Cybercriminal gang Darkside sent $20K in donations to charities in a ‘Robin Hood’ effort that’s likely intended to draw attention to future data dumps, according to experts. Source link
Tag: privacy
Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month. Source link
Facebook: A Top Launching Pad For Phishing Attacks
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users. Source link
Pharma Giant Pfizer Leaks Customer Prescription Info, Call Transcripts
Hundreds of medical patients taking cancer drugs, Premarin, Lyrica and more are now vulnerable to phishing, malware and identity fraud. Source link
Office 365 OAuth Attack Targets Coinbase Users
Attackers are targeting Microsoft Office 365 users with a Coinbased-themed attack, aiming to take control of their inboxes via OAuth. Source link
Mobile Browser Bugs Open Safari, Opera Users to Malware
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched. Source link
Confronting Data Risk in the New World of Work
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will […]
Google’s Waze Can Allow Hackers to Identify and Track Users
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it. Source link
Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video
“Nuke Bizzle” faces 22 years in prison after brazenly bragging about an identity-theft campaign in his music video, “EDD.” Source link
DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks
DOJ charges six Russian nationals for their alleged part in the NotPetya, Ukraine power grid and Olympics cyberattacks. Source link
Overlay Malware Targets Windows Users with a DLL Hijack Twist
Brazilians are warned of a new Vizom malware masquerading as video conferencing and browser software. Source link
Ryuk Ransomware Gang Uses Zerologon Bug for Lightning-Fast Attack
Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours. Source link
Microsoft Exchange, Outlook Under Siege By APTs
A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection. Source link
Game Titles Watch Dogs: Legion, Albion Both Targeted by Hackers
In both cases, cybercriminals claim to have reams of information for the popular gaming titles. Source link
Microsoft: Most-Imitated Brand for Phishing Emails
The shift to remote working spurred Microsoft and Amazon to the top of the heap for cybercriminals to use as lures in the third quarter. Source link
Phishers Capitalize on Headlines with Breakneck Speed
Marking a pivot from COVID-19 scams, researchers track a single threat actor through the evolution from the pandemic to PayPal, and on to more timely voter scams — all with the same infrastructure. Source link
Microsoft Fixes RCE Flaws in Out-of-Band Windows Update
The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could enable remote code execution. Source link
Biden Campaign Staffers Targeted in Cyberattack Leveraging Anti-Virus Lure, Dropbox Ploy
Google’s Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden’s presidential campaign. Source link
Phishing Lures Shifting from COVID-19 to Job Opportunities
Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up. Source link
Dickey’s BBQ Breach: Meaty 3M Payment Card Upload Drops on Joker’s Stash
After cybercriminals smoked out 3 million compromised payment cards on the Joker’s Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise. Source link
Creepy smartwatches, botnets and Pings of Death – Podcast – Naked Security
In this episode, we investigate a smartwatch for kids with a creepy set of functions, discuss Microsoft’s short-lived takedown of Trickbot, explain how to avoid the Windows “Ping of Death” bug, and (oh no!) find […]
TikTok Launches Bug Bounty Program Amid Security Snafus
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices. Source link
News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More
From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week. Source link