Invicta Malware Delivered Through Fake GoDaddy Refund Invoices
The creator of this Invicta malware is heavily active on social networking sites, using them to advertise their information-stealing malware and its deadly powers. GoDaddy refund emails have become a common tool hackers use to deceive customers into downloading malware....
New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force
May 29, 2023Ravie LakshmananAuthentication / Mobile Security Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed BrutePrint, bypasses limits put...
Data Breach at MCNA Dental Insurer Impacts 9 Million Users
The discovery of unauthorized access to MCNA Insurance Company’s systems occurred on March 6th 2023, although the initial breach had taken place as early as February 26th 2023. MCNA Insurance Company, a prominent US-based dental benefits manager serving millions of...
Dark Frost botnet launches a large-scale DDoS attack compromising hundreds of devices
Posted on May 29, 2023 at 8:19 AM A new botnet known as Dark Frost has been detected to be behind a distributed denial-of-service (DDoS) attack within the gaming industry. The botnet has expanded in terms of activity and it...
Commercial PREDATOR Spyware – Delivered Through Zero-Click Exploit
A commercial spyware product offered by the spyware company Intellexa (formerly Cytrox) has been described by Cisco Talos. By designing deployment procedures that frequently call for little to no user engagement, spyware vendors go to significant efforts to make the final...
Stealing From Wallets to Browsers: Bandit Stealer Hits Windows Devices
A new info-stealing malware called Bandit Stealer is capable of evading detection and stealing personal and financial banking data stored in cryptocurrency wallets and web browsers. Bandit Stealer is a new information stealer that Trend Micro cybersecurity researchers recently detected....
Free VPN Data Breach – Over 360 Million User Records Exposed
Based on reports from Jeremiah Fowler, a non-password-protected database exposed nearly 360 million records related to a VPN. The database contained email addresses, device information, and even website references that users visited. According to the investigation, these records belonged to...
New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets
A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. “It has the potential to expand to other platforms as Bandit Stealer was...
Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking
May 27, 2023Ravie LakshmananAPI Security / Vulnerability A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on...
Hackers exploit XSS flaw in a WordPress cookie consent plugin
Posted on May 27, 2023 at 9:24 AM Hackers have been launching ongoing attacks targeting WordPress sites. These attacks have been targeted at an unauthenticated stored cross-site scripting (XSS) vulnerability within a WordPress cookie consent plugin known as Beautiful Cookie...
Gaming Firms and Community Members Hit by Dark Frost Botnet
Researchers believe Dark Frost was created using stolen/leaked source code from Qbot, Gafgyt, and Mirai malware to carry out DDoS attacks. Web infrastructure company Akamai’s Security Intelligence Response Team has discovered a new botnet targeting the gaming industry with DDoS...
Mirai Malware Hits Zyxel Devices After Command Injection Bug
Zyxel informed its customers about the security flaw on 25 April 2023 and announced patches for impacted firewalls, which included USG Flex, ATP, ZyWALL/USG, and VPN. A variant of the Mirai botnet has successfully hacked various Zyxel Firewalls after exploiting...
