A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges.
Author: Becky Bracken
Europe, North America, Vulnerabilities
Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug
by Becky Bracken •
A patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’
Europe, North America
DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data
by Becky Bracken •
A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says.
Europe, North America
Cyberattacks Against Israeli Government Sites: ‘Largest in the Country’s History’
by Becky Bracken •
DDoS attacks against Israel telecom companies took down government sites, sparking a temporary state of emergency.
Exploits
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
by Becky Bracken •
The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked.
Europe, North America
Cyberattackers Cook Up Employee Personal Data Heist for Meyer
by Becky Bracken •
The Conti gang breached the cookware giant’s network, prepping thousands of employees’ personal data for consumption by cybercrooks.
Europe, North America
Cyberattackers Cook Up Employee Personal Data Heist for Meyer
by Becky Bracken •
The Conti gang breached the cookware giant’s network, prepping thousands of employees’ personal data for consumption by cybercrooks.
Europe, North America
Massive LinkedIn Phishing, Bot Attacks Feed on the Job-Hungry
by Becky Bracken •
The phishing attacks are spoofing LinkedIn to target ‘Great Resignation’ job hunters, who are also being preyed on by huge data-scraping bot attacks.
Europe, North America, Vulnerabilities
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
by Becky Bracken •
However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community’s focus on stopping ransomware attacks.
Europe, North America, Vulnerabilities
Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft
by Becky Bracken •
Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn.
Europe, North America, Vulnerabilities
Public Exploit Released for Windows 10 Bug
by Becky Bracken •
The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update.
Europe, North America
NSO Group Pegasus Spyware Aims at Finnish Diplomats
by Becky Bracken •
Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam.
Europe, North America
2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play
by Becky Bracken •
The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line.
Europe, North America
TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade
by Becky Bracken •
The malware has added an anti-debugging tool that crashes browser tabs when researchers use code beautifying for analysis.
Europe, North America
‘Dark Herring’ Billing Malware Swims onto 105M Android Devices
by Becky Bracken •
The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.
Europe, North America
Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet
by Becky Bracken •
Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country’s only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.
Exploits
Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin
by Becky Bracken •
A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.
Europe, North America
MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists
by Becky Bracken •
State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.
Europe, North America, Vulnerabilities
Surge in Malicious QR Codes Sparks FBI Alert
by Becky Bracken •
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.
Europe, North America
Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers
by Becky Bracken •
The ‘DTPacker’ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds.
Europe, North America
Merck Awarded $1.4B Insurance Payout over NotPetya Attack
by Becky Bracken •
Court rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant’s 2017 cyberattack.
Europe, North America, Vulnerabilities
20K WordPress Sites Exposed by Insecure Plugin REST-API
by Becky Bracken •
The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
Europe, North America, Vulnerabilities
Critical Cisco StarOS Bug Grants Root Access via Debug Mode
by Becky Bracken •
Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
Europe, North America
Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say
by Becky Bracken •
Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia’s wider effort to undermine Ukraine’s sovereignty, according to analysts.
Europe, North America
Cloned Dept. of Labor Site Hawks Fake Government Contracts
by Becky Bracken •
A well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucrative government projects — but harvests credentials instead.
Europe, North America
Cybercriminals Actively Target VMware vSphere with Cryptominers
by Becky Bracken •
VMware’s container-based application development environment has become attractive to cyberattackers.
Europe, North America
Top Illicit Carding Marketplace UniCC Abruptly Shuts Down
by Becky Bracken •
UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next.
Exploits
North Korean APTs Stole ~$400M in Crypto in 2021
by Becky Bracken •
Meanwhile, EtherumMax got sued over an alleged pump-and-dump scam after using celebs like Floyd Mayweather Jr. & Kim Kardashian to promote EMAX Tokens.
Europe, North America, Vulnerabilities
New GootLoader Campaign Targets Accounting, Law Firms
by Becky Bracken •
GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.
Europe, North America
Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts
by Becky Bracken •
Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users.
Europe, North America, Vulnerabilities
WordPress Bugs Exploded in 2021, Most Exploitable
by Becky Bracken •
Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.
Europe, North America
3.7M FlexBooker Records Dumped on Hacker Forum
by Becky Bracken •
Attackers are trading millions of records from a trio of pre-holiday breaches on an online forum.
Europe, North America
Activision Files Unusual Lawsuit over Call of Duty Cheat Codes
by Becky Bracken •
Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders liable for damages.
Europe, North America, Vulnerabilities
Broward Breach Highlights Healthcare Supply-Chain Problems
by Becky Bracken •
More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October.
Europe, North America, Vulnerabilities
SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
by Becky Bracken •
SEGA’s disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.
Europe, North America
5 Cybersecurity Trends to Watch in 2022
by Becky Bracken •
Here’s what cybersecurity watchers want infosec pros to know heading into 2022.
Europe, North America
‘Spider-Man: No Way Home’ Download Installs Cryptominer
by Becky Bracken •
The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report.
Europe, North America
PYSA Emerges as Top Ransomware Actor in November
by Becky Bracken •
Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks.
Europe, North America
Robocalls More Than Doubled in 2021, Cost Victims $30B
by Becky Bracken •
T-Mobile reported blocking 21 billion scam calls during a record-smashing year for robocalls.
Europe, North America
Spider-Man Movie Release Frenzy Bites Fans with Credit-Card Harvesting
by Becky Bracken •
Attackers are using the excitement over the new Spider-Man movie to steal bank information and spread malware.