Alert! Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking and other login credentials and spy on their activities. Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious…

Read More

Understanding the security risks of Remote Desktop Protocol over the internet

RDP, if not properly configured and secured, can act as a gateway within an organization for cybercriminals to access sensitive internal resources. Attackers can also exploit vulnerable RDP services to perform remote code execution and seize control over targeted gateways. Today, it is very common for businesses to use RDP as a method to access…

Read More

Black Friday/Cyber Monday Ecommerce Security Threats

With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the last calendar days of November into the first week of December. As consumer behavior changes and online transactions become favored over traditional retail-store purchases, Black Friday and Cyber Monday are…

Read More

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system. VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB…

Read More

Data-Enriched Profiles on 1.2B People Exposed in Gigantic Leak

Although the data was legitimately scraped by legally operating firms, the security and privacy implications are numerous. An open Elasticsearch server has exposed the rich profiles of more than 1.2 billion people to the open internet. First found on October 16 by researchers Bob Diachenko and Vinny Troia, the database contains more than 4 terabytes…

Read More

Official Monero Site Hacked to Distribute Cryptocurrency Stealing Malware

What an irony — someone hacked the official website of the Monero cryptocurrency project and quietly replaced legitimate Linux and Windows binaries available for download with malicious versions designed to steal funds from users’ wallets. The latest supply-chain cyberattack was revealed on Monday after a Monero user spotted that the cryptographic hash for binaries he downloaded from…

Read More

Active Office 365 Credential Theft Phishing Campaign Targeting Admin Credentials

Using a real Office 365 account at a legitimate company to send out lures helps phishers evade email defenses. A phishing campaign that uses legitimate organizations’ Office 365 infrastructure to send emails has emerged onto the cyberscam scene. According to Michael Tyler at PhishLabs, cybercriminals are looking to compromise Microsoft Office 365 administrator accounts to…

Read More

More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting

The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to…

Read More

Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information

Majorities think their personal data is less secure now, that data collection poses more risks than benefits, and believe it is not possible to go through daily life without being tracked

Read More