A malicious Android app that supposedly helps track cases of the coronavirus actually locks users’ phones and demands a ransom in order to restore access. (Note: a password key has since been published. See follow-up story here.) Dubbed CovidLock, the newly discovered ransomware performs a screen-lock attack by forcing a change in the password required…
A coalition of security-minded organizations led by Microsoft struck a major blow against the mighty Necurs botnet — one of the largest in world — dismantling its infrastructure in a global takedown. Empowered by a court order, Microsoft not only took control of the Necurs operators’ web domains, but it blocked an additional 6 million…
Due to an apparent error in the Microsoft vulnerability disclosure process, news of an unpatched, critical Microsoft Server Message Block (SMB) vulnerability leaked to the public this past Patch Tuesday. In response to this occurrence, Microsoft today issued an out-of-band security update fixing the flaw. If exploited, the bug could result in a wormable remote…
Who stole the cookie from the cookie jar? It’s Cookiethief, a newly discovered Android trojan that gains root access to devices and exfiltrates browser and Facebook app cookies to a malicious server. Attackers typically use stolen cookies to impersonate victims and access their online accounts in unauthorized fashion. In this instance, researchers believe the culprits…
Cyberattackers continue to seize on the dire need for information surrounding the novel coronavirus. In one of the latest examples, adversaries have created a weaponized coronavirus map app that infects victims with a variant of the information-stealing AZORult malware. The malicious online map, found at www.Corona-Virus-Map[.]com, appears very polished and convincing, showing an image of…
Malicious actors have been secretly embedding the njRAT remote access trojan in free hacking tools as well as cracks of those tools, in a bid to compromise anyone who downloads this software from various websites and forums. Essentially, this adversary is trying to turn other hackers into victims, taking over their machines for reasons that could…
A Manhattan federal jury yesterday failed to reach a verdict on any major charges leveled against Joshua Schulte, a former CIA software engineer from Lubbock, Texas, who was accused of stealing the agency’s hacking tools and delivering them to WikiLeaks for publication. Schulte, 31, was convicted on contempt of court and making false statements, but…
The city of Durham, North Carolina and the government of Durham County have experienced disruptions since a ransomware attack last Friday, but local government officials claim the damage was contained and recovery efforts are well underway. “Fortunately, the City was prepared with notification systems in place that worked as planned, providing immediate notice to City…
Fears over the novel coronavirus have triggered mass quarantines, Purell and Clorox shortages and financial market turmoil. As global concerns continue to mount with the latest headlines – just today, it was reported that the head of the Port Authority of New York and New Jersey was infected – cyber fraudsters and threat actors continue…
Recent U.S. efforts to ban the federal use of telecommunications equipment from Huawei Technologies and other Chinese companies are “malaligned” and “don’t make any sense to me,” said former Federal CIO Tony Scott in a podcast interview with SC Media. Scott, who served under former President Barack Obama and now operates as chairman of his own…
