Podcast: IoT Piranhas Are Swarming Industrial Controls
Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure. orginal source link
Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn
A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin. orginal source link
Malware Makers Using ‘Exotic’ Programming Languages
Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection. orginal source link
Discord CDN and API Abuses Drive Wave of Malware Detections
Targets of Discord malware expand far beyond gamers. orginal source link
FIN7’s Liquor Lure Compromises Law Firm with Backdoor
Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment. orginal source link
Kaseya Obtains Universal Decryptor for REvil Ransomware
The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it’s unclear if the ransom was paid. orginal source link
FBI: Cybercriminals Eyeing Broadcast Disruption at Tokyo Olympics
Expected cyberattacks on Tokyo Olympics likely include attempts to hijack video feeds, the Feds warn. orginal source link
Phish Swims Past Email Security With Milanote Pages
The “Evernote for creatives” is anchoring a rapidly spiking phishing campaign, evading SEGs with ease. orginal source link
Critical Jira Flaw in Atlassian Could Lead to RCE
The software-engineering platform is urging users to patch the critical flaw ASAP. orginal source link
How to Think Like a Threat Actor
Join Threatpost for a live discussion with the Uptycs threat intelligence team on Tuesday, August 17 at 11 AM EST for an insider, data-driven dive into how attackers pick their…
Industrial Networks Exposed Through Cloud-Based Operational Tech
Critical ICS vulnerabilities can be exploited through leading cloud-management platforms. orginal source link
Apple Issues Urgent iPhone Updates; None for Pegasus Zero-Day
Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware. orginal source link
NPM Package Steals Passwords via Chrome’s Account-Recovery Tool
In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems via ChromePass. orginal source link
French Launch NSO Probe After Macron Believed Spyware Target
Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware. orginal source link
Tracking Malware and Ransomware Domains in 2021
Ransomware is the threat of 2021. It’s impacting everything from large enterprises, hospitals, to other aspects of our critical infrastructure. Here, we’ll take a look at actual malware domain traffic…
Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows
Misconfigured permissions for Argo’s web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers. orginal source link
MacOS Being Picked Apart by $49 XLoader Data Stealer
Cheap, easy and prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes. orginal source link
Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability
Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others. orginal source link
Law Firm to the Fortune 500 Breached with Ransomware
Deep-pocketed clients’ customers & suppliers could be in the attacker’s net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM. orginal source link
Why Your Business Needs a Long-Term Remote Security Strategy
Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches. orginal source link
MosaicLoader Malware Delivers Facebook Stealers, RATs
The newly documented code is a full-service malware-delivery threat that’s spreading indiscriminately globally through paid search ads. orginal source link
A New Security Paradigm: External Attack Surface Management
Advanced EASM solutions are crucial to automating the discovery of the downstream third-party (or fourth-party, or fifth-party, etc.) IT infrastructures that your organization is exposed to, and may be vulnerable…
What’s Next for REvil’s Victims?
Podcast: Nothing, says a ransomware negotiator who has tips on staying out of the sad subset of victims left in the lurch, mid-negotiation, after REvil’s servers went up in smoke….
Unpatched iPhone Bug Allows Remote Device Takeover
A format-string bug believed to be a low-risk denial-of-service issue turns out to be much nastier than expected. orginal source link
Protecting Phones From Pegasus-Like Spyware Attacks
Podcast: Can a new SIM card and prepaid service from an MVNO help? Former spyware insider, current mobile white hat hacker Adam Weinberg on how to block spyware attacks. orginal…
MAINPIPE