17 Jul 2020

FBI Issues Cybersecurity Warning to Air Travelers

The FBI has released a warning to air travelers to be aware of spoofed US airport sites when booking flight tickets online. According to Cyber-supervisory special agent Conal Whetten, there are numerous websites that have copied the legitimate airline to advertise fake tickets. The spoofed domains have also grown increasingly

Read More
17 Jul 2020

Zoom Addresses Vanity URL Zero-Day

Check Point security and Zoom announced on Thursday that a new zero-day has been discovered within the “Vanity URL” feature on Zoom, which allows companies to create their own meeting domain. Through exploiting this zero-day, attackers could pose as a company employee, and then use socially engineered conversation to extract

Read More
17 Jul 2020

Amazon-Themed Phishing Campaigns Swim Past Security Checks

Amazon has been used to perpetuate a pair of new phishing campaigns that aim to steal credentials and other personal information claiming to be Amazon package-delivery notices. Amazon has been in high demand lately due to the COVID-19 pandemic preventing many from leaving the house excessively. However, cybercriminals have capitalized

Read More
16 Jul 2020

Brazil’s Banking Trojans Go Global

According to researchers, four sophisticated malware families historically targeting Brazilian individuals and entities have spread their reach to new countries as well as increasing capabilities. The malware families have expanded to target users in North America, Europe, and other Latin American countries. The most sophisticated banking trojans are often engineered

Read More
16 Jul 2020

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

IBM’s X-Force security team has revealed that they have gained access to five hours of video footage that depict hacking group ITG18, an Iranian threat actor group also known as APT35 or Charming Kitten, performing cybercrimes. The video, according to IBM, seems to be recorded directly from the screens of

Read More
16 Jul 2020

New BlackRock Android malware can steal passwords and card data from 337 apps

A new Android malware strain called BlackRock has been discovered by researchers at ThreatFabric. BlackRock comes equipped with a range of sophisticated data theft capabilities that allow it to target over 300 Android applications. The malware was discovered in May and operates similarly to most other Android banking trojans. The

Read More
16 Jul 2020

Hackers targeted Twitter employees to hijack accounts of Elon Musk, Joe Biden and others in digital currency scam

Yesterday, hackers gained access to over a dozen high-profile accounts on Twitter as part of a bitcoin scam campaign. The accounts of politicians such as Joe Biden and former President Brack Obama, tech billionaires such as Elon Musk, Bill Gates, and Jeff Bezos, and corporate accounts like that of Apple

Read More
15 Jul 2020

More Malware Found Hidden in Chinese Tax Software

Researchers at Trustwave have uncovered more malware as part of a malware campaign hiding backdoors in mandatory Chinese tax software, highlighting the fact that the campaign may be more extensive than previously thought. Last month, Trustwave warned that it had found the GoldenSpy backdoor installed on several clients’ systems after

Read More
15 Jul 2020

Critical SAP Bug Allows Full Enterprise System Takeover

The Department of Homeland Security recently released an alert for a bug that allows attackers to eventually read and modify financial records, change banking details, read PII, administer purchases, disrupt operations, achieve command execution, and delete or modify files. The vulnerability holds the highest severity score and is found in

Read More
15 Jul 2020

Microsoft Patches Wormable RCE Flaw in Windows DNS Servers

Microsoft’s July Patch Tuesday updates include a critical vulnerability in Windows DNS servers, which is likely to be exploited by threat actors if left unpatched on systems. The Patch Tuesday updates include over 100 fixes for various bugs ranging in severity. The most critical, CVE-2020-1350, is a wormable remote code

Read More