"Novel Phishing Method Used in Android/iOS Financial Fraud Campaigns"

"Novel Phishing Method Used in Android/iOS Financial Fraud Campaigns"

Czech Republic, Hungary, and Georgia are facing financial fraud campaigns involving a recently discovered sophisticated mobile phishing technique. This phishing technique uses Progressive Web Applications (PWAs), which offer a native-app-like experience and are growing on Android and iOS devices. ESET researchers detected the campaigns, noting that this method installs a phishing app from a third-party website without user consent. This article continues to discuss observations regarding the PWA phishing method.

Submitted by Gregory Rigby on

"Major Backdoor in Millions of RFID Cards Allows Instant Cloning"

"Major Backdoor in Millions of RFID Cards Allows Instant Cloning"

The French security company Quarkslab found a major backdoor in millions of contactless cards made by Shanghai Fudan Microelectronics Group, a leading Chinese chip manufacturer. According to Quarkslab researcher Philippe Teuwen, the backdoor allows instantaneous cloning of RFID smart cards used to open office doors and hotel rooms worldwide. Teuwen explained that a supply chain attacker could execute instantaneous, scaled attacks using the backdoor, which requires only a few minutes of physical proximity to an affected card.

Submitted by Gregory Rigby on

"CISA Warns of Jenkins RCE Bug Exploited in Ransomware Attacks"

"CISA Warns of Jenkins RCE Bug Exploited in Ransomware Attacks"

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Jenkins vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The exploitation of this flaw enables Remote Code Execution (RCE). Jenkins is a popular open source automation server that lets developers automate the process of building, testing, and deploying software using Continuous Integration (CI) and Continuous Delivery (CD).

Submitted by Gregory Rigby on

"Iranian Group TA453 Launches Phishing Attacks with BlackSmith"

"Iranian Group TA453 Launches Phishing Attacks with BlackSmith"

The Iranian-linked threat actor "TA453," also known as "Charming Kitten," has been using a PowerShell-based malware toolkit named "BlackSmith" in a sophisticated phishing attack. According to researchers at Proofpoint, the campaign began in July 2024, targeting a prominent Jewish figure with emails spoofing the Institute for the Study of War (ISW). TA453, posing as the ISW Research Director, invited the target to a podcast to appear legitimate. After building trust, the group sent a malicious link masked as a legitimate podcast URL to deliver BlackSmith.

Submitted by Gregory Rigby on

"US Intelligence Officials Say Iran is to Blame for Hacks Targeting Trump, Biden-Harris Campaigns"

"US Intelligence Officials Say Iran is to Blame for Hacks Targeting Trump, Biden-Harris Campaigns"

US intelligence officials are confident that Iran was behind hacks against the Trump and Biden-Harris presidential campaigns. Tehran is believed to be using the hacks to influence American politics and the election. The Federal Bureau of Investigation (FBI) and other federal agencies' assessment was the first time the US government designated blame for hacks that have reignited fears of foreign election interference. This article continues to discuss US intelligence officials' conclusion that Iran is to blame for hacks targeting Trump and Biden-Harris campaigns.

Submitted by Gregory Rigby on

"Ransomware Resilience Drives Down Cyber Insurance Claims"

"Ransomware Resilience Drives Down Cyber Insurance Claims"

According to a new report by the UK backup solutions provider Databarracks, more organizations than ever before have subscribed to cyber insurance, but the number of claims is declining. In its "2024 Data Health Check report," the company discovered that 66 percent of UK organizations reported having cyber insurance in 2024, up from 51 percent in 2022 and 57 percent in 2023. However, the number of organizations filing cyber insurance claims decreased from 58 percent in 2022 to 36 percent in 2024.

Submitted by Gregory Rigby on

"Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover"

"Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover"

According to the WordPress security company Defiant, the GiveWP WordPress plugin contains a critical vulnerability that enables Remote Code Execution (RCE) and arbitrary file deletion on over 100,000 websites. The bug allows unauthenticated attackers to inject a PHP object and exploit a Property Oriented Programming (POP) chain to execute arbitrary code remotely or delete arbitrary files. This article continues to discuss the potential exploitation and impact of a critical vulnerability in the GiveWP WordPress plugin.

Submitted by Gregory Rigby on

"Ransomware Victims Paid $460 Million in First Half of 2024"

"Ransomware Victims Paid $460 Million in First Half of 2024"

According to security researchers at Chainalysis, ransomware payments and stolen cryptocurrency have increased in the first half of 2024.  The researchers found that while illegal on-chain activity has dropped by nearly 20% year-to-date, ransomware payments have increased by 2%, from $449.1 million in the first half of 2023 to $459.8 million in the first half of 2024.  In addition, the amount of cryptocurrency stolen this year has increased to $1.58 billion, up from $857 million last year.

Submitted by Adam Ekwall on

"Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware"

"Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware"

The Mandiant Managed Defense team has discovered an increase in malware infections caused by malvertising campaigns that distribute a loader named "FakeBat," also known as "EugenLoader" and "PaykLoader." The researchers consider these attacks "opportunistic," as they are aimed at users looking to download popular business software. The infection involves a trojanized MSIX installer that runs a PowerShell script to download a secondary payload.

Submitted by Gregory Rigby on

"100,000 Impacted by Jewish Home Lifecare Data Breach"

"100,000 Impacted by Jewish Home Lifecare Data Breach"

New York City-based nonprofit healthcare organization Jewish Home Lifecare has recently revealed that a data breach disclosed earlier this year impacted more than 100,000 individuals.

Submitted by Adam Ekwall on
Subscribe to