As phishing scammers actively impersonate institutions like the World Health Organization and Centers for Disease Control in order to capitalize on Covid-19 fears, government bodies and state-run health care organizations continue to make themselves vulnerable to email spoofing scams that leverage their names by failing to employ DMARC email validation protections, a new report states.…
Kentucky has become the sixth state to disclose a data leak related to unemployment-related forms that has taken place during the Covid-19 pandemic. The Kentucky Education & Workforce Development Cabinet (EWDC) on Thursday acknowledged that a vulnerability in its Unemployment Insurance Portal caused a data leak that allowed insurance claimants to view the identity verification…
Bank of America has disclosed that it briefly exposed certain business clients’ Paycheck Protection Program (PPP) applications to outside parties after uploading the documents onto a test platform. The incident bears similarities to the recent news of at least states mistakenly exposing application information related to the Pandemic Unemployment Assistance (PUA) program. Both the PPP…
Researchers are warning users to be on the lookout for form-based phishing attacks whereby scammers abuse or imitate branded file-sharing, content-sharing and productivity websites in order to trick users into giving up their credentials or their account access. In a blog post on Thursday, Barracuda Networks says that from January through April 2020, these form-based…
A critical elevation-of-privilege vulnerability found in Android devices could potentially be exploited, without root access or user permission, to hijack virtually all mobile apps in order to spy on individuals or steal their login credentials. Google has developed a security patch for Android versions 8, 8.1 and 9 — alerting its partners of the update…
The CyberPeace Institute and dozens of international leaders and dignitaries on Tuesday collectively urged the world’s governments in an open letter to help put an end to cyberattacks on hospitals and health care institutions that are already under the incredible strain of combatting the Covid-19 pandemic. “Over the past weeks, we have witnessed attacks that…
A malicious cyber actor or hacking collective has reportedly been sweeping the internet for online stores’ unsecured SQL databases, copying their contents, and threatening to publish the information if the rightful owners don’t pay up. The perpetrator has stolen the copied versions of at least 31 SQL databases, which have been put up for sale…
Users of iPhones, iPads and iPod Touches that run on iOS 11 through 13.5 can now jailbreak their devices with new downloadable software from the hacking group Unc0ver. The jailbreak is reportedly made possible thanks to a zero-day kernel vulnerability discovered by Unc0ver hacker @Pwn20wnd. [1, 2, 3] Jailbreaks are hotly anticipated events for certain tech…
Virtual machines are an important tool for threat analysts as they debug and investigate malware. But now there is a documented case of malicious cyber actors exploiting a VM to their advantage in an attempt to hide a Ragnar Locker ransomware attack. Researchers at Sophos, who uncovered the technique, claim that such trickery is a…
Cisco Systems on Wednesday fixed a critical remote code execution vulnerability in its Unified Contact Center Express solution — one of a flurry of patches and bug disclosures announced this week by tech giants such as Microsoft, Apple and Google. Found in Unified CCX’s Java Remote Management Interface, the critical Cisco flaw — with a CVSS…
