07 Jan 2020

Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks

Ransomware actors are actively exploiting a critical flaw in the Pulse Secure VPN service, a security researcher recently discovered. The flaw, tracked as CVE-2019-1150, enables attackers to establish unauthenticated HTTPS connections to enterprise networks using the VPN service. Pulse Secure patched the issue in April of last year, and on

Read More
07 Jan 2020

Magecart Hits Parents and Students via Blue Bear Attack

In October of last year, Magecart actors breached Blue Bear Software, a major e-commerce platform for educational institutions, the vendor’s parent company Active Networks has announced. Magecart is an umbrella term for various criminal groups that attack websites with the aim of injecting them with “skimming” malware designed to steal the

Read More
07 Jan 2020

Microsoft: RDP brute-force attacks last 2-3 days on average

A recent study by Microsoft provides insights into brute-force attacks targeting Remote Desktop Protocol (RDP) implementations in enterprise environments. Over the last few years, RDP brute-forcing has become a popular attack vector in ransomware and other malware campaigns. By analyzing RDP-login events on 45,000 enterprise workstations, Microsoft found that the

Read More
07 Jan 2020

DeathRansom Campaign Linked to Malware Cornucopia

Researchers with FortiGuard have linked DeathRansom malware to a number of info-stealing campaigns, all of which seem to be the work of a Russian-speaking resident of Italy who uses the moniker “scat01.” DeathRansom began as a sort of dark joke, since the malware initially pretended to be file-encrypting ransomware, but

Read More
06 Jan 2020

Travelex Site Still Down After New Year’s Eve Attack

On New Year’s Eve, global currency exchange giant Travelex experienced a “software virus” infection that “compromised some of its services”, as a result of which the company’s websites have been unavailable for almost a week now. The company says it has taken down all of its systems “as a precautionary

Read More
06 Jan 2020

Automotive cybersecurity incidents doubled in 2019, up 605% since 2016

The number of automotive cyber incidents has surged by 605% since 2016 and doubled between 2018 and 2019, a new report by Upstream Security shows. The majority of incidents (57%) were the work of cybercriminals, while security researchers accounted for 38%. In 2019, the vast majority (82%) of attacks were

Read More
06 Jan 2020

Ransomware Attack Topples Telemarketing Firm, Leaving Hundreds Jobless

Arkansas-based telemarketing firm The Heritage Company suffered a ransomware attack two months ago, which may mean the end of the 61-year-old business. Even though the company paid the ransom, it was forced to suspend operations indefinitely on December 23. On January 2, the over 300 employees of the firm were

Read More
04 Dec 2019

TrickBot Expands in Japan Ahead of the Holidays

IBM X-Force data indicated that Trickbot banking Trojan is undergoing code modifications and global attacks are increasingly targeting Japan ahead of the 2020 holidays. IBM reported that Trickbot is currently the most active and widely used baking Trojan. In August, Trickbot was modified to target mobile devices and is the

Read More
03 Dec 2019

Report: ‘Smishing,’ Deepfakes to Continue to Rise in 2020

Experian, an American credit reporting company, published a 2020 data breach industry forecast that stated “smishing” or text-based phishing, would be the next danger to consumers and agencies. Following smishing is drones that steal customer data, disruptive deepfakes, hacktivism, and identity theft through mobile payment systems. The report claims that

Read More
03 Dec 2019

Report: APT gang increased cyberattacks on businesses in Q3

Positive Technologies published a Cybersecurity Threatscape Q3 2019 update that found targeted attacks rose to 65% in Q3. Positive technologies also established that 81% of malware infections of corporate infrastructure originated with a phishing message. The targeted attacks in Q3 were mostly conducted by APT groups that pretend to represent

Read More