Security News

The recent attack which saw Norway's state-owned investment fund, Norfund, lose an eye-watering USD 10 million was down to a simple but devastatingly effective tactic used by cybercriminals: a spoofed email address. These attacks, known as business email compromise work because they prey on human nature, the innate psychological traits shared by everyone.

The Business Email Compromise is a popular type of attack among cybercriminals as it targets businesses and individuals in an attempt to receive money transferred into fraudulent accounts. In another method, the attackers use phishing, credential theft, or other means to gain control of the email accounts of the people they want to impersonate.

Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The feature, which Facebook started rolling out on Android in March and is now bringing to iOS, uses machine learning analysis of communications across Facebook Messenger's billion-plus users to identify shady behaviors.

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. Hackers were able to successfully exploit the flaws incorporated in the latter product, resulting in the compromise of six VIRL-PE backend servers, according to Cisco.

BEC attacks are targeted at businesses that do a lot of invoicing or wire transfers, with the goal of scamming them using social engineering into sending money to attackers. BEC attacks can use malware to gain access to computers used by invoice approvers and other financial decision-makers and use their credentials to wire themselves money, as well as harvest other kinds of personal information for use in other scams.

A high-severity cross-site request forgery vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site. In April a pair of security vulnerabilities in the WordPress search engine optimization plugin known as Rank Math, were found.

At the end of March 2020, researchers detected a spike in the number of firms potentially compromised each week. "Analysts looking for an increase in the number of compromised IPs or an increase in the number of observed compromises per IP will not see a marked increase," commented Lari Huttunen, senior analyst with Arctic Security.

Cybercriminals are deploying COVID-19-themed gift card scams, wire transfer scams, and payroll scams aimed at organizations and their employees, according to security provider Trustwave. Phishing emails are a favorite tactic used by scammers to try to convince people to share account credentials, financial information, and other private data.

VMware has patched a critical vulnerability that can be exploited to compromise vCenter Server or other services that rely on the Directory Service for authentication. The weakness impacts vCenter Server 6.7 on Windows and virtual appliances, and it has been patched with the 6.7u3f update.

The botnet, called dark nexus, uses processes similar to previous dangerous IoT threats like the Qbot banking malware and Mirai botnet. Dark nexus also borrows code and processes previously used by Qbot and the infamous Mirai botnet that launched the 2016 Dyn DDos attack.