Recently detected spear phishing activity suggests that the Russian APT group Cozy Bear may have emerged from its hibernation and become actively operative once more. Last last week, respected cybersecurity firms CrowdStrike and FireEye both issued warnings referencing a widespread phishing campaign targeting multiple industry sectors, while implementing the tactics, techniques and procedures of Cozy…
Threat actors are using the DirtyCOW bug to exploit a backdoor in Drupal Web Servers. Impreva researcher Nadav Avital spotted the attack on Oct. 31 exploiting the Drupalgeddon2 and DirtyCOW, bugs as well as system misconfigurations to persistently infect vulnerable Drupal web servers and take over user machines, according to a Nov. 19 blog post. Researchers noted this…
Personal and financial data entered by customers who ordered or updated information on the VisionDirect.co.uk website was compromised and stolen between November 3 to November 8, the London-based company warned in an updated online alert. The data compromised included “full name, billing address, email address, password, telephone number and payment card information, including card number,…
Consumers may want to think twice before taking advantage of the Black Friday discounts offered on the latest Smart TVs after a recent study found 25 percent of Americans worry their conversations are being monitored through their smart TVs. The study was conducted by Propeller Insights on behalf of ExpressVPN and surveyed 1,000 U.S. adults, finding that 29…
Not even the Make-A-Wish Foundation is off limits for some unscrupulous cybercriminals, as evidenced by a cryptojacking operation that compromised the charitable organization’s international website. Simon Kenin, security researcher at Trustwave, reported in a company blog post today that malicious actors injected a CoinImp browser-based cryptomining script that would harness the processing power of any…
A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users see and download the personal data that the social media platform had collected on them.…
China-based company MiSafe is once again making headlines with its unsecured products after a pen tester found that its child tracking smartwatches were found to be highly insecure. MiSafe previously made controversy after firm’s Mi-Cam baby monitors were found to be susceptible to unauthenticated access and hijacking of arbitrary baby monitors. Pen Test Partners researchers…
A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page. In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the “MP for WP – Accelerated Mobile Pages” plug-in. The…
A newly discovered remote access trojan nicknamed tRAT has apparently attracted the interest of TA505, a cybercriminal group known for launching prolific banking malware and ransomware attacks. In a company blog post yesterday, researchers at Proofpoint reported observing several phishing campaigns in September and October that attempted to infect victims with the malware. One of…
The General Services Administration (GSA) has issued a proposal for new guidelines on data breaches disclosure that government contractors must follow and give the government access to their system in the event of a breach. The GSA proposal will amend the General Services Administration Acquisition Regulation (GSAR) requiring contractors to report any cyber incidents that…
