Archive

Do you own a Chevrolet, Buick, GMC, or Cadillac?  If so, be aware that GM recently acknowledged that they fell victim to a credential stuffing attack a little over a month ago. The attack exposed some customer information to the attackers and allowed them to redeem an undisclosed number of rewards points for gift cards. The company said that they detected suspicious network activity between April 11th and April 29th of 2022.  In a letter sent to those impacted [...]

Read more

A browser hijacker called "ChromeLoader" has had a large uptick in detections this month, which is raising eyebrows among security professionals. ChromeLoader can modify a victim's web browser settings to show search results that promote unwanted (and usually spammy) software, annoying pop-up ads, fake giveaways, adult games, dating sites, surveys, and the like. As malware goes, there are far worse strains out there.  Rather than infect you with malicious code that locks all [...]

Read more

HTML attachments as an attack vector may seem a little old school. However, according to statistics compiled by Kaspersky Lab indicates that in 2022, that form of attack is not just simply still being employed, but hackers are making surprisingly regular use of it.  The security company detected more than two million emails of this kind targeting Kaspersky customers in the first four months of the year (2022). The specific breakdown of monthly instances looks like this: [...]

Read more

Do you own and manage a WordPress site either personally or as part of your business?  Do you also use the Tatsu plugin which offers a powerful suite of in-browser editing features and has been installed by more than 100,000 users worldwide? If so, be aware that there is a serious security flaw in the plugin, and you should update right away to minimize your risk. The vulnerability in this case is being tracked as CVE-2021-25094 and allows a remote attacker to execute arbitrary [...]

Read more

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory that serves as a stark warning. If you're using VMware products that are impacted by recently disclosed critical security flaws, either patch them immediately or remove them from your network. CISA issued the dire warning because the last time critical security flaws were discovered in VMware products, hackers began exploiting them within 48 hours after they were disclosed. In this case, the two [...]

Read more

Phishing campaigns get more effective the more closely they can imitate a trusted source.  Recently, security researchers at Fortinet discovered evidence of a phishing campaign that specifically targets Microsoft Windows users and installs three different types of malware on the systems it manages to infect. Among other things, this campaign gives the hackers behind it the ability to steal usernames, passwords, banking details, and more. That is in addition to leveraging the [...]

Read more

At least one group of hackers has learned a new trick you need to be aware of.  Security researchers at Kapersky Lab have discovered a malicious campaign-in-progress that is using event logs to store malware. That is a technique that has not been seen or documented until now. This new methodology is designed for maximum stealth, allowing the threat actor to plant fileless malware in the target device's file system. The dropper used in this case makes a copy of the legitimate [...]

Read more

Share Hackers around the world are increasingly targeting verified Twitter accounts with emails designed to pilfer your Twitter login credentials. Verified Twitter accounts differ from standard Twitter accounts in that they sport a large blue check mark next to the user's name, which indicates that the person who owns the account is someone of considerable influence on the platform. To be considered for verified status, you must formally apply for verification, which involves [...]

Read more

Share The MalwareHunterTeam recently discovered a new ransomware operation that is particularly nasty.  Called Onyx, outwardly, the operation does what most ransomware campaigns do.  It gets inside a corporate network, exfiltrates the data that it wants, then seems to encrypt the rest, and then threatens to release the files to the broader public unless their demands for payment are met. An additional fee is demanded to unlock the encrypted files, but there's a catch in this[...]

Read more

Share Security researchers employed by Microsoft have recently spotted a variant of the Sysrv botnet.  They have dubbed the new variant Sysrv-K. This new variant works in two ways.  First, it exploits a flaw in the Spring Cloud Gateway that allows remote code execution (tracked as CVE-2022-22947). Second, the botnet scans the web for WordPress plugins with older, unpatched vulnerabilities. Of significance, this variant of the botnet can take control of web servers, which [...]

Read more