Category: Security
Invicta Malware Delivered Through Fake GoDaddy Refund Invoices
The creator of this Invicta malware is heavily active on social networking sites, using them to advertise their information-stealing malware and its deadly powers. GoDaddy refund emails have become a common tool hackers use to deceive customers into downloading malware....
New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force
May 29, 2023Ravie LakshmananAuthentication / Mobile Security Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed BrutePrint, bypasses limits put...
Data Breach at MCNA Dental Insurer Impacts 9 Million Users
The discovery of unauthorized access to MCNA Insurance Company’s systems occurred on March 6th 2023, although the initial breach had taken place as early as February 26th 2023. MCNA Insurance Company, a prominent US-based dental benefits manager serving millions of...
Commercial PREDATOR Spyware – Delivered Through Zero-Click Exploit
A commercial spyware product offered by the spyware company Intellexa (formerly Cytrox) has been described by Cisco Talos. By designing deployment procedures that frequently call for little to no user engagement, spyware vendors go to significant efforts to make the final...
Stealing From Wallets to Browsers: Bandit Stealer Hits Windows Devices
A new info-stealing malware called Bandit Stealer is capable of evading detection and stealing personal and financial banking data stored in cryptocurrency wallets and web browsers. Bandit Stealer is a new information stealer that Trend Micro cybersecurity researchers recently detected....
Free VPN Data Breach – Over 360 Million User Records Exposed
Based on reports from Jeremiah Fowler, a non-password-protected database exposed nearly 360 million records related to a VPN. The database contained email addresses, device information, and even website references that users visited. According to the investigation, these records belonged to...
New Stealthy Bandit Stealer Targeting Web Browsers and Cryptocurrency Wallets
A new stealthy information stealer malware called Bandit Stealer has caught the attention of cybersecurity researchers for its ability to target numerous web browsers and cryptocurrency wallets. “It has the potential to expand to other platforms as Bandit Stealer was...
Critical OAuth Vulnerability in Expo Framework Allows Account Hijacking
May 27, 2023Ravie LakshmananAPI Security / Vulnerability A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on...
Gaming Firms and Community Members Hit by Dark Frost Botnet
Researchers believe Dark Frost was created using stolen/leaked source code from Qbot, Gafgyt, and Mirai malware to carry out DDoS attacks. Web infrastructure company Akamai’s Security Intelligence Response Team has discovered a new botnet targeting the gaming industry with DDoS...
Mirai Malware Hits Zyxel Devices After Command Injection Bug
Zyxel informed its customers about the security flaw on 25 April 2023 and announced patches for impacted firewalls, which included USG Flex, ATP, ZyWALL/USG, and VPN. A variant of the Mirai botnet has successfully hacked various Zyxel Firewalls after exploiting...
Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data
May 26, 2023Ravie LakshmananData Safety / Cloud Security A new security flaw has been disclosed in the Google Cloud Platform’s (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data. “The vulnerability could have enabled...
APT Hacker Group Attacking SMBs to Use Their Infrastructure
Proofpoint’s security researchers have identified indications of sophisticated threat actors focusing their attention on small and medium-sized enterprises and service providers operating within that particular ecosystem. The researchers recently issued a cautionary message in their latest report regarding a collection...
