Researchers found a number of privacy and security issues in Amazon’s Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks.
Read More Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting ProcessFrom TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.
Read More Malware Gangs Partner Up in Double-Punch Security ThreatResearchers said they saw a seven-times increase in ransomware activity in the fourth quarter of 2020, across various families – from Ryuk to Egregor.
Read More Podcast: Ransomware Attacks Exploded in Q4 2020The malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data.
Read More Malicious Mozilla Firefox Extension Allows Gmail TakeoverCisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches.
Read More Cisco Warns of Critical Auth-Bypass Security FlawMozilla said its Total Cookie Protection feature in Firefox 86 prevents invasive, cross-site cookie tracking.
Read More Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie TrackingAs more organizations migrate to Office 365, cybercriminals are using Outlook, Teams and other Microsoft-themed phishing lures to swipe user credentials.
Read More Microsoft Lures Populate Half of Credential-Swiping Phishing EmailsA critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code.
Read More IBM Squashes Critical Remote Code-Execution FlawMicrosoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express – but that really steal their credentials.
Read More 10K Microsoft Email Users Hit in FedEx Phishing AttackAPT31, a Chinese-affiliated threat group, copied a Microsoft Windows exploit previously used by the Equation Group, said researchers.
Read More Chinese Hackers Hijacked NSA-Linked Hacking Tool: ReportRIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service.
Read More Credential-Stuffing Attack Targets Regional Internet RegistryThe Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013.
Read More Cybercriminal Enterprise ‘Ringleaders’ Stole $55M Via COVID-19 Fraud, Romance ScamsA malicious adware-distributing application specifically targets Apple’s new M1 SoC, used in its newest-generation MacBook Air, MacBook Pro and Mac mini devices.
Read More Mac Malware Targets Apple’s In-House M1 ProcessorThe WatchDog malware has flown under the radar for two years in what researchers call one of the ‘largest’ Monero cryptojacking attacks ever.
Read More Windows, Linux Devices Hijacked In Two-Year Cryptojacking CampaignA new version of the Masslogger trojan has been targeting Windows users – now using a compiled HTML (CHM) file format to start the infection chain.
Read More Masslogger Swipes Microsoft Outlook, Google Chrome CredentialsTikTok is again in hot water for how the popular video-sharing app collects and shares data – particularly from its underage userbase.
Read More Complaint Blasts TikTok’s ‘Misleading’ Privacy PoliciesMicrosoft released a new servicing stack update (KB5001078) after an older one caused problems for Windows users installing Patch Tuesday security updates.
Read More Microsoft Pulls Bad Windows Update After Patch Tuesday HeadachesIn a security notice, Yandex said an employee had been providing unauthorized access to users’ email accounts “for personal gain.”
Read More Yandex Data Breach Exposes 4K+ Email AccountsEmails pretending to confirm hefty orders from lingerie shop Ajour Lingerie and flower store Rose World are actually spreading the BazaLoader malware.
Read More Pre-Valentine’s Day Malware Attack Mimics Flower, Lingerie StoresThe money being wire transferred by business email compromise victims is on the rise, as cybersecurity criminals evolve their tactics.
Read More How Email Attacks are Evolving in 2021The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messaging content and geolocation.
Read More Military, Nuclear Entities Under Target By Novel Android MalwareThe critical SAP cybersecurity flaw could allow for the compromise of an application used by e-commerce businesses.
Read More SAP Commerce Critical Security Bug Allows RCEIntel is warning on security bugs across its graphics drivers, server boards, compute modules and modems.
Read More Intel Squashes High-Severity Graphics Driver Flaws