19 Feb 2020

Iranian Hackers Backdoored VPNs Via One-Day Bugs

Security researchers have reported that unpatched bugs in VPN and RDPs allowed Iran to conduct a cyber-espionage campaign that infiltrated global organizations. Although the campaign was already attributed to APT33, a state-sponsored hacking group, security firm Clearsky has publicized further details. The new report claims that the three-year-long campaign named

Read More
18 Feb 2020

Hackers Join Forces Against U.S. And Israeli Targets: This Is What An Iranian Cyber Attack Looks Like In 2020

The 2010 Stuxnet worm attack on the Natanz nuclear plant was eye-opening to Iranian officials, and since the attack, Iran has reportedly been taking cybersecurity seriously. Although Iran may not be likely to initiate a cyberwar scenario, the majority of the cyber-espionage campaigns originating out of Tehran has been directed

Read More
18 Feb 2020

SMS Phishing Campaign Targets Mobile Bank App Users in North America

A dozen North American banks have been targeted in a mobile phishing campaign that has already victimized 4,000 victims through deploying an automated SMS tool. The tool sends out fraudulent security text messages to mobile phone users and has targeted customers of banks like Chase, TD Bank, and Royal Bank

Read More
18 Feb 2020

Three API security risks in the wake of the Facebook breach

In 2018, Facebook experienced a critical breach that was unpatched for over 20 months that resulted in the theft of 30 million authentication tokens and a similar amount of personally identifiable information. Facebook has since pledged to improve its security, but the theft of access token still represents a major

Read More
17 Feb 2020

Report shows personal info on 144K Canadians breached by federal entities

The Canadian Broadcasting Corporation (CBC) reported that several Candian government departments and agencies have compromised the personal and sensitive information of 144,000 individuals across almost 8,000 breaches that occurred over a two-year span. The breaches, which spread across 10 entities and were observed over the past two years, exposed the

Read More
17 Feb 2020

Targeted Phishing Attack Aims For Well-Known Corporate Brands

MalwareHunterTeam has uncovered yet another new phishing campaign, this one targeting well-known brands such as Glad and Hasbro. The international companies were attacked using SLK attachments and has targeted a total of thirteen high profile companies to date. SLK attachments can allow the attacker to gain access to corporate networks.

Read More
17 Feb 2020

500 Malicious Chrome Extensions Impact Millions of Users

Duo Security released an analysis on Thursday claiming that over 500 malicious Chrome extensions were secretly collecting browser data and redirecting users to websites containing malware. Researchers at Duo Security stated that the extensions have since been removed from Google’s Chrome Web Store, but that they were previously downloaded millions

Read More
14 Feb 2020

Voting App Flaws Could Have Let Hackers Manipulate Results

Two US states, West Virginia and Oregon have recently begun using a mobile voting app called Voatz to facilitate and simplify absentee voting. However, researchers have recently discovered major security flaws in the app. Experts and the Massachusetts Institute of Technology found a vulnerability that could allow hackers to manipulate

Read More
13 Feb 2020

Microsoft Addresses Active Attacks, Air-Gap Danger with 99 Patches

In Microsoft’s February Patch Tuesday Update contains 12 critical and five previously disclosed bugs. This is one of the biggest Patch Tuesday updates to date, and the patches cover 99 different security vulnerabilities across a range of products. Twelve of the bugs are rated as critical while the rest are

Read More
13 Feb 2020

Apple joins FIDO Alliance, commits to getting rid of passwords

Apple announced that it plans to join the FIDO Alliance in an effort to kill off passwords. Passwords have long been a weak link in the cybersecurity industry, with 81% of all hacking based security breaches traced back to poor passwords. FIDO Alliance aims to replace password-only logins with secure

Read More