Security News

Apache OpenOffice can be hijacked by malicious documents, fix still in beta
2021-09-20 20:52

Apache OpenOffice is currently vulnerable to a remote code execution vulnerability and while the app's source code has been patched, the fix has only been made available as beta software and awaits an official release. CVE-2021-33035: RCE in Apache OpenOffice up to 4.1.10 - pure memory corruption.

Man Sues Parents of Teens Who Hijacked Nearly $1M in Bitcoin
2021-08-26 20:50

When Colorado resident Andrew Schober downloaded the Electrum Atom Bitcoin wallet from Reddit, he also picked up a piece of clipboard hijacking malware that eventually redirected his 16.4552 Bitcoin to a wallet controlled by two teenagers living in the U.K. At today's price, 16.4552 Bitcoin would be worth ~$773,000. Because they were juveniles at the time of the alleged theft, Schober is suing their parents for the nearly $1 million he lost in the heist.

Spam is Chipotle's secret ingredient: Marketing email hijacked to dish up malware
2021-07-29 16:00

Chipotle.com, the deception would be evident upon examining the raw email header data. "It is important that recipients notice the discrepancy between a sender's display name and its actual email address," wrote Bukar Alibe, cyber security analyst at INKY, in a blog post provided to The Register.

Facebook sues hackers who hijacked advertising agencies' accounts
2021-06-30 16:31

Facebook has filed lawsuits against two groups of suspects who took over advertising agency employees' accounts and abused its ad platform to run unauthorized or deceptive ads. The social network says that four Vietnamese nationals took over the Facebook accounts of multiple employees working at marketing and advertising agencies using a technique known as session theft.

Microsoft, Google Clouds Hijacked for Gobs of Phishing
2021-05-19 20:16

Threat actors are cashing in on the rapid shift to cloud-based business services during the pandemic, by hiding behind ubiquitous, trusted services from Microsoft and Google to make their email phishing scams look legit. In the first three months of 2021 alone, researchers found 7 million malicious emails sent from Microsoft 365 and a staggering 45 million sent from Google's infrastructure, Proofpoint reported, adding that cybercriminals have used Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage to send phishing emails and host attacks.

TeaBot Trojan Targets Banks via Hijacked Android Handsets
2021-05-12 12:41

Researchers have discovered an Android trojan that can steal victims' SMS messages and credentials and completely take over devices. Once installed on a victim's device, attackers can use the trojan to obtain a live streaming of the device screen on demand and also interact with it via Accessibility Services, according to a report posted online by online fraud-management firm Cleafy about the trojan, which is also tracked by the name "Anatsa."

Passwordstate Password Manager Update Hijacked to Install Backdoor on Thousands of PCs
2021-04-26 00:33

Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. "Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested."

Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report
2021-02-22 21:07

New research has found evidence that a Chinese-affiliated threat group has hijacked a hacking tool previously used by the Equation Group. "Although we don't show any conclusive evidence that there is there any connection between China and the ShadowBrokers, we do show conclusive evidence that this Chinese group had in their possession a tool that was made by Equation Group, and not only that they had this tool, but they also repurposed it and used it, probably to attack many targets, including American targets," Yaniv Balmas, head of cyber research with Check Point Software, said.

Windows, Linux Devices Hijacked In Two-Year Cryptojacking Campaign
2021-02-17 21:39

Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years - in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. Thus far, attackers have hijacked at least 476 Windows and Linux devices, in order to abuse their system resources for mining Monero cryptocurrency.

Hijacked Perl.com Domain Hosted on IP Address Linked to Malicious Activity
2021-02-01 09:50

The Perl.com domain, which since 1997 had been serving articles about Perl programming, was hijacked last week. The Perl Foundation announced last week that the domain was hijacked, warning users to steer clear of Perl.com, due to possible connections to sites associated with malware distribution.