sent $20K in donations to charities in a ‘Robin Hood’ effort that’s likely intended to draw attention to future data dumps, according to experts.
Categories: Threat Post

Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio

Threat Post - Tue, 10/20/2020 - 2:31pm
The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month.
Categories: Threat Post

Facebook: A Top Launching Pad For Phishing Attacks

Threat Post - Tue, 10/20/2020 - 12:54pm
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users.
Categories: Threat Post

Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts

Threat Post - Tue, 10/20/2020 - 12:20pm
Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud.
Categories: Threat Post

Office 365 OAuth Attack Targets Coinbase Users

Threat Post - Tue, 10/20/2020 - 10:33am
Attackers are targeting Microsoft Office 365 users with a Coinbase-themed attack, aiming to take control of their inboxes via OAuth.
Categories: Threat Post

Mobile Browser Bugs Open Safari, Opera Users to Malware

Threat Post - Tue, 10/20/2020 - 9:00am
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.
Categories: Threat Post

Confronting Data Risk in the New World of Work

Threat Post - Tue, 10/20/2020 - 9:00am
With Stanford research showing that nearly half of the U.S. labor force is now working from home full-time, insider threats are a much more difficult problem.
Categories: Threat Post

Google’s Waze Can Allow Hackers to Identify and Track Users

Threat Post - Tue, 10/20/2020 - 6:48am
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.
Categories: Threat Post

Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video

Threat Post - Mon, 10/19/2020 - 3:22pm
"Nuke Bizzle" faces 22 years in prison after brazenly bragging about an identity-theft campaign in his music video, "EDD."
Categories: Threat Post

DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks

Threat Post - Mon, 10/19/2020 - 3:10pm
DOJ charges six Russian nationals for their alleged part in the NotPetya, Ukraine power grid and Olympics cyberattacks.
Categories: Threat Post

GravityRAT Comes Back to Earth with Android, macOS Spyware

Threat Post - Mon, 10/19/2020 - 1:34pm
The espionage tool masquerades as legitimate applications and robs victims blind of their data.
Categories: Threat Post

Overlay Malware Targets Windows Users with a DLL Hijack Twist

Threat Post - Mon, 10/19/2020 - 1:05pm
Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software.
Categories: Threat Post

Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack

Threat Post - Mon, 10/19/2020 - 12:36pm
Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.
Categories: Threat Post

Microsoft Exchange, Outlook Under Siege By APTs

Threat Post - Mon, 10/19/2020 - 11:09am
A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.
Categories: Threat Post

Game Titles Watch Dogs: Legion, Albion Both Targeted by Hackers

Threat Post - Mon, 10/19/2020 - 10:24am
In both cases, cybercriminals claim to have reams of information for the popular gaming titles.
Categories: Threat Post

Microsoft: Most-Imitated Brand for Phishing Emails

Threat Post - Mon, 10/19/2020 - 6:00am
The shift to remote working spurred Microsoft and Amazon to the top of the heap for cybercriminals to use as lures in the third quarter.
Categories: Threat Post

Phishers Capitalize on Headlines with Breakneck Speed

Threat Post - Fri, 10/16/2020 - 5:20pm
Marking a pivot from COVID-19 scams, researchers track a single threat actor through the evolution from the pandemic to PayPal, and on to more timely voter scams -- all with the same infrastructure.
Categories: Threat Post

Microsoft Fixes RCE Flaws in Out-of-Band Windows Update

Threat Post - Fri, 10/16/2020 - 4:47pm
The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could enable remote code execution.
Categories: Threat Post