Cyberscoop
Army warns of QR code scams amid pandemicQuick response codes, or QR codes, may be easy and convenient to use to read menus at restaurants during the pandemic or to enable touch free mobile payments — but the Army now warns that criminals can exploit QR codes to connect phones to run scams. When smart phones scan a QR code, which is made…
Scammers exploit COVID-19 vaccine confusion for fraud effortsA confusing, chaotic rush to deliver COVID-19 vaccinations is making cyberspace a more fertile place for pandemic-related scams. Researchers at Barracuda Networks said on Thursday that vaccine-related spearphishing emails rose 26% from October to the end of January. That roughly coincides with the time Pfizer and Moderna announced vaccine availability, and represents a 12% uptick…
Far-right misinformation on Facebook outranks real newsFar-right misinformation shared on Facebook surrounding the 2020 presidential election received more engagement than real news, according to research published by New York University Wednesday. “Far-right sources designated as spreaders of misinformation had an average of 426 interactions per thousand followers per week, while non-misinformation sources had an average of 259 weekly interactions per thousand…
Cloud security firm Qualys reportedly victimized by prolific scammersA set of cybercriminals behind a string of recent hacks involving Accellion-made software is now claiming responsibility for a breach of Qualys, a major cloud computing security vendor. As proof of the access to data, an extortion site maintained by hackers has leaked documents claiming to contain information on Qualys customers. Attackers affiliated with…
CISA orders US agencies to address Microsoft flaws exploited by suspected Chinese hackersThe Department of Homeland Security’s cybersecurity division on Wednesday ordered federal civilian agencies to address flaws in a popular email software program at the center of a suspected Chinese spying campaign. The “emergency directive” from DHS’s Cybersecurity and Infrastructure Security Agency requires agencies to either apply security fixes for the vulnerabilities in the Microsoft Exchange…
Ryuk ransomware develops worm-like capabilities, France warnsA new sample of Ryuk ransomware appears to have worm-like capabilities, according to an analysis from the French National Agency for the Security of Information Systems (ANSSI), France’s national cybersecurity agency. With such worm-like self-replicating capabilities, Ryuk, one of the most prolific strains of ransomware in the world, can spread from machine to machine without…
Questions about Clubhouse security, privacy just keep adding upFor an invite-only social media app, Clubhouse sure seems to be dealing with a lot of data protection issues. The app, where users congregate in “rooms” for audio-only conversations, has attracted more than 10 million reported downloads, with a range of big names signing up. With that sudden prominence, though, researchers and frustrated users have…
Microsoft warns of state-sponsored Chinese hackers exploiting multiple zero-daysA Chinese government-backed hacking group has been using previously unknown software exploits in “limited and targeted” data-stealing attacks on organizations that use a popular email software program, Microsoft warned Tuesday. The culprit, Microsoft said, is a group of China-based hackers dubbed Hafnium that the technology giant is discussing publicly for the first time. Hafnium has…
Number of investigations into SolarWinds breach grows, along with cleanup costSolarWinds, the federal contractor breached by suspected Russian hackers, acknowledged investigations and inquiries from the Securities and Exchange Commission, the Department of Justice and several state attorneys general, in a filing on Monday. The Texas-based company disclosed the investigations, which include inquiries related to the European Union’s General Data Protection Regulation, in its annual report…
Universal Health Services reports $67 million in losses after apparent ransomware attackAn apparent ransomware attack last fall caused $67 million in pre-tax losses at Universal Health Services, the U.S. health care provider has revealed, illustrating the sharp financial toll that criminal hackers have caused the sector during the pandemic. The Sept. 27 breach at Universal Health Services (UHS) was widely reported to be a ransomware attack,…
Fifth Domain Cyber
Krebs on Security
Three Top Russian Cybercrime Forums HackedOver the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums' user databases, including email and Internet addresses and hashed passwords.
Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder EmailsMicrosoft Corp. today released software updates to plug four critical security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.
Payroll/HR Giant PrismHR Hit by Ransomware?PrismHR, a company that sells software and services used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack.
Threatpost
National Surveillance Camera Rollout Roils Privacy ActivistsTALON, a network of smart, connected security cameras developed by the Atlanta-based startup and installed by law enforcement around the country, raises surveillance-related privacy concerns.
CISA Orders Federal Agencies to Patch Exchange ServersEspionage attacks exploiting the just-patched remote code-execution security bugs in Microsoft Exchange servers are quickly spreading.
COVID-19 Vaccine Spear-Phishing Attacks Jump 26 PercentCybercriminals are using the COVID-19 vaccine to steal Microsoft credentials, infect systems with malware and bilk victims out of hundreds of dollars.
Unpatched Bug in WiFi Mouse App Opens PCs to AttackWireless mouse-utility lacks proper authentication and opens Windows systems to attack.
Google Patches Actively-Exploited Flaw in Chrome BrowserA flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users.
Malaysia Air Downplays Frequent-Flyer Program Data BreachA third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals.
Home-Office Photos: A Ripe Cyberattack VectorThreat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk.
RTM Cybergang Adds New Quoter Ransomware to Crime SpreeThe Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics.
Malicious Code Bombs Target Amazon, Lyft, Slack, ZillowAttackers have weaponized code dependency confusion to target internal apps at tech giants.
Microsoft Exchange Zero-Day Attackers Spy on U.S. TargetsFull dumps of email boxes, lateral movement and backdoors characterize sophisticated attacks by a Chinese APT - while more incidents spread like wildfire.
Post-Cyberattack, Universal Health Services Faces $67M in LossesThe Fortune-500 hospital network owner is facing steep costs in damages after a cyberattack impacted patient care and billing in September and October.
Jailbreak Tool Works on iPhones Up to iOS 14.3The UnC0ver team took advantage of an iOS flaw patched in January in its latest tool allowing developers and other enthusiasts to hack into their own devices.
Compromised Website Images Camouflage ObliqueRAT MalwareEmails spreading the ObliqueRAT malware now make use of steganography, disguising their payloads on compromised websites.
Ryuk Ransomware: Now with Worming Self-PropagationThe Ryuk scourge has a new trick in its arsenal: Self-replication via SMB shares and port scanning.
Mobile Adware Booms, Online Banks Become Prime Target for AttacksA snapshot of the 2020 mobile threat landscape reveals major shifts toward adware and threats to online banks.
Malware Loader Abuses Google SEO to Expand Payload DeliveryGootloader has expanded its payloads beyond the Gootkit malware family, using Google SEO poisoning to gain traction.
Passwords, Private Posts Exposed in Hack of Gab Social NetworkThe Distributed Denial of Secrets group claim they have received more than 70 gigabytes of data exfiltrated from social media platform Gab.