This New Malware Is Hitting Exchange Servers To Steal Info

In late 2019, a new strain of malware called “Valak” was detected. In the six months that followed its initial discovery in the wild, more than 30 variants of the code were detected. Initially, Valak was classified as a simple loading program. As various groups have tinkered with the code, it has morphed into a much more significant threat, and …

Major Security Flaw Found In Some Cisco Routers

Recently, Cisco disclosed the existence of four serious security flaws in their routers that use iOS and iOS XE software. One of the four, CVE-2020-3227 is rated at a severity of 9.8 out of 10. It allows a remote attacker without credentials to execute commands to the operating software without proper authorization, which in turn, allows a hacker to take …

Update NinjaForms In WordPress To Avoid Potential Hack

Are you one of the million-plus website owners making use of Ninja Forms for WordPress? If so, be aware that the company has recently patched a serious security flaw that allowed hackers to inject malicious code and take over websites. The attack is accomplished via a Cross-Site Request Forgery (CSRF) that leads to a Stored Cross-Site Script attack. All versions …

SBA And CDC Phishing Emails Can Carry Malware

According to Microsoft, its machine learning threat detection models have helped its research teams uncover multiple mal-spam campaigns. These campaigns have been tied together by the common theme of incorporating poisoned disk image files used as attachments. Each campaign has been aimed at a different target population, but all use some variant of COVID-19 in their subject lines, and all …

PC Users Beware Of Downloader For Zoom Created By Hackers

Are you working from home right now? If so, you’re certainly not alone. Tens of millions of people are doing the same, and there are untold millions around the world doing likewise. Working from home presents a host of new challenges, not the least of which is finding ways of communicating face to face without violating social distancing rules. For …

Be On The Lookout As Astaroth Malware Makes A Comeback

Are you familiar with Astaroth? If you’re a data security professional, you’ve probably at least heard the name. The group gained some notoriety last year when it came to light that they had developed a means of spreading “fileless malware” using legitimate Windows tools to infect machines around the world. The Windows Defender ATP team discovered evidence of a massive …

Coronavirus Health Notifications Being Used To Carry Malicious Threats

A Pakistani-based hacking group that goes by a variety of names, including “Transparent Tribe,” “APT36,” “Mythic Leopard” and others has been discovered to be behind a particularly nasty attack recently. Researchers with QiAnXin’s RedDrip Team discovered a phishing campaign bearing the group’s stamp. This new campaign utilizes poisoned files that appear to be health advisories sent by the Indian government. …

Phone Call And Text Phishing Scams Are On The Rise

For the last couple of years, the primary means of communication when conducting phishing campaigns has been email. Phishing emails have been absolutely rampant. So much so that people are increasingly on their guard against them. Naturally, this prompts scammers to change their tactics, switching things up a bit to catch people by surprise. In this case, according to recent …

New Phishing Emails Trick Users With Convincing Security Credentials

Unit 42 is a research division of Palo Alto Networks. Their researchers have discovered a sneaky and surprisingly effective phishing campaign that appears to have been launched in January of this year (2020). When targeted by this attack, a user will get an email containing a braded document containing the name of a legitimate cybersecurity provider. The name of a …

New Android Malware Can Get Past Two-Factor Authentication

Since 2010, Google has been doing its part to help keep its massive user base safe. They introduced a small but critical service called Google Authenticator, which is used by a number of online accounts as a two-factor authentication layer. Google launched the service as an alternative to SMS-based one-time pass codes. While SMS-based codes are better than nothing, they …