Out with the old, in with the… Old Phantom Crypter, which despite its name is actually a new Microsoft Office exploit builder that’s been surpassing its predecessors in popularity among the cybercriminal community. Gabor Szappanos, principal malware researcher at SophosLabs, described the ascendance of Old Phantom yesterday in a company blog post, which links to…
Researchers are warning that hackers are exploiting a plug-in vulnerability to infect MSPs and their customers with GandCrab ransomware. The bug, CVE-2017-18362, dates back to 2017, and is found in unpatched versions of the ConnectWise ManagedITSync integration plug-in tool, explains a Feb. 8 blog post by Chris Bisnett, security researcher at Huntress Labs. This plug-in…
Google Play announced it will continue its crackdown on malicious apps into 2019 by focusing more on user privacy, developer integrity and harmful app contents and behavior. Google said it plans to introduce additional policies for device permissions and user data throughout the year, according to a Feb. 13 blog post. “In addition to identifying…
Those looking for love on Coffee Meets Bagel before May 2018 may have gotten more exposure than they were bargaining for – the online dating site confirmed on Valentine’s Day that it had been breached and that daters’ personal information may have been “acquired by an unauthorized party.” “Receiving an email from a dating app…
A new report about a Nigeria-based cybercrime ring describes in detail how lonely targets are emotionally preyed upon and in some cases bilked of their life savings through romance scams. Citing data from the Better Business Bureau, Agari Cyber Intelligence Division (ACID) reports such scams have led to personal losses of nearly $1 billion in…
Mozilla Foundation has issued security advisories for several vulnerabilities in Firefox ESR 60.5.1 and Firefox 65.0.1. The updates patch a use-after-free in skia flaw, an integer overflow in Skia flaw, and a buffer overflow in Skia with accelerated Canvas 2D vulnerability in Firefox ESR 60.5.1, all of which are rated high. The buffer overflow flaw…
A U.S. counterintelligence agent specializing in Middle Eastern affairs, who defected to Iran in 2013, was indicted by a federal grand jury for conducting espionage on behalf of her adopted country. Monica Elfriede Witt, an American citizen who served in the U.S. Air Force Office of Special Investigations from 1997 until 2008, was charged with…
The Xiaomi M365, a popular electric scooter used by several ride-share companies such as BIRD as well as for personal ownership, is vulnerable to remote hacking due to improper password validation. The scooters are enabled with Bluetooth access which allows the user to interact with the scooters for multiple features including its Anti-Theft System, Cruise-Control,…
A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. A flaw in NAE’s password management system can be exploited by authenticating with the default administrator password via the CLI of an affected server. Version…
California May have some of the strictest data privacy and security laws on the books, but Gov. Gavin Newsom has floated a “new data dividend” that would compel Google, Facebook and the like to pay consumers in the state who choose to share their data. Noting that tech companies make billions from collecting and using…
