Cybercriminals kick-off 2021 with sweepstakes, credit card, delivery scams

Trend Micro researches have predicted that this year, cybercriminals will continue to take advantage of Covid-19-related effects and incidents — such as people’s reliance on online purchases and e-services and the increased need for financial assistance — in order to Read More …

CISA Issues Supply Chain Compromise Alert, Forms Coordination Group with Other Government Agencies

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert regarding an advanced persistent threat (APT) compromising government agencies, critical infrastructures, and private sector organizations. According to CISA, the APT actor is accountable for the compromise of the SolarWinds Read More …

Raindrop Backdoor: New Malware Discovered in SolarWinds Investigation

Symantec, a division of Broadcom, has uncovered an additional piece of malware used in the SolarWinds attacks which was used against a select number of victims that were of interest to the attackers. Raindrop (Backdoor.Raindrop) is a loader which delivers Read More …

A Chinese hacking group is stealing airline passenger details

A suspected Chinese hacking group has been attacking the airline industry for the past few years with the goal of obtaining passenger data in order to track the movement of persons of interest. The intrusions have been linked to a Read More …

VPNFilter Two Years Later: Routers Still Compromised

With the internet of things (IoT) gaining more popularity, common IoT devices such as routers, printers, cameras, and network-attached storage (NAS) devices, are becoming more frequent targets for cybercriminals. Unlike typical operating systems such as Windows and macOS, users are Read More …

Malwarebytes says SolarWinds hackers accessed its internal emails

Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails. “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same Read More …

DNSpooq bugs let attackers hijack DNS on millions of devices

Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning, remote code execution, and denial-of-service attacks against millions of affected devices. Dnsmasq is a popular and open-source Read More …

FBI warns of vishing attacks stealing corporate accounts

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees. Vishing (also known as voice phishing) is Read More …