Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks
Ransomware actors are actively exploiting a critical flaw in the Pulse Secure VPN service, a security researcher recently discovered. The flaw, tracked as CVE-2019-1150, enables attackers to establish unauthenticated HTTPS connections to enterprise networks using the VPN service. Pulse Secure patched the issue in April of last year, and on
Magecart Hits Parents and Students via Blue Bear Attack
In October of last year, Magecart actors breached Blue Bear Software, a major e-commerce platform for educational institutions, the vendor’s parent company Active Networks has announced. Magecart is an umbrella term for various criminal groups that attack websites with the aim of injecting them with “skimming” malware designed to steal the
Microsoft: RDP brute-force attacks last 2-3 days on average
A recent study by Microsoft provides insights into brute-force attacks targeting Remote Desktop Protocol (RDP) implementations in enterprise environments. Over the last few years, RDP brute-forcing has become a popular attack vector in ransomware and other malware campaigns. By analyzing RDP-login events on 45,000 enterprise workstations, Microsoft found that the
DeathRansom Campaign Linked to Malware Cornucopia
Researchers with FortiGuard have linked DeathRansom malware to a number of info-stealing campaigns, all of which seem to be the work of a Russian-speaking resident of Italy who uses the moniker “scat01.” DeathRansom began as a sort of dark joke, since the malware initially pretended to be file-encrypting ransomware, but
Travelex Site Still Down After New Year’s Eve Attack
On New Year’s Eve, global currency exchange giant Travelex experienced a “software virus” infection that “compromised some of its services”, as a result of which the company’s websites have been unavailable for almost a week now. The company says it has taken down all of its systems “as a precautionary
Automotive cybersecurity incidents doubled in 2019, up 605% since 2016
The number of automotive cyber incidents has surged by 605% since 2016 and doubled between 2018 and 2019, a new report by Upstream Security shows. The majority of incidents (57%) were the work of cybercriminals, while security researchers accounted for 38%. In 2019, the vast majority (82%) of attacks were
Ransomware Attack Topples Telemarketing Firm, Leaving Hundreds Jobless
Arkansas-based telemarketing firm The Heritage Company suffered a ransomware attack two months ago, which may mean the end of the 61-year-old business. Even though the company paid the ransom, it was forced to suspend operations indefinitely on December 23. On January 2, the over 300 employees of the firm were
TrickBot Expands in Japan Ahead of the Holidays
IBM X-Force data indicated that Trickbot banking Trojan is undergoing code modifications and global attacks are increasingly targeting Japan ahead of the 2020 holidays. IBM reported that Trickbot is currently the most active and widely used baking Trojan. In August, Trickbot was modified to target mobile devices and is the
Report: ‘Smishing,’ Deepfakes to Continue to Rise in 2020
Experian, an American credit reporting company, published a 2020 data breach industry forecast that stated “smishing” or text-based phishing, would be the next danger to consumers and agencies. Following smishing is drones that steal customer data, disruptive deepfakes, hacktivism, and identity theft through mobile payment systems. The report claims that
Report: APT gang increased cyberattacks on businesses in Q3
Positive Technologies published a Cybersecurity Threatscape Q3 2019 update that found targeted attacks rose to 65% in Q3. Positive technologies also established that 81% of malware infections of corporate infrastructure originated with a phishing message. The targeted attacks in Q3 were mostly conducted by APT groups that pretend to represent