Security News
Threat actors are cashing in on the rapid shift to cloud-based business services during the pandemic, by hiding behind ubiquitous, trusted services from Microsoft and Google to make their email phishing scams look legit. In the first three months of 2021 alone, researchers found 7 million malicious emails sent from Microsoft 365 and a staggering 45 million sent from Google's infrastructure, Proofpoint reported, adding that cybercriminals have used Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage to send phishing emails and host attacks.
Researchers have discovered an Android trojan that can steal victims' SMS messages and credentials and completely take over devices. Once installed on a victim's device, attackers can use the trojan to obtain a live streaming of the device screen on demand and also interact with it via Accessibility Services, according to a report posted online by online fraud-management firm Cleafy about the trojan, which is also tracked by the name "Anatsa."
Click Studios, the Australian software company behind the Passwordstate password management application, has notified customers to reset their passwords following a supply chain attack. "Manual Upgrades of Passwordstate are not compromised. Affected customers password records may have been harvested."
New research has found evidence that a Chinese-affiliated threat group has hijacked a hacking tool previously used by the Equation Group. "Although we don't show any conclusive evidence that there is there any connection between China and the ShadowBrokers, we do show conclusive evidence that this Chinese group had in their possession a tool that was made by Equation Group, and not only that they had this tool, but they also repurposed it and used it, probably to attack many targets, including American targets," Yaniv Balmas, head of cyber research with Check Point Software, said.
Cryptocurrency-mining malware, called WatchDog, has been running under the radar for more than two years - in what researchers call one of the largest and longest-lasting Monero cryptojacking attacks to date. Thus far, attackers have hijacked at least 476 Windows and Linux devices, in order to abuse their system resources for mining Monero cryptocurrency.
The Perl.com domain, which since 1997 had been serving articles about Perl programming, was hijacked last week. The Perl Foundation announced last week that the domain was hijacked, warning users to steer clear of Perl.com, due to possible connections to sites associated with malware distribution.
By accessing a targeted home security device an attacker can initiate a call for help to authorities and watch remotely as the swat occurs. The FBI points out that by initiating a call for help from the actual security device lends authenticity and anonymity to the hacker.
The creator of cURL reassured The Reg on Tuesday that he's not a billionaire rocket man giving away Bitcoins, no matter what his Twitter account claimed. Daniel Stenberg, who maintains the widely used Swiss army-knife of network data transfer tools, had his verified Twitter account hijacked by person or persons unknown, its name and avatar was changed to that of Elon Musk's, and it was used to peddle a Bitcoin scam.
LGBTQ dating site Grindr has squashed a security bug in its website that could have been trivially exploited to hijack anyone's profile using just the victim's email address. French bug-finder Wassime Bouimadaghene spotted that when you go to the app's website and attempt to reset an account's password using its email address, the site responds with a page that tells you to check your inbox for a link to reset your login details - and, crucially, that response contained a hidden token.
Multiple Reddit moderator accounts have been compromised and abused to post pro-Trump messages on a variety of subreddits. The hackers appear to have targeted moderator accounts that did not have two-factor authentication enabled, and leveraged their rights to modify subreddits or even remove moderator accounts that had fewer rights.