Security News > 2021 > October

A new variant of the Android info-stealer called FakeCop has been spotted by Japanese security researchers, who warn that the distribution of the malicious APK is picking up pace. Osumi, Yusuke October 19, 2021 Masked as a popular security tool.

As of Thursday morning Eastern time, Adolf Hitler and Mickey Mouse could still validate their digital Covid passes, SpongeBob Squarepants was out of luck, and the European Union was investigating a leak of the private key used to sign the EU's Green Pass vaccine passports. On Wednesday, the Italian news agency ANSA reported that several underground vendors were selling passes signed with the stolen key on the Dark Web, and that the EU had called "Several high-level meetings" to investigate whether the theft was an isolated incident.

The OptinMonster plugin is affected by a high-severity flaw that allows unauthorized API access and sensitive information disclosure on roughly a million WordPress sites. OptinMonster is one of the most popular WordPress plugins used to create beautiful opt-in forms that help site owners convert visitors to subscribers/customers.

As you work to resolve a security issue, technical knowledge is necessary-and a team with a broad base of expertise is invaluable. Ideally, you will identify the key members of your response team long before they need to meet.

New Android malware can root infected devices to take complete control and silently tweak system settings, as well as evade detection using code abstraction and anti-emulation checks. The malware, dubbed AbstractEmu by security researchers at the Lookout Threat Labs who found it, was bundled with 19 utility apps distributed via Google Play and third-party app stores.

Researchers have spotted two campaigns linked to either the REvil ransomware gang or the SolarMarker backdoor that use SEO poisoning to serve payloads to targets. SEO poisoning, also known as "Search poisoning," is an attack method that relies on optimizing websites using 'black hat' SEO techniques to rank higher in Google search results.

Grief, a ransomware group with ties to Russia-based Evil Corp, claims to have stolen data from the gun-rights group and has posted files on its dark web site. A ransomware group tied to Russia claims to have stolen data from the National Rifle Association in a ransomware attack on the controversial gun-rights group, which has declined to comment on the situation.

Microsoft is now rolling out the Windows 11 upgrade to more eligible Windows devices as part of a phased rollout designed to deliver a smooth upgrade experience. "The availability of Windows 11 has been increased and we are leveraging our latest generation machine learning model to offer the upgrade to an expanded set of eligible devices," Microsoft said in an update to the Windows health dashboard.

Any organization that's actively working on managing its cybersecurity risk can't ignore the risk that goes with third-party vendors having access to its critical systems and customer data. "Up until today, organizations of all sizes have had to design and implement their own security baselines for vendors that align with their risk posture. Unfortunately, this creates an impossible situation for vendors and organizations alike as they try to accommodate thousands of different requirements," says Royal Hansen, VP of security at Google.

Grief ransomware gang took to a dark portal website where it typically publishes the data of victims that haven't paid up, to identify its latest target: the National Rifle Association. The ransomware gang, believed by the US Department of the Treasury to be a rebranded version of Russia-based Evil Corp, posted 13 documents it claimed it had filched from the NRA on the leak site and threatened to release more if the gun rights advocacy group didn't pay up.