08 Apr 2020

NASA under ‘significantly increasing’ hacking, phishing attacks

NASA reported that they have been observing increasing malicious activity originating from both cybercriminals and nation-state hackers targeting their personnel and systems while their employees telecommute during the COVID-19 pandemic. The agency stated that they had successfully blocked a wave of malicious cyberattacks with pre-existing mitigation tools and measures. However,

Read More
08 Apr 2020

Chinese APT Groups Targeted Enterprise Linux Systems in Decade-Long Data Theft Campaign

BlackBerry has stated that five threat groups that have been known to steal US companies’ intellectual property on behalf of the Chinese government may have the power to do critical damage during the COVID-19 pandemic. Researchers at BlackBerry claim that the groups have targeted companies in industries via cross-platform attacks

Read More
08 Apr 2020

Experts question abrupt decision by New York City to ban Zoom from use in all public schools

Across the world, educators and students alike have been abruptly thrown into new online class situations as schools and universities close in an effort to combat the spread of the COVID-19 pandemic. A large portion of educators have been using the video conferencing platform Zoom to hold online lessons and

Read More
07 Apr 2020

Government VPN Servers Targeted in Zero-Day Attack

Security analysts at the Chinese firm Qihoo 360 claim that the Chinese government is being targeted by the threat actor group DarkHotel amid efforts to provide access to official resources for those working remotely. The Chinese government has been using virtual private networks (VPNs) to achieve this goal, and DarkHotel

Read More
07 Apr 2020

This Map Shows the Global Spread of Zero-Day Hacking Techniques

Zero-day exploits are being tracked by a global map developed by FireEye, and the company released yesterday an analysis of how these critical vulnerabilities have been exploited worldwide over the past seven years. The publication includes research from Google Project Zero’s database of active zero days. FireEye exposes what countries

Read More
07 Apr 2020

FBI warns again of BEC scammers exploiting cloud email services

The FBI issued a warning to the public yesterday, stating that its Internet Crime Complaint Center (IC3) has received numerous reports of cybercriminals abusing could based email services in Business Email Compromise (BEC) attacks. This marks the second time within the past month that the FBI has warned of BEC

Read More
06 Apr 2020

Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer

A new spear-phishing attack using the World Health Organization (WHO) trademark to lure users has been discovered by researchers at FortiGaurd Labs. The researchers first observed the COVID-19 themed scam on March 27, reporting that threat actors have created a new spearphishing email campaign that spreads the LokiBot trojan. The

Read More
06 Apr 2020

DOJ Says Zoom-Bombing is Illegal, Could Lead to Jail Time

The Department of Justice has warned the public that ‘Zoom-bombing’ is illegal and those who are involved in such practices may be charged with federal and state crimes. The ‘Zoom-bombing’ incidents have frequently been occurring as a result of a massive work-from-home movement in the US as well as colleges

Read More
06 Apr 2020

Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days

Ryan Pickren, a security researcher, has been awarded $75,000 by Apple for uncovering seven zero-days in Safari, three of which Pickren used to access the camera. The discoveries were shared with Apple in December of 2019 and were subsequently patched. Using the three flaws, Pickren was able to build an

Read More
06 Apr 2020

Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others

A Russian state-owned telecommunications provider intercepted internet traffic meant for 200 of the world’s biggest content delivery networks (CDNs) and cloud hosting providers. The telecommunications company, Rostelecom, affected more than 8,800 internet traffic routes in the incident. Impacted companies include Google, Amazon, Facebook, Akamai, Cloudflare, GoDaddy, Digital Ocean, Joyent, LeaseWeb,

Read More