Security News

The Federal Bureau of Investigation has issued a Private Industry Notification to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms. An observed shift in tactics, the FBI says, is the targeting of all employee credentials, not exclusively of those individuals who might have higher access and privileges based on their corporate position.

Multiple code repositories from Nissan North America became public this week after the company left an exposed Git server protected with default access credentials. The entire collection is around 20 gigabytes large and contains source code for mobile apps and various tools used by Nissan internally for diagnostics, client acquisition, market research, or NissanConnect services.

Leading gaming companies, such as Ubisoft, have become big targets for cybercriminals that aim to turn a profit by selling leaked insider-credentials tied to the top game publishers. More than 500,000 of the leaked credentials pertained to employees of leading game companies, according to the report published Monday.

Several Zyxel firewall and WLAN controller products contain hardcoded credentials for an undocumented user account that has admin privileges. The account was designed for the delivery of automatic firmware updates through FTP and is present on Zyxel USG, ATP, VPN, ZyWALL, and USG FLEX devices.

Easy WP SMTP, a WordPress plugin for email management that has more than 500,000 installations, has a vulnerability that could open the site up to takeover, researchers said. Easy WP SMTP allows users to configure and send all outgoing emails via a SMTP server, so that they don't end up in the recipient's junk/spam folder.

The attackers behind the attack leveraged hundreds of compromised, legitimate email accounts in order to target organizations with emails, which pretended to be document delivery notifications. In reality, the phishing attack stole victims' Office 365 credentials.

Researchers have discovered a new information-stealing trojan, which targets Microsoft Windows systems with an onslaught of data-exfiltration capabilities- from collecting browser credentials to targeting Outlook files. "AridViper is an active threat group that continues developing new tools as part of their arsenal," researchers with Palo Alto's Unit42 research team said in a Monday analysis.

On Thursday Microsoft warned that there's an ongoing campaign to distribute malware that modifies web browsers to conduct credential theft and ad fraud. Since at least May, 2020, unidentified cybercriminals have been distributing a family of browser modifiers dubbed Adrozek, Microsoft said.

Cybercriminals are tapping into the impending rollout of COVID-19 vaccines with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns. Security researchers with KnowBe4 said that the recent slew of vaccine-related cyberattacks leverage the widespread media attention around the development and distribution of COVID-19 vaccines - as well as recent reports that manufacturers like Pfizer may not be able to supply additional doses of its vaccine to the U.S. large volumes until sometime in Q2. These lures continue to play into the high emotions of victims during a pandemic - something seen in various phishing and malware campaigns throughout the last year.

The Better Business Bureau warned last week that the attack uses Zoom's logo, and in a message tells recipients that their Zoom accounts were suspended and to click a link to reactivate; or that they missed a Zoom meeting, and to click a link to see the details and reschedule. Another recent variant of the attack has been a message welcoming some recipients to the platform and requesting they click on a link to activate the account, said the BBB. In all cases, victims are taken to a phishing landing page, where they are asked to input their Zoom credentials.