01 Jul 2022

Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data Exfiltration

There is a vulnerability in Zoho’s compliance tool, ManageEngine ADAudit Plus. The tool monitors changes to Microsoft Active Directory and leaves endpoints vulnerable to unauthenticated users. The vulnerability could allow an attack to take over an entire enterprise network.  The tool offers a path into a company’s workstations, file serves,

Read More
01 Jul 2022

SOHO routers used as initial point of compromise in stealth attack campaign

An attack campaign that was undiscovered for nearly two years was exposed by Black Lotus Labs, an intelligence team in Lumen Technologies. The campaign is highly sophisticated. It targets small office or home office (SOHO) routers as a point of compromise.  The campaign works by first pushing an MIPS file

Read More
01 Jul 2022

LockBit ransomware gang promises bounty payment for personal data

The LockBit cybercrime group has launched a bug bounty program that promises money to people willing to share sensitive data that is exploitable in ransomware attacks. LockBit 3.0 is released, with it coming the bounty program. The bug bounty program promises $1,000 to $1 million in rewards for leaking personal

Read More
01 Jul 2022

EU consumer groups accuse Google of privacy violations

European consumer groups accused Google of violating privacy rights online on Thursday. The group alleged that during Google’s account sign-up process, it is unclear to users how much of their personal data would be gathered via their Google accounts. The European Consumer Organization cited deceptive and unclear design and language

Read More
30 Jun 2022

Leaky Access Tokens Exposed Amazon Photos of Users

According to new researcher, hackers who have obtained access to Amazon users’ authentication tokens could have taken the opportunity to steal or encrypt personal photos and document. Security researchers report that the Amazon Photos app for Android does not protect user access tokens properly. Due to the exposed tokens, attackers

Read More
30 Jun 2022

New UnRAR Vulnerability Could Lead to Zimbra Webmail Hack

Security researchers have discovered a new flaw located in the UnRAR utility by RARlabs. The flaw can reportedly be exploited to steal emails from Zimbra email accounts and has been allocated a severity score of 7.5 out of 10 on the CVSS scale. Zimbra is an enterprise email solution that

Read More
30 Jun 2022

Nevadan Arrested for Alleged $45m Metaverse Investment Fraud

A Los Angeles man was arrested yesterday due to suspicion of his involvement in a multimillion-dollar investment fraud scheme. The scheme reportedly tricked 10,000 victims, resulting in disastrous consequences. The man, Neil Chandran, was arrested and charged with three counts of wire fraud and two counts of engaging in monetary

Read More
30 Jun 2022

This new malware is at the heart of the ransomware ecosystem

A new malware called Bumblebee has been analyzed by security researchers at Symantec, leading the experts to believe that the malware has become a key component in ransomware attacks. The malware has been linked to operations perpetrated by notorious threat groups such as Conti, Mountlocker, and Quantum. The role of

Read More
29 Jun 2022

FBI Warns Crooks are Using Deepfakes to Apply for Remote Tech Jobs

The FBI has reported that scammers and cybercriminals are leveraging deepfake technology and stolen personally identifiable information to use during online job interviews when seeking remote roles. The use of deepfakes, synthetic audio, image, and video content created via artificial intelligence technology has been a concerning development in many industries

Read More
29 Jun 2022

Android Spyware ‘Revive’ Upgraded to Banking Trojan

Security researchers at Cleafy have detected a new Android Banking Trojan. The trojan was reportedly spotted in the wild earlier this month and named “Revive” by security researchers due to its ability to automatically restart in the event of an error. The tool is designed for persistent campaigns, and is

Read More