12 Apr 2021

623M Payment Cards Stolen from Cybercrime Forum

According to Group-IB, a database containing stolen payment cards has been hit by hackers, who were able to lift the information off of the Swarmshop cyber-underground card market. The hackers leaked the information online, putting consumers in the US and across globe at risk for identity fraud, theft, and other

Read More
12 Apr 2021

CISA Releases Tool to Detect Microsoft 365 Compromise

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has released a new tool that aims to help organizations detect a potential compromise to Microsoft 365 and Microsoft Azure. The tool has been named Aviary and includes a dashboard that facilitates the analysis of output from Sparrow, a

Read More
12 Apr 2021

If you haven’t patched this old VPN vulnerability, assume your network is compromised

The National Cyber Security Center (NCSC) has released a critical security alert detailing how cybercriminals are actively exploiting a Fortinet VPN vulnerability to distribute ransomware. Kaspersky reported on the flaw earlier this month, stating that criminals are seeking out unpatched systems and are able to exploit the flaw to remotely

Read More
09 Apr 2021

Zero-Day Bug Impacts Problem-Plagued Cisco SOHO Routers

Cisco has stated that it does not plan to patch three different small business router models and one VPN firewall device, despite critical vulnerabilities found in each. The SOHO router models contain a bug that is rated 9.8/10 in severity, and could allow unauthenticated remote users to attack targeted equipment

Read More
09 Apr 2021

Washington State educational organizations targeted in cryptojacking spree

Palo Alto Networks recently released an advisory warning that several recent crypto-jacking incidents have targeted education institutions in Washington State. Crypto-jacking is a type of cyberattack in which attackers use deception tactics to install cryptocurrency mining components that leech off of computational power without being noticed or detected. Different types

Read More
08 Apr 2021

Armed Conflict Draws Closer as State-Backed Cyber-Attacks Intensify

A new HP report details how the world is coming increasingly close to armed conflict sparked by cyberattacks. The study was compiled by University of Surrey senior lecturer in criminology, Mike McGuire. The study claims that there has been a 100% increase in significant state-backed attacks between 2017 and 2020.

Read More
08 Apr 2021

Attackers Blowing Up Discord, Slack with Malware

Slack and Discord, two workflow and collaboration tools, have been infiltrated by malicious actors abusing legitimate functions to evade security and deliver malware. The campaign seeks to drop information stealers, remote access Trojans, and other malware to users utilizing the platforms. The pandemic drove platforms like Slack and Discord to

Read More
08 Apr 2021

Facebook tackles deepfake spread and troll farms in latest moderation push

Earlier this week, Facebook published its latest Coordinated Inauthentic Behavior report, in which it listed its most recent efforts to curb coordinated illegitimate behavior across the social media platform. According to the report, Facebook investigated and wiped out a long-running troll farm located in Albania with a widespread impact. The

Read More
07 Apr 2021

Iranian ‘spy ship’ damaged by explosion in Red Sea

An Iranian ship, called the Saviz, has been damaged by an explosion that occurred while the ship was anchored off of Yemen’s Red Sea coast. The ship is allegedly used by Revolutionary Guards to spy on foreign entities, according to Iran’sforeign ministry. The blast caused no casualties and is still

Read More
07 Apr 2021

Office Depot Configuration Error Exposes One Million Records

Researchers have found a misconfigured Easticsearch server belonging to Office Depot, a popular office supplies store chain. One million customers’ personal information was exposed on the misconfigured server, according to researchers. The database was not protected by a password and was initially found by a Website Planet team on March

Read More