FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks
The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure ‘pen-testing’
[...]
AuthorTara Seals
TA551 Shifts Tactics to Install Sliver Red-Teaming Tool
A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment.
Source: Threat Post
[...]
Fresh APT Harvester Reaps Telco, Government Data
The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics.
Source: Threat Post –
[...]
TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever.
[...]
CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features
The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple’s app review process, remains active.
Source: Threat
[...]
Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers
A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc.
Source: Threat Post – Web
[...]
Office 365 Spy Campaign Targets US Military Defense
An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others.
Source:
[...]
Navy Warship’s Facebook Page Hacked to Stream ‘Age of Empires’ Gaming
The destroyer-class USS Kidd streamed hours of game play in a funny incident that has serious cybersecurity ramifications.
Source: Threat Post –
[...]
Canopy Parental Control App Wide Open to Unpatched XSS Bugs
The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users.
Source: Threat Post – Web Security –
[...]
IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft
Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses.
Source: Threat
[...]