Author Archives: Lindsey O'Donnell

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails

Google TAG researchers warn that APTs are targeting campaign staffers for both Donald Trump and Joe Biden with phishing emails.

Zoom Restricts End-to-End Encryption to Paid Users

The end-to-end encryption feature will not be offered to free users, Zoom's CEO said, in case Zoom needed to comply with federal and local law enforcement.

ZLoader-Laced Emails Target Unemployed Victims

Researchers are warning of spear-phishing emails with CV lures that spread the ZLoader malware, which steals banking credentials from victims.

Attackers Target 1M+ WordPress Sites To Harvest Database Credentials

An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials.

Critical SAP ASE Flaws Allow Complete Control of Databases

Researchers warn of critical flaws in SAP's Sybase Adaptive Server Enterprise software.

Severe Cisco DoS Flaw Can Cripple Nexus Switches

Cisco has patched a high-severity flaw that could lead to denial-of-service attacks on its Nexus switch lineup.

Podcast: Why Identity Access Management is the New Perimeter

DivvyCloud discusses the changing nature of identity access management (IAM) - and what kind of challenges and opportunities that is creating for businesses.

Apple Pays $100K Bounty for Critical ‘Sign in With Apple’ Flaw

Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims' third-party applications.

NTT Communications Data Breach Affects Customers, Threatens Supply Chain

Attackers managed to compromise NTT Communication’s Active Directory server and a construction information management server.

‘Hack-For-Hire’ Firms Spoof WHO To Target Google Credentials

Google TAG report reveals that "hack for hire" firms are tapping into the coronavirus pandemic via WHO phishing lures.

Hackers Compromise Cisco Servers Via SaltStack Flaws

Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities.

Google Location Tracking Lambasted in Arizona Lawsuit

The lawsuit, filed against Google by Arizona's Attorney General, alleges that the tech giant uses “deceptive and unfair conduct” to obtain users’ location data.

ThreatList: People Know Reusing Passwords Is Dumb, But Still Do It

Even seeing data breaches in the news, more than half of consumers are still reusing passwords.

‘Coronavirus Report’ Emails Spread NetSupport RAT, Microsoft Warns

Attackers used malicious Excel 4.0 documents to spread the weaponized NetSupport RAT in a spear-phishing campaign.

Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks

Government and air transportation companies in Kuwait and Saudi Arabia were targeted in a recent attack tracked back to the Chafer APT.

Critical Cisco Bug in Unified CCX Allows Remote Code Execution

Cisco has fixed a critical remote code-execution flaw in its popular customer interaction management solution.

Supreme Court Phish Targets Office 365 Credentials

Cybercriminals are hunting out victims' Office 365 credentials -- by dishing out Supreme court "summons" in a phishing attack.

Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions

The business email compromise (BEC) gang Scattered Canary has filed more than 200 fraudulent claims for unemployment benefits and for COVID-19 relief funds.

Verizon DBIR: Web App Attacks and Security Errors Surge

Threatpost talks to Verizon DBIR co-author Gabriel Bassett about the top takeaways from this year's Data Breach Investigations Report.

WolfRAT Android Malware Targets WhatsApp, Facebook Messenger

Researchers link the malware to Wolf Research operators with "high confidence" after it was spotted in campaigns targeting Thai users.

Adobe Patches Critical RCE Flaw in Character Animator App

A critical remote code execution flaw in Adobe Character Animator was fixed in an out-of-band Tuesday patch.

Verizon Data Breach Report: DoS Skyrockets, Espionage Dips

Denial of Service (DoS), ransomware, and financially-motivated data breaches were the winners in this year's Verizon DBIR.

ProLock Ransomware Teams Up With QakBot Trojan to Infect Victims

ProLock is relatively new, but already the ransomware is making waves by using QakBot infections to access networks, gain persistence and avoid detection.

Edison Mail iOS Bug Exposes Emails to Strangers

A bug introduced in an iOS software update on the Edison Mail app allowed emails to be viewed by strangers.

News Wrap: Ransomware Extortion Tactics, Contact-Tracing App Security Worries

Threatpost editors discuss recent ransomware attacks and contact-tracing app privacy concerns.

RATicate Group Hits Industrial Firms With Revolving Payloads

A new threat group uses NSIS as an installer to target industrial companies with revolving payloads, including LokiBot, FormBook, BetaBot, Agent Tesla and Netwire.

TikTok Violated Children’s Privacy Law, FTC Complaint Says

A group of children's privacy advocates alleged in a recent FTC complaint that TikTok violated an agreement to protect children's private data.

Microsoft Adds DNS-Over-HTTPS Support for Windows 10 Insiders

Microsoft is letting Windows Insiders test-drive DNS-over-HTTPS protocol in a pre-release build of Windows 10.

BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

BEC gangs like "Exaggerated Lion" are using tricky tactics - like exploiting G Suite - to scam companies out of millions.

Texas Courts Won’t Pay Up in Ransomware Attack

Texas appellate courts and judicial agencies’ websites and computer servers were shut down after a ransomware attack.

M	T	W	T	F	S	S
« May
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

A Box in Space

Contents from some of my favorite Websites