It’s Called BadUSB for a Reason
Cybercrime gang FIN7’s badUSB attacks serve as a reminder of two key vulnerabilities present among all organizations. The criminal group...
News
Ongoing DDoS attacks from compromised sites hit Ukraine
Ukraine CERT-UA warns of ongoing DDoS attacks targeting pro-Ukraine sites and the government web portal. Ukraine ‘s computer emergency response...
Why you should be taking security advice from your grandmother
We tend to accept that younger folks are supposed to be more tech savvy, given they’ve grown up with computers...
FBI warns food and agriculture to brace for seasonal ransomware attacks
The Federal Bureau of Investigation (FBI) recently released a Private Industry Notification warning agriculture cooperatives (also known as “farmers’ co-ops”)...
Bumblebee, a new malware loader used by multiple crimeware threat actors
Threat actors have replaced the BazaLoader and IcedID malware with a new loader called Bumblebee in their campaigns. Cybercriminal groups...
Hackers fool major tech companies into handing over data of women and minors to abuse
Some major tech companies have unwittingly opened harassment and exploitation opportunities to the women and children who they have pledged...
Call of Duty cheats can expect embarrassment with new anti-cheat feature
In-game cheats are about to have an even harder time of things in triple AAA titles such as Call of...
Fake USA for UNHCR site wants your Ukraine donations in Bitcoin
Since Russia began invading Ukraine in late February, many organizations have set up donation pages to aid the most heavily...
QNAP customers urged to disable AFP to protect against severe vulnerabilities
MacOS users that have a network-attached storage (NAS) device made by QNAP are being advised to disable the Apple Filing...
Onyx ransomware destroys files, and also the criminal circle of trust
Some ransomware authors seem to be further whittling down their tenuous circle of trust style agreement with victims even further....
CISA published 2021 Top 15 most exploited software vulnerabilities
Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021’s top 15 most exploited software vulnerabilities Cybersecurity and Infrastructure...
CloudFlare blocked a record HTTPs DDoS attack peaking at 15 rps
Cloudflare has mitigated a distributed denial-of-service (DDoS) attack that peaked at 15.3 million request-per-second (RPS). Cloudflare announced to have mitigated...
APT trends report Q1 2022
For five years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent...
Russia-linked threat actors launched hundreds of cyberattacks on Ukraine
Microsoft revealed that Russia launched hundreds of cyberattacks against Ukraine since the beginning of the invasion. Microsoft states that at...
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT...
New AWS Competency Category – Why It’s Important
AWS DevOps competency recently added a new category, DevSecOps to its arsenal. Explore our overview of the category and why...
Elon Musk-themed cryptocurrency scam uses fake Medium as the promotion site
So Elon Musk is buying Twitter, and you can be sure that scammers are making the most of this news....
US-CERT Bulletin (SB22-115):Vulnerability Summary for the Week of April 18, 2022
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards...
US Department of State offers $10M reward for info to locate six Russian Sandworm members
The U.S. government offers up to $10 million for info that allows to identify or locate six Russian GRU hackers...
“URGENT BUSINESS PROPOSAL!!!” 419 scammer wants your help to move someone’s inheritance
We’ve received several emails over the last couple of days which follow the classic 419 mail scam method. Titled “URGENT...
Linux Nimbuspwn flaws could allow attackers to deploy sophisticated threats
Microsoft disclosed two Linux privilege escalation flaws, collectively named Nimbuspwn, that could allow conducting various malicious activities. The Microsoft 365...
What’s happening in the world of personal cyber insurance?
You’ve likely only seen cybercrime insurance primarily mentioned in relation to attacks on businesses. Most commonly, it’s cited with regard...
“Reject All” cookie consent button is coming to European Google Search and YouTube
Google will soon be giving European countries a “Reject All” button in the Search and YouTube cookie consent banner. This...
Emotet fixes bug in code, resumes spam campaign
Emotet threat actors resumed their email spam campaign on Monday after stopping it late last week to fix a bug....
