Welcome to the 229th episode of the Kaspersky Transatlantic Cable podcast. Ahmed, Dave and I start by looking into the world of NFTs. ?OMG WHO RIGHT CLICKED ALL OF THE #NFTs?????? https://t.co/o0YRK78AkL ????? pic.twitter.com/g74TFqzX0n — thenftbay.org ??? (@GeoffreyHuntley) November 18, 2021 In this tale, it show more ...
BazarLoader is using new delivery methods including compromised software installers and ISO files in its new version to avoid system detection. Organizations are recommended to deploy reliable anti-malware solutions to stay protected.
A new JavaScript malware loader named RATDispenser has been found distributing RATs as payloads in multiple stealthy attacks. The delivered malware families include STRRAT, WSHRAT, AdWind, Formbook, Remcos, Panda Stealer, GuLoader, and Ratty. Organizations are suggested to deploy reliable anti-malware and anti-phishing solutions, along with network firewalls.
According to a team of Italian researchers, a large number of printers are publicly exposed on the internet, making it easy for attackers to send malicious data remotely.
The feds estimated that online shoppers could lose more than $53 million during this year’s holiday season to scams offering bargains and gifts that are hard to find due to merchandise shortages.
Researchers found that over the past 18 months, some 444 unique phishing portals were used to target 7,403 people from across 14 industry sectors as part of the campaign.
In all cases, “free Steam keys” are the name of the fake game. No matter which of the many accounts post up these videos, they all typically link to the same download hosting site.
The GoDaddy breach affecting 1.2 million customers has widened – it turns out that various subsidiaries that resell GoDaddy Managed WordPress services were also affected.
Ukrainian investigators are celebrating after claiming to have arrested members of a prolific mobile hacking gang named Phoenix which targeted victims via Apple and Samsung phishing sites.
A new Iranian threat actor has been found exploiting a patched critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer.
The personally identifiable information of more than 62,000 U.S. citizens may have been compromised following a cyber-attack against a New Mexico-based healthcare insurer.
In a statement, NPC confirmed the receipt of a breach notification report on November 15 from S&R Membership Shopping concerning a cyberattack “that may have compromised its members’ personal data.”
In an experiment by Palo Alto Network's Unit 42, around 80% of the honeypots were compromised within 24 hours and the rest were compromised within a week, with SSH being the prime target.
Upon analyzing Emotet’s code, several researchers confirmed that the malware has been upgraded, along with expansion of its infrastructure, for an improved, secure, and robust operation.
The hospital learned that a night shift employee improperly accessed electronic medical patient records in violation of its policies, leading to unauthorized access to 13,000 patients' data.
Hide My WP, a popular WordPress security plugin, contained a serious SQL injection (SQLi) vulnerability and a security flaw that enabled unauthenticated attackers to deactivate the software.
Bagisto version 1.3.3 suffers from a client-side template injection vulnerability.
Gerdab.ir suffers from a remote SQL injection vulnerability.
VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the bug has been rated 7.5 out of a maximum of 10 on the CVSS scoring system,
Threat actors have been found using a previously undocumented JavaScript malware strain that functions as a loader to distribute an array of remote access Trojans (RATs) and information stealers. HP Threat Research dubbed the new, evasive loader "RATDispenser," with the malware responsible for deploying at least eight different malware families in 2021. Around 155 samples of this new malware
A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a new PowerShell-based information stealer designed to harvest extensive details from infected machines. "[T]he stealer is a PowerShell script, short with powerful collection capabilities — in only ~150 lines, it provides the
Stop tempting fate and take a look at our picks for the best antivirus programs on the market today. Every year there are billions of malware attacks worldwide. And these threats are constantly evolving. So if you are not currently using antivirus software, or you still rely on some free software you downloaded back in 2017, you are putting your cybersecurity in serious jeopardy. Need help
Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos disclosed that it "detected malware samples in the wild that are attempting to take advantage of this
Every Product Manager and Software Developer should know that pushing feature updates to production via traditional channels is as archaic as painting on cave walls. The smart are always quick to adapt to new, innovative technologies, and this mindset is exactly what makes normal companies great. The landscape is changing fast, especially in IT. Change isn't just necessary, but more often than
Graham Cluley Security News is sponsored this week by the folks at 1Password. Thanks to the great team there for their support! 1Password 8 for Windows has been reimagined with productivity improvements, enhanced security and privacy features, and a new, modern design. 1Password 8 helps you manage, access, and protect show more ...
Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. Read more in my article on the Tripwire State of Security blog.
Heating systems are left vulnerable to attack in the high courts, cybercrime unicorns have become a reality (but what are they?), over 15 Terabytes of NFTs are made available for anyone to download ... and Carole reveals her Pick of the Year. All this and much more is discussed in the latest edition of the show more ...
The United Kingdom government has introduced new legislation designed to improve the security of "smart" internet-connected devices used in people's homes. Read more in my article on the Hot for Security blog.
