Blog

Russia REvil Ransomware TOR sites compromised dark web the onion router

Russia’s REvil Ransomware halts operation as their TOR sites were compromised

REvil ransomware group, Russia’s most notorious cybercriminal gang, known for their extortions, has shut down again after an unidentified individual hijacked their data leak blog and the onion router payment portal.  The ‘The onion router’ shuts down recently. A malicious actor associated with the REvil group announces that somebody caused problems to the ransomware group’s domain to the XSS hacking...
Continue Reading
Visible account manipulations Networking tech company e commerce online shopping telecom

People are setting Visible on fire due to multiple account manipulations

Visible, a Verizon-owned company and an all-digital wireless carrier in the United States that offers unlimited text, calls, video calls, data, hot spots and many more, is receiving many backlashes from its users due to account manipulation.  The company is currently receiving overwhelming criticism from their users, who took it to social media stating that their accounts had been...
Continue Reading
Phishing campaign DocuSign trick employees online fraud

Phishing campaign takes advantage of DocuSign to trick lower-tier employees

Today, Phishing campaigns conducted by many threat actors follow a new way of targeting non-executive employees with access to essential areas inside an organization or company, especially the use of DocuSign.  As reported by researchers, fifty percent of all phishing emails they examined in recent weeks impersonated lower-class employees. Up to 77% of them targeted the same group of employees...
Continue Reading
APAC digital payment transactions cybersecurity awareness  it security

As APAC found to be the largest contributor to digital payment transactions, cybersecurity awareness becomes more vital 

Public awareness of cybersecurity is still not prevalent even up to today. Since the devastation of the COVID-19 pandemic worldwide, digital payment transactions have also seen an upsurge – making many people more exposed to threats of cyberattacks.   A security researcher’s study revealed that about 90% of Asian respondents had utilised mobile payment applications in everyday digital payment transactions.  Moreover, 2 out...
Continue Reading
Threat actors hack account Telegram bots OTP Stealing

Threat actors hack into victims’ accounts via Telegram bots that steal OTPs 

Illegal services that allow threat actors to evade the protection that two-factor authentication (2FA) brings are rampant in underground forums.  While 2FA is the most helpful method of protecting a user’s privacy against criminals hacking into their accounts, threat actors have also found a way to sidestep the protection. One of these is the usage of bots on...
Continue Reading
profile impersonations fake accounts Facebook Fraud Prevention social media

The state of impersonations and fake profiles in the Facebook landscape: Is it being tolerated?

Among several other criticisms that the Facebook platform faces each day, one of the most significant issues is how fake accounts and profile impersonations have gone rogue in the platform.   Reports say that billions of fake accounts have already been purged by Facebook in the past years, and yet, a vast number still emerges day by day. It is impossible...
Continue Reading
Serious risk patients recall Medtronic Insulin Pump devices FDA vulnerability exploit

Serious risk to patients prompted the recall of Medtronic Insulin Pump devices via FDA

Earlier this week, the US Food and Drug Administration issued an advisory that warns the patients about the risk of the Medtronic insulin pump devices used for wireless insulin pumps. The FDA also initiated an expanded recall of the remote-controlled pumps.  The FDA identified the situation as a “Class I” recall due to the severity of the incident. It is placed...
Continue Reading
Ransomware CIS 2021 BigBobRoss CryptConsole Cryakl Phobos CrySIS

Ransomware strains that targeted the CIS for 2021

This year has been challenging for businesses, especially with the pandemic outbreak. Several threat actors have taken advantage of executing cyberattacks against organizations worldwide, ransomware being the most common type. System of government such as the Commonwealth of Independent States (CIS) also failed to avoid such unfortunate occurrences of attacks for this year.     Businesses that operate inside the CIS have been the targets of non-prevalent ransomware threat groups.    Described below is the...
Continue Reading
Journalists whistleblower sharing platform Onionshare bugs vulnerability exploit

Journalists and whistleblower sharing platform Onionshare, revealed bugs through the latest patch

OnionShare a file-sharing system used by journalists and whistleblowers to confidentially send information to any target location has revealed two vulnerabilities to their latest patch. If these bugs were not identified early, it might heavily impact the file-sharing system’s anonymous capabilities.  The system allows users to carry out activities including file sharing, messaging, and website hosting while being anonymous at...
Continue Reading
Large companies domain security enhancement cyberattacks DNS

Large companies lag in domain security enhancement adoption in preventing cyberattacks

Many studies state that web domains of large companies remain to be dangerously under-guarded against the threat of cyberattacks despite the world’s shift to a more modernize business and operations landscape. At least 81% of companies listed in Forbes Global 2000 are not using registry locks, which means that these companies have a lag in adopting enhanced domain security measures. ...
Continue Reading
Ethernet cables data exfiltration air gapped systems malware

Ethernet cables are being used in a newfound data exfiltration mechanism against air-gapped systems

The latest research has found a new data exfiltration mechanism that utilizes Ethernet cables as a transmitting antenna tool in siphoning sensitive data furtively from air-gapped systems. A security analyst stated that it is an interesting concern how the wires that are supposed to protect air-gap systems become the cause of vulnerability in attacks.  This new data exfiltration mechanism called “LANtenna Attack” allows malicious codes found in air-gapped...
Continue Reading
Two step verification Google users user account security

Two-step verification now required to millions of Google users for additional user account security

A publication was released by Google recently regarding the company’s plans of increasing user account security. This plan includes an aim to auto-enroll 150 million Google users into a two-step verification or 2SV process by the end of 2021 and oblige more than 2 million YouTube creators to activate the 2SV.  To improve user account security, Google takes a new step and fosters its existing measures such as...
Continue Reading
Luxury department store Neiman Marcus data breach compromised data

Luxury department store, Neiman Marcus, gets hit by data breach affecting millions

Neiman Marcus, an American luxury department store chain in the ownership of Neiman Marcus Group (NMG) located in Dallas, Texas, has warned millions of their worldwide clients about their online accounts being susceptible to a major data breach. The impacted customers have reached over 4.6 million people, of which they have sent notifications regarding the attack that may have begun by May last year.  From the clients’...
Continue Reading
GriftHorse Trojan malware infects Android devices

GriftHorse Trojan infects over 10 million Android devices worldwide

Over 10 million Android devices from more than 70 countries have reportedly been infected by a large-scale malware campaign wherein victims are unknowingly deceived into subscribing to many expensive paid services. GriftHorse trojan is the malware used for the campaign that is now active for about five months.    A GriftHorse Trojan infected Android devices are subscribed to expensive premium services, allowing threat...
Continue Reading
Top 14 Android mobile Apps Firebase misconfigured

Top 14 Android Apps with Millions of installs are Firebase misconfigured

The research revealed that nine out of fourteen android apps, which have more than 30 million users, are potentially leaking data. The top 14 Android apps with over a hundred million installs are at risk for being Firebase misconfigured. Unauthorized parties might access these apps and expose confidential data.     Almost everyone has an Android app installed on their...
Continue Reading
personal health information American Mental Healthcare provider exposed Data Breach

Thousands of personal health information of two American Mental Healthcare providers exposed to Data Breach

Two mental healthcare providers in America have been exposed to a data breach that has compromised thousands of affected people’s personal health information (PHI).  The first one is Horizon House, Inc., a mental healthcare provider located in Philadelphia, Pennsylvania. Last March 5, Horizon House discovered suspicious activity in their IT networks and revealed from the investigation that ransomware has infected their IT systems. The healthcare provider took...
Continue Reading
Cyber security risks server misconfigurations Apache Airflow Platforms

Cyber security risks threaten organizations that perform misconfigurations to Apache Airflow Platforms

Apache Airflow is an open-source platform that is popular among organizations. They use it in scheduling and managing workflows. But according to researchers, misconfigurations in Apache Airflow can endanger credentials and other sensitive records to the internet and be involved in a possible cyber security risk.  From the latest discovery of security researchers, there have been...
Continue Reading
Ecommerce firm Next Level Apparel email phishing

E-commerce firm, Next Level Apparel suffered email phishing that affects some employees

An American e-commerce firm and leading designer and manufacturer of clothing items, Next Level Apparel, has recently experienced a data breach issue that affected its employees’ email accounts. As reported by the firm’s issued press release, a small number of employee email accounts have been compromised to an email phishing incident. The attack has given threat actors unauthorized access to sensitive company information.  The exposed sensitive...
Continue Reading
Cloud storage applications malware downloads ransomware

Cloud storage applications top the most utilized avenue of malware downloads, according to recent studies

Cyberattacks have been utilizing cloud applications as an avenue of distributing malware, as per recent studies. Researchers have identified that 68% of malware downloads were derived from cloud applications for the 2nd quarter of 2021. Cloud-based misconfigurations are often a contributing factor in terms of these issues.    About 66.4% of malware downloads for the 2nd quarter...
Continue Reading
GSS European call centre provider unreachable ransomware attack

GSS, a European call centre provider, has been unreachable due to ransomware attack

One of Europe’s largest customer care and call centre providers, GSS, has undergone a devastating ransomware attack resulting in a massive freeze in its IT systems and has halted call centre services across its Spanish-speaking customer base. GSS is also a Spanish and Latin America division of the Covisian firm. This week, many call centres and customer...
Continue Reading
1 2 3 4 34