15 Apr 2021

100,000 Google Sites Used to Install SolarMarket RAT

Hackers are currently utilizing search engine optimization (SEO) tactics to direct users seeking common business forums such as invoices, receipts, or other templates to redirect them to hacker-controlled domains. According to eSentire’s Threat Response Unit, attackers are currently in possession of more than 100,000 malicious Google sites that seem legitimate

Read More
15 Apr 2021

The FBI Takes a Drastic Step to Fight China’s Hacking Spree

In early March, Microsoft disclosed that the Chinese state-sponsored hacking group Hafnium had successfully infected tens of thousands of Microsoft Exchange servers in a massive and extensive hacking campaign. Although Microsoft promptly released a patch to fix the vulnerability and urged users to implement the fix as soon as possible,

Read More
15 Apr 2021

CISA Urges Caution for Security Researchers Targeted in Attack Campaign

The Cybersecurity and Infrastructure Security Agency (CISA) has advised cybersecurity researchers to be aware of a recent phishing campaign that targets professionals within the field. The attacks were first disclosed in January and were found to be targeting researchers working on vulnerability research and development within various organizations. The individuals

Read More
14 Apr 2021

Google Patches More Under-Attack Chrome Zero-days

Google has moved to patch more Chrome zero-days that are actively under attack as it seems as though Google’s problems with in-the-wild Chrome zero-days are multiplying rapidly. The vulnerabilities patched affect Windows, macOS, and Linux users, pertaining to CVE-2021-21206 and CVE-2021-21220. Google did not provide any other details on the

Read More
14 Apr 2021

100 Million More IoT Devices Are Exposed—and They Won’t Be the Last

A set of nine vulnerabilities are currently exposing roughly 100 million devices worldwide, according to researchers. The vulnerabilities lie in the basic code that dictates how devices communicate with the internet. What cybersecurity researchers are questioning is how to implement changes and effective defenses that will actively combat these types

Read More
14 Apr 2021

Swedish Sports Body Hacked by Russians, Officials Say

Sweden’s national sports federations was allegedly hacked by the Russian military in 2017-2018, according to a new report released on Tuesday. The data-breaching campaign also affecting some of the world’s leading sports bodies, such as FIFA and the World Anti-Doping Agency. The country called the incident a series of repeated

Read More
14 Apr 2021

Cyber criminals are installing cryptojacking malware on unpatched Microsoft Exchange servers

Cybercriminals are leveraging zero-day vulnerabilities in Microsoft Exchange servers, dropping cryptocurrency mining malware as part of a campaign that seeks to secretly steal the processing power of compromised systems. The campaign is targeted towards financial gain and is currently ongoing, according to advisories published by several US agencies, including warnings

Read More
13 Apr 2021

Food Shortages at Dutch Supermarkets After Ransomware Outage

The Netherlands is still struggling to recover after a recent ransomware attack on a key logistics supplier, resulting in empty shelves at several branches of the country’s largest supermarket chain recently. Albert Heijn is an industry giant and provides food to a large portion of the country, with 1,000 locations.

Read More
13 Apr 2021

1.3M Clubhouse Users’ Data Dumped in Hacker Forum for Free

Security researchers have found an SQL file containing the personal data of 1.3 million Clubhouse users available on a hacker forum for free. The information in the file includes names, user IDs, photo URLs, number of followers, dates the accounts were created, profile information, who invited the user to the

Read More
13 Apr 2021

Microsoft Warns of Malware Delivery via Google URLs

Microsoft has warned of a new campaign utilizing legitimate website contact forms to target victims with URLs that ultimately deliver a banking Trojan. The attack campaign is delivering the IcedID banking Trojan to businesses via emails containing fake legal threats, creating a sense of urgency and luring victims into clicking

Read More