Attackers targeting major telecom providers to obtain data related to high-profile individuals
A research report suggests that the cyberattacks on these organizations have been underway for many years. It is also speculated that the tools and techniques used by the attacker were linked to Chinese threat actor APT10. A new research report has shed light on a stri…
Microsoft warns users of malicious campaign that drops FlawedAmmyy RAT
The tech giant came across weaponized spam emails written in Korean, that executes this remote access Trojan directly in memory. FlawedAmmyy is known to target organizations in the automotive industry and is associated with campaigns by threat actor TA505. Microsoft ha…
Security flaw in LTE networks can let hackers send false presidential alerts
The researchers noted that their attack method of sending fake alerts has worked in nine out of ten cases. The vulnerability can be abused by creating a malicious cell tower channel using off-the-shelf hardware and open-source software. A vulnerability in LTE networks …
New OSX/Linker malware found abusing zero-day flaw in macOS Gatekeeper protection for propagation
All macOS versions including the latest 10.14.5 are affected by the flaw and Apple is yet to release a patch to address it. It is found that the OSX/Linker malware samples were distributed using disk image files. Threat actors are actively exploiting a recently disclos…
IT firm Red Mosquito caught red-handed providing fake ransomware recovery services
A subsidiary of the UK-based company was found negotiating with attackers for decrypting ransomware-inflicted systems. This subsidiary reportedly paid off attackers at a lower price and then offered recovery services at a much higher price. With ransomware attacks on t…
Canada’s Largest Credit Union Desjardins Suffers Data Leak Exposing Information of Over 2.9 Million Customers
The data leak has impacted almost 2.7 million home users and 173,000 business customers. The financial institution has fired the ill-intentional employee who was responsible for the data leak. What is the issue? Desjardins, one of the world’s largest banks suffered a s…
Unprotected MongoDB database exposes prescription information of over 78,000 US patients
,000 US patients June 21, 2019 | Breaches and Incidents The open database has exposed the information on 391,649 prescriptions for a drug named Vascepa, and the personal details of over 78,000 patients who were prescribed Vascepa in the past. The exposed patient …
Hackers Abused MSPs and Their Remote Management Tools to Deploy Ransomware on Customers’ Networks
The remote management tools which were targeted include Webroot SecureAnywhere and Kaseya VSA. The tools have been abused to execute a Powershell script that downloads and installs the Sodinokibi ransomware. Attackers have hacked three Managed Service Providers (MSPs) …
New Bird Miner Mac cryptominer leverages Ableton Live 10 cracked installer for propagation
The Ableton Live 10 cracked installer can be downloaded from a pirate website called VST Crack. Ableton Live is a high-end music production software and is used as an instrument for live performance by DJs. A new Mac cryptocurrency miner detected as Bird Miner has been…
Recent DanaBot campaigns observed with new ransomware module
DanaBot campaigns targeted at European countries also drop a ransomware executable onto target systems. The trojan also comes with new plugins, configuration files, and other updates. Banking trojan DanaBot, which is known to target organizations across Europe, North A…
Windows gets unofficial micropatch for recently disclosed zero-day bug
0patch released a micropatch for a recently discovered zero-day vulnerability Hacker named SandboxEscaper disclosed the local privilege escalation flaw in Microsoft Task Scheduler. Recently, Windows was hit with a discovery of several zero-day flaws. A hacker named San…
Around 7.7 million LabCorp customers impacted from AMCA data breach
Possible information exposed includes first and last names, dates of birth, addresses, phone numbers, dates of service, providers and balance information of customers. Credit card and other bank information are also reported to be affected. Laboratory testing giant, La…
New Windows zero-day flaw enables attackers to hijack active Remote Desktop sessions
It can let attackers bypass Windows lock screen in systems, even those having two-factor authentication. The zero-day affects Windows 10 version 1803 and subsequent versions as well as Windows Server 2019. A zero-day vulnerability has been discovered that impacts Windo…
Microsoft MDS updates, Google Chrome 75 release and more: Patch Tuesday - Week 1, June 2019
Apple Apple has released security updates to its now-discontinued AirPort series of products. The updates address multiple vulnerabilities that impact AirPort Extreme and AirPort Time Capsule base stations. Flaws include out-of-bounds read (CVE-2019-8581), use-after-fr…
Warning: These fake job ads want you to help cyber criminals launder money
Aussie job seekers need to watch out for fake employment ads on job seeker websites like Seek, Indeed and Jora that are potentially putting their personal details at risk. The Australian Cyber Security Centre’s Stay Smart Online has warned about fake job ads that trick…
