FIN7’s Liquor Lure Compromises Law Firm with Backdoor
Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent
[...]
AuthorTara Seals
Phish Swims Past Email Security With Milanote Pages
The “Evernote for creatives” is anchoring a rapidly spiking phishing campaign, evading SEGs with ease.
Source: Threat Post – Web Security –
[...]
Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability
Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of
[...]
MosaicLoader Malware Delivers Facebook Stealers, RATs
The newly documented code is a full-service malware-delivery threat that’s spreading indiscriminately globally through paid search ads.
Source: Threat Post – Web
[...]
Unpatched iPhone Bug Allows Remote Device Takeover
A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected.
Source: Threat Post –
[...]
Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited.
Source:
[...]
Windows 0-Days Used Against Dissidents in Israeli Broker’s Spyware
Candiru, aka Sourgum, allegedly sells the DevilsTongue surveillance malware to governments around the world.
Source: Threat Post – Mobile Security – Windows
[...]
Zero-Day Attacks on Critical WooCommerce Bug Threaten Databases
The popular e-commerce platform for WordPress has started deploying emergency patches.
Source: Threat Post – Web Security – Zero-Day Attacks on Critical
[...]
Updated Joker Malware Floods into Android Apps
The Joker premium billing-fraud malware is back on Google Play in a fresh onslaught, with an updated bag of tricks to evade scanners.
[...]
WordPress File Management Plugin Riddled with Critical Bugs
The bugs allow a range of attacks on websites, including deleting blog pages and remote code execution.
Source: Threat Post – Web
[...]