05 Nov 2019

Europol: Spear phishing the most prevalent cyber threat affecting orgs across the EU

A new report[pdf] by Europol identifies spear phishing, i.e. targeted phishing, as the top threat to organizations in European Union (EU) member states. According to the study, spear phishing is the most common attack vector used by cybercriminals to compromise organizations. Steven Wilson of Europol’s European Cybercrime Centre added that

Read More
05 Nov 2019

Attack on Indian Ed Tech Firm Exposes 687K Users

In July of this year, threat actors breached Indian educational technology firm Vedantu and obtained access to the private data of around 687,000 users, breach notification site Have I Been Pwned? has discovered. According to the website, the exposed data includes “email and IP address, names, phone numbers, genders and

Read More
05 Nov 2019

Critical Remote Code Execution Flaw Found in Open Source rConfig Utility

A security researcher has discovered two remote code execution vulnerabilities, one of which is deemed critical, in the open-source network configuration tool rConfig that thousands of network engineers are using to snapshots of more than 7 million network devices. The critical flaw, tracked as CVE-2019-16662, makes it possible for a

Read More
04 Nov 2019

The First BlueKeep Mass Hacking Is Finally Here—but Don’t Panic

Threat actors are actively exploiting the critical BlueKeep flaw that impacts Remote Desktop Protocol (RDP) implementations on unpatched older Windows operating systems. Microsoft and other companies have warned that the flaw, tracked as CVE-2019-0708, is very dangerous because it could be used by attackers to carry out a massive attack

Read More
04 Nov 2019

Solar, Wind Power Utility Disrupted in Rare Cyberattack

In March of this year, Utah-based renewable energy provider sPower suffered a denial-of-service (DoS) attack resulting in multiple short periods of downtime at the firm’s main control center. According to Phil Neray of CyberX, the attack “disrupted the organization’s ability to monitor the current status of its power-generation systems,” an

Read More
04 Nov 2019

Chrome Zero-Day Vulnerability Exploited in Korea-Linked Attacks

Threat actors recently took advantage of a zero-day flaw in the Google Chrome browser in order to serve malware to users via a compromised website, a report by Kaspersky shows. The vulnerability, tracked as CVE-2019-13720, affected Chrome for Windows, macOS and Linux. Google released a patch for the flaw and

Read More
04 Nov 2019

Nikkei Hit in $29m BEC Scam

Japanese Media firm Nikkei, which owns the Financial Times, was scammed out of $29 million dollars in September of this year because a staff member of its US subsidiary fell for what seems to have been a textbook Business Email Compromise (BEC) attack, the company admitted. In a statement, Nikkei

Read More
01 Nov 2019

Chinese Cyberspies Use New Malware to Intercept SMS Traffic at Mobile Operators

A Thursday report by FireEye details how Chinese state-sponsored hacking group APT41 has been intercepting SMS traffic using a new malware strain called MESSAGETAP. APT41 has been linked to cyber espionage campaigns as well as financially-motivated attacks from 2012 onward. MESSAGETAP is designed to target Linux servers used by telecommunications

Read More
01 Nov 2019

32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant

New research by Unit 42 warns that a new version of the Gafgyt Internet of Things (IoT) botnet is targeting vulnerabilities in home routers by Huawei, Realtek and Zyxel. Scan results show that the total number of vulnerable devices is at least 32,000. Gafgyt has been active since 2014, and

Read More
01 Nov 2019

Thousands of QNAP NAS devices have been infected with the QSnatch malware

Threat actors are targeting network-attached storage (NAS) devices produced by Taiwanese tech firm QNAP with QSnatch, a malware strain that has not been spotted before. The German Computer Emergency Response Team (CERT-Bund) has reported more than 7,000 infections so far, but the campaign is targeting devices across the world. A

Read More