14 Feb 2020

Voting App Flaws Could Have Let Hackers Manipulate Results

Two US states, West Virginia and Oregon have recently begun using a mobile voting app called Voatz to facilitate and simplify absentee voting. However, researchers have recently discovered major security flaws in the app. Experts and the Massachusetts Institute of Technology found a vulnerability that could allow hackers to manipulate

Read More
12 Feb 2020

Flaws in Accusoft ImageGear Expose Users to Remote Attacks

Accusoft ImageGear reported that they had discovered seven vulnerabilities in version 19.5.0 of its ImageGear library. The flaws allow remote attackers to execute code on a victim’s machine, according to a report published by security researchers at Cisco Talos. ImageGear is a document imaging developer toolkit, designed to create, convert,

Read More
12 Feb 2020

Amex, Chase Fraud Protection Emails Used as Clever Phishing Lure

A phishing campaign discovered by the MalwareHunterTeam was publicized on Tuesday. The campaign consists of sophisticated emails that pretend to be fraud protection messages coming from American Express and Chase Bank. The emails ask the recipient to confirm if the listed transactions are legitimate. Customers of these banks should be

Read More
11 Feb 2020

Emotet Now Hacks Nearby Wi-Fi Networks to Spread Like a Worm

Cybersecurity experts have recently discovered a new Emotet malware sample that has the ability to spread to insecure WiFi networks located nearby to an infected device. The malware then attempts to infect the devices connected to these WiFi networks, resulting in a rapid escalation of Emotet’s spread. This new development

Read More
10 Feb 2020

Netanyahu’s party exposes data on over 6.4 million Israelis

A security researcher with Elector Software discovered a misconfiguration in an election day app created for the political party of Isreali prime minister Benjamin Netanyahu by the company Likud. The misconfiguration may have compromised the personal information and details of 6.5 million Israelis. The leak was disclosed today, however, it

Read More
10 Feb 2020

Magecart Gang Attacks Olympic Ticket Reseller and Survival Food Sites

Magecart group has struck again, this time hitting websites selling Olympic tickets and sites selling things like emergency preparation kits through a recent digital card skimmer attack. The attack aims to steal payment data from various websites. Two tickets sales websites, one called Olympic Tickets and the other called Euro

Read More
07 Feb 2020

Iranian Hackers Target Journalists in New Phishing Campaign

A threat group in Iran known as “Charming Kitten” has launched a new campaign that aims to steal email account credentials. The campaign is a phishing attack discovered by Certfa Labs that targets journalists and human rights activists. The group is also widely known as APT35 and is notorious for

Read More
07 Feb 2020

U.S. Finance Sector Hit with Targeted Backdoor Campaign

The United States’s financial sector experienced an increase in cyberattacks last month, the majority of which delivered a powerful backdoor named Minebridge. Minebridge gives cyberattackers advantage over a victim’s machine, allowing them to have full access to all functions. The attack chain employed in the US financial services sector included

Read More
06 Feb 2020

Why the Iranian cyberthreat has become ‘more dynamic’

A top military leader stated that since the US drone strike on Iran that killed Major General Qassem Soleimani in January, the cyber threat coming from Iran has been more dynamic. Gregg Kendrick, executive director of the Marine Corps Forces Cyberspace Command stated that the Iranian regime is likely planning

Read More
06 Feb 2020

Medicaid CCO Vendor Breach Exposes Health, Personal Info of 654K

Health Share of Oregon, a Medicaid coordinated care organization, disclosed today that they had been the victim of a data breach that exposed the health and personal information of over 650,000 individuals. The breach occurred when a laptop belonging to the organization’s transportation vendor, GridWorks IC, was stolen. The organization

Read More