"82% of Phishing Sites Now Target Mobile Devices"

"82% of Phishing Sites Now Target Mobile Devices"

According to Zimperium's "2024 zLabs Global Mobile Threat Report," 82 percent of all phishing sites now target mobile devices. The report also shows that 76 percent of these sites use HTTPS, leading users to believe they are secure. Healthcare remains the most vulnerable industry, with 39 percent of mobile threats coming from phishing attacks. In order to gain access to enterprise systems, cybercriminals are increasingly applying mobile-first strategies involving the exploitation of weak mobile endpoints, smaller screens, and limited security indicators.

Submitted by Gregory Rigby on

"CISA: Hackers Target Industrial Systems Using 'Unsophisticated Methods'"

"CISA: Hackers Target Industrial Systems Using 'Unsophisticated Methods'"

The US Cybersecurity and Infrastructure Security Agency (CISA) warns of threat actors targeting Internet-exposed industrial devices with "unsophisticated" methods such as brute-force attacks and using default credentials to breach critical infrastructure networks. According to CISA, these attacks on critical infrastructure Operation Technology (OT) and Industrial Control System (ICS) devices have affected Water and Wastewater Systems (WWS). This article continues to discuss CISA's warning regarding threat actors exploiting OT/ICS using unsophisticated techniques.

Submitted by Gregory Rigby on

"AI Security Firm Shows How Threat Actors Could Abuse Google Gemini for Workspace"

"AI Security Firm Shows How Threat Actors Could Abuse Google Gemini for Workspace"

HiddenLayer warns that Google's Artificial Intelligence (AI) assistant Gemini faces indirect prompt injection flaws that could lead to phishing and chatbot takeover attacks. Indirect injections involve delivering the prompt injection via channels such as documents, emails, and other assets accessed by the Large Language Model (LLM), with the goal of taking over the model.

Submitted by Gregory Rigby on

"Thousands of US Congress Emails Exposed to Takeover"

"Thousands of US Congress Emails Exposed to Takeover"

Following the discovery that thousands of US Congress staffers could be vulnerable to account hijacking and phishing, security experts have repeatedly warned against using work email addresses to sign up for third-party sites. The secure mail provider Proton collaborated with Constella Intelligence to search the dark web for over 16,000 publicly available email addresses associated with congressional staff. About 3,191 employees' emails were leaked to the dark web following third-party data breaches, with 1,848 listed together with plaintext passwords.

Submitted by Gregory Rigby on

"Critical Ivanti Authentication Bypass Bug Exploited in Wild"

"Critical Ivanti Authentication Bypass Bug Exploited in Wild"

According to the Cybersecurity and Infrastructure Security Agency (CISA), a critical authentication bypass vulnerability in Ivanti Virtual Traffic Manager (vTM) has now been exploited by threat actors in the wild.  CISA added the bug to its long list of Known Exploited Vulnerabilities (KEV) on September 24, with federal agencies given until October 15 to patch it.  However, Ivanti has yet to update its security advisory to reflect the new information.

Submitted by Adam Ekwall on

"US House Bill Addresses Growing Threat of Chinese Cyber Actors"

"US House Bill Addresses Growing Threat of Chinese Cyber Actors"

The US House Homeland Security Committee Republicans have recently unveiled a new bill aimed at addressing the growing cyber threats posed by state-sponsored Chinese actors targeting US critical infrastructure.  The legislation established an interagency task force led by the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI.  The task force will focus on countering malicious cyber activity from the Chinese Communist Party (CCP), including advanced persistent threats (APTs) like Volt Typhoon.

Submitted by Adam Ekwall on

"Researcher Says Healthcare Facility’s Doors Hackable for Over a Year"

"Researcher Says Healthcare Facility’s Doors Hackable for Over a Year"

A security researcher recently launched a project with the goal of showing that physical access control vulnerabilities still impact many organizations. The researcher noted that he documented nearly 40 instances of buildings that last year had hackable door controllers. He is now going through all the findings again to determine which of the buildings are still vulnerable, considering that more than a year has passed.

Submitted by Adam Ekwall on

"AI-Generated Malware Found in the Wild"

"AI-Generated Malware Found in the Wild"

HP intercepted an email campaign involving a standard malware payload delivered via an Artificial Intelligence (AI)-generated dropper. The application of Generative AI (GenAI) on the dropper is a significant step towards novel AI-generated malware payloads. The company found an invoice-themed phishing email with an encrypted HTML attachment in June 2024. Phishers typically send targets a ready-encrypted archive file. However, in this case, the attacker implemented the AES decryption key in JavaScript in the attachment, which is uncommon.

Submitted by Gregory Rigby on

"RomCom Malware Resurfaces With SnipBot Variant"

"RomCom Malware Resurfaces With SnipBot Variant"

The cyber espionage malware called "RomCom," which targeted the Ukraine military and its supporters last year, has returned with a new variant. It uses valid code-signing certificates to evade detection. Attackers can execute commands and download more malicious files in a multi-stage attack. The variant, dubbed "SnipBot" by researchers at Palo Alto's Unit 42, has been spreading since December. The malware, based on RomCom 3.0., also shares techniques seen in RomCom 4.0, thus making it the fifth version of the original RomCom Remote Access Trojan (RAT) family.

Submitted by Gregory Rigby on

"New Octo2 Malware Variant Threatens Mobile Banking Security"

"New Octo2 Malware Variant Threatens Mobile Banking Security"

Mobile banking users worldwide are at risk from "Octo2," a new, advanced "Octo" malware variant. ThreatFabric analysts say Octo malware is one of the most widespread mobile threats in recent years. Octo2's advanced remote access and evasion features make it harder for security systems to detect. Its main enhancements involve increasing remote access stability, a critical feature in device takeover attacks. This article continues to discuss findings regarding the Octo2 malware variant.

Submitted by Gregory Rigby on
Subscribe to