Kaspersky has uncovered an highly targeted attack striking a single country using a trojan written in C++ that has not been spotted before. Dubbed Milum, the trojan shows no code similarities with known campaigns reported Kaspersky’s Threat Attribution Engine and only three instances of it have bee found and are considered all part of the…
Apple released updates across eight product lines with several having more than a dozen issues addressed. Apple does not rate the severity of each vulnerability, but does break them all down for its users. One batch of 13 vulnerabilities was shared across three products, iCloud for Windows versions 10.9.3, 7.18 and iTunes 12.10.5 . Five of…
The FBI on Tuesday seized the website for DEER.IO, a Russian online platform used to conduct millions of dollars worth of cybercriminal transactions. The crackdown followed the March 7 arrest of alleged hacker/DEER.IO administrator Kirill Victorovich, who was taken into custody while in New York City. Active since October 2013, DEER.IO allows users to purchase…
Tupperware hasn’t yet put a lid on a targeted cyberattack that uses a credit card skimmer to collect customer payment information at checkout on the tupperware[.]com site and some of its local sites. The threat actors hid “malicious code within an image file that activates a fraudulent payment form during the checkout process,” according to…
COVID-19 spreading through parts of China did not entirely deter APT41 from carrying out one of the largest campaigns ever conducted by a Chinese cyberespionage group. The attacks were not directly tied to the Coronavirus outbreak nor did the attackers attempt to leverage the virus in any way, but FireEye noted the group’s activity did…
An analysis of 11 presidential campaign websites performed last September and again in December found multiple instances of potentially risky third-party code, unwanted code execution and unauthorized data tracking. According to a new report from The Media Trust, 81 percent of executing code on these websites was not internally developed, but rather from external third-party…
Businesses remain closed in many major cities around the world as the coronavirus pandemic rages, but cybercriminals are still open for business, as they continue to use the crisis to serve their nefarious purposes. Today’s latest round-up of coronavirus threats includes a reported hacking attempt against the World Health Organization, a DNS hijacking attack designed…
Apply pressure to any system – and its weakness become apparent. COVID-19 has exerted the necessary pressure to test cybersecurity postures, exposing gaps – some of them yawning, some more subtle – as entire workforces have been ordered to work from home. As the novel coronavirus escaped the confines of China earlier this year and…
A coronavirus-themed phishing campaign designed to infect victims with Raccoon information-stealing malware has reportedly been leveraging an open redirect vulnerability found on the U.S. Department of Health and Human Services’ website, HHS.gov. As defined by Trustwave here, an open redirect occurs when a website’s “parameter values (the portion of URL after “?”) in an HTTP…
Several cybersecurity firms are going the extra mile to help customers set up a safe environment for their telecommuting workforce. The new reality of having the majority of a businesses workforce working from home has opened a Pandora’ Box or cybersecurity issues for these organizations. A recent poll of UK companies by the private equity…
