Month: February 2021
How to Fight Business Email Compromise (BEC) with Email Authentication?
22 February 2021An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets. It is a common misconception that cybercriminals usually lay […]
Read More
Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online
22 February 2021On August 13, 2016, a hacking unit calling itself “The Shadow Brokers” announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations (TAO) unit of the U.S. National Security Agency (NSA). Although the group has since signed off […]
Read More
New ‘Silver Sparrow’ Malware Infected Nearly 30,000 Apple Macs
22 February 2021Days after the first malware targeting Apple M1 chips was discovered in the wild, researchers have disclosed yet another previously undetected piece of malicious software that was found in about 30,000 Macs running Intel x86_64 and the iPhone maker’s M1 processors. However, the ultimate goal of the operation remains something of a conundrum, what with […]
Read More
Privacy Bug in Brave Browser Exposes Dark-Web Browsing History of Its Users
20 February 2021Brave has fixed a privacy issue in its browser that sent queries for .onion domains to public internet DNS resolvers rather than routing them through Tor nodes, thus exposing users’ visits to dark web websites. The bug was addressed in a hotfix release (V1.20.108) made available yesterday. Brave ships with a built-in feature called “Private […]
Read More
‘If you wait for government, you’re going to be waiting a long time’: A look at Biden’s cyber funding
20 February 2021The Biden administration proposed a $9 billion upgrade to the nation’s cybersecurity capabilities as part of his proposed stimulus plan. (Official White House Photo by Adam Schultz) Updating and strengthening cybersecurity can be a costly proposition for small and medium businesses with limited budgets. With that in mind, the Biden administration has offered some relief […]
Read More
Phishing campaign alters prefix in hyperlinks to bypass email defenses
19 February 2021Threat hunters say they’ve seen a concerted rise in the use of a phishing tactic designed to bypass traditional email defenses by subtly changing the prefixes (a.k.a. schemes) of malicious URLs in hyperlinks. (Sean Gallup/Getty Images) Threat hunters say they’ve seen a concerted rise in the use of a phishing tactic designed to bypass traditional […]
Read More
New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card
19 February 2021Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim’s Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from the ETH Zurich, builds on a study detailed last September that delved […]
Read More
Here’s how security pros can lock down their remote networks
19 February 2021Today’s columnist, Liviu Arsene of Bitdefender, offers some actionable advice to security pros for locking down networks in the work-from-home era. Plutor CreativeCommons Credit: CC BY 2.0 Workforce migration has posed significant challenges for organizations, especially since 50 percent had no plan ready last year to accommodate an overnight transition to fully-remote employees. Potential misconfigurations […]
Read More
Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials
19 February 2021A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks involve the use of MassLogger — a .NET-based malware with capabilities to hinder […]
Read More
SolarWinds Hackers Stole Some Source Code for Microsoft Azure, Exchange, Intune
19 February 2021Microsoft on Thursday said it concluded its probe into the SolarWinds hack, finding that the attackers stole some source code but confirmed there’s no evidence that they abused its internal systems to target other companies or gained access to production services or customer data. The disclosure builds upon an earlier update on December 31, 2020, […]
Read More