Security News > 2023 > July

Forget crypto spam accounts, Twitter's got another problem which involves bots and accounts promoting adult content and infiltrating Direct Messages and interactions on the platform. In a tweet, security research group, MalwareHunterTeam exposed multiple Twitter accounts that are spam bots injecting themselves within interactions in the form of likes.

Cybersecurity researchers have released a new tool called 'Snappy' that can help detect fake or rogue WiFi access points that attempts to steal data from unsuspecting people. Trustwave's security researcher and wireless/RF tech enthusiast Tom Neaves explains that spoofing the MAC addresses and SSIDs of legitimate access points on open networks is trivial for determined attackers.

Unlocking internet's secrets via monitoring, data collection, and analysisIn this Help Net Security interview, Ryan Woodley, CEO of Netcraft, discusses the importance of monitoring, collecting, and analyzing internet data to gain a profound understanding of the internet. Preparing health systems for cyber risks and insurance coverageIn this Help Net Security interview, Dennis Fridrich, VP of Cybersecurity at TRIMEDX, delves into the hidden costs of cyberattacks on health systems, the role of insurers in promoting cybersecurity preparedness, and how organizations can better manage their cyber risk.

The BlackCat ransomware group is running malvertizing campaigns to lure people into fake pages that mimic the official website of the WinSCP file-transfer application for Windows but instead push malware-ridden installers. The BlackCat attack observed by Trend Micro begins with the victim searching for "WinSCP Download" on Bing or Google and getting promoted malicious results ranked above the safe WinSCP download sites.

As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. Ultimate Member is a popular plugin that facilitates the creation of user-profiles and communities on WordPress sites.

Researchers have pulled back the curtain on an updated version of an Apple macOS malware called Rustbucket that comes with improved capabilities to establish persistence and avoid detection by security software. "This variant of Rustbucket, a malware family that targets macOS systems, adds persistence capabilities not previously observed," Elastic Security Labs researchers said in a report published this week, adding it's "Leveraging a dynamic network infrastructure methodology for command-and-control."