04 Aug 2021

New Raccoon Stealer Campaign Underscores an Evolving Threat

Sophos researchers have detailed a new Racoon Stealer campaign that underscores the evolution of the information-stealer. According to Sophos, the Racoon Stealer has been distributed through a dropper campaign with the goal of stealing cryptocurrencies, cookies, and other valuable information located on target machines. Researchers confirmed that the campaign had

Read More
04 Aug 2021

Hackers target Kubernetes to steal data and processing power. Now the NSA has tips to protect yourself

The NSA recently released guidance regarding Kubernetes to aid organizations in deploying the open-source platform without exposing it to hackers seeking to steal data and processing power. The application is utilized by organizations for managing containerized applications. The guidance was a joint publication that was also authored by the DHS’s

Read More
03 Aug 2021

Chipotle Emails Serve Up Phishing Lures

According to new information, a breach of Chipotle’s restaurant email marketing service last month has lead to customers being targeted with phishing lures in seemingly legitimate emails that then harvested users’ credentials. This attack mirrors earlier Nobelium attacks, according to researchers at Inky, who first reported that Chipotle’s email vendor

Read More
28 Jul 2021

Get patching: US, UK, and Australia issue joint advisory on top 30 exploited vulnerabilities

The US’s Cybersecurity and Infrastructure Security Agency (CISA), Australia’s Cyber Security Centre (ACSC), and the UK’s National Cyber Security Centre (NCSC), and the US FBI recently released an advisory detailing the top 30 most exploited vulnerabilities dating back to 2017. After seven months of 2021, the agencies found that CVE-2017-11882,

Read More
27 Jul 2021

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Microsoft rushed to release mitigations for a new exploit that forces remote Windows systems to reveal password hashes that can easily be cracked by malicious actors. The flaw lies in the Windows NT LAN Manager, according to the company, and has been dubbed PetitPotam. Microsoft has released an advisory that

Read More
27 Jul 2021

Time to update your iPhone as Apple fixes ‘actively exploited’ zero day flaw

Apple released a fix for a previously undisclosed flaw that appears to have been actively exploited. The patch pertains to iPad iOS 14.7.1 and iOS 14.7.1. The company also released macOS Big Sur 11.5.1 to address the same issue, however, this one lies in a common Apple kernel extension called

Read More
26 Jul 2021

Malware Infects Japanese Devices Ahead of Olympic Games

According to Japanese security company Mitsui Bussan Secure Directions, Olympics-themed malware is targeting Japanese PCs across the country. The malware was discovered on July 21, just days before the opening ceremony, and is designed to wipe files from target systems. Although the malware does not delete everything, it searches for

Read More
26 Jul 2021

Scammers offer streaming services, giveaways and a fake cyber currency to cash in on the Olympic Games

According to experts at Kaspersky, Olympic-related phishing attacks have popped up in several different forms, including through fake pages offering streaming services, tickets to events that don’t allow spectators, and fake Olympic Games virtual currency. Kaspersky researchers stated that it’s common for cybercriminals to take advantage of popular sports events

Read More
16 Jul 2021

Safari Zero-Day Used in Malicious LinkedIn Campaign

According to researchers from Google’s Threat Analysis Group and Project Zero, attackers exploited a Safari vulnerability to target government officials in Western Europe. The vulnerability was leveraged to send malicious links to government officials via LinkedIn. Google’s research team detected and reported the vulnerability, publishing a blog post on Wednesday

Read More
16 Jul 2021

Artwork Archive cloud storage misconfiguration exposed user data, revenue records

Misconfigurations in Artwork Archive, a platform used to connect artists to potential buyers, allegedly led to a data leak in which the personally identifiable information (PII) of users was exposed. The WizCase team reported that they discovered a misconfigured Amazon S3 bucket belonging to the platform. The researchers stated that

Read More