27 Mar 2020

An Elite Spy Group Used 5 Zero-Days to Hack North Koreans

On Thursday, researchers at Google’s Threat Analysis Group announced that an unknown group of hackers used five zero-day vulnerabilities to hack North Koreans in 2019. Although many North Koreans have extremely limited access to the internet, the ones who do have been targeted by a sophisticated hacking spree that may

Read More
26 Mar 2020

Cincinnati Firm Faces $5m Data Breach Lawsuit

In Cincinnati, freight brokerage company Total Quality Logistics faces a $5 million lawsuit over a data breach that occurred in February. The company suffered from a cyberattack on the 23rd of February that compromised its customer and carrier information after cybercriminals breached the company’s online web portal. The information disclosed

Read More
26 Mar 2020

Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign

APT41, a Chinese threat group that is responsible for dozens of destructive cyberattacks, has been exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of a new espionage campaign. However, researchers have not yet determined if the campaign is targeting specific organizations or what these

Read More
26 Mar 2020

Tupperware Hit By Card Skimmer Attack

Malwarebytes Labs researchers have discovered a cyberattack on the Tupperware website, targeting customers payment card information via a digital credit card skimmer disguised inside an image file. Researchers found the malicious code when an anomaly in the iframe container was caught, prompting the researchers to look closer at the code.

Read More
25 Mar 2020

HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware

Malware payloads are being pushed onto victims’ systems through an HHS.gov open redirect attack. An open redirect is a web address that automatically redirects users, commonly used by malicious actors to send victims to phishing pages or to deliver malware payloads under the guise of legitimate services. HHS.gov, the latest

Read More
25 Mar 2020

WHO Targeted in Espionage Attempt, COVID-19 Cyberattacks Spike

The World Health Organization (WHO) has been targeted by cybercriminals in a series of attempted attacks amid the COVID-19 pandemic. New evidence also shows that the DarkHotel APT group has tried to infiltrate WHO’s networks to steal information from the organization, although it remains unclear what information the group was

Read More
17 Mar 2020

U.S. Health Department Site Hit With DDoS Cyber Attack

Bloomberg first reported that the United States Health and Human Services Department’s web site suffered from a DDoS cyberattack on Sunday night. This took the entire site online in the middle of the COVID-19 outbreak, which has spiked the search for HHS information dramatically over the past several weeks. On

Read More
10 Mar 2020

Intricate Phishing Scam Uses Support Chatbot to ‘Assist’ Victims

A recent phishing scam is targeting consumers by utilizing a malicious customer service chatbot function that steals victims’ information by prompting them to fill out various forms including credit card numbers and bank account information. The campaign was discovered by MalwareHunterTeam and is targeting Russian citizens. The threat actors are

Read More
10 Mar 2020

AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

AMD has disclosed side-channel attacks in CPUs, and stated that they are not new. The company has been significantly downplaying the side-channel attacks that are capable of leaking potentially sensitive data from its processors released between 2011 and 2019. Researchers stated that these side-channel attacks extract sensitive information through signals

Read More
09 Mar 2020

Multiple nation-state groups are hacking Microsoft Exchange servers

A recent vulnerability in Microsoft Exchange email servers has been exposed by multiple different government-backed hacking groups. The hacking attempts were first spotted by the UK based cyber security firm Volexity, who has not yet shared names of the hacking groups exploiting the vulnerability, however, they have stated that the

Read More