Ryuk Ransomware Attack Sprung by Frugal Student
The student opted for “free” software packed with a keylogger that grabbed credentials later used by “Totoro” to get into a biomolecular institute.
Web Security
Anti-Spam WordPress Plugin Could Expose Website User Data
‘Spam protection, AntiSpam, FireWall by CleanTalk’ is installed on more than 100,000 sites — and could offer up sensitive info to attackers that aren’t even logged in.
Raft of Exim Security Holes Allow Linux Mail Server Takeovers
Remote code execution, privilege escalation to root and lateral movement through a victim’s environment are all on offer for the unpatched or unaware.
Feds Shut Down Fake COVID-19 Vaccine Phishing Website
‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes.
Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs
The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others.
Sneakers, Gaming, Nvidia Cards: Retailers Can Stop Shopping Bots
Jason Kent, hacker in residence at Cequence Security, says most retailers are applying 1970s solutions to the modern (and out-of-control) shopping-bot problem, and offers alternative ideas.
Bait Boost: Phishers Delivering Increasingly Convincing Lures
An intense hunt for corporate account credentials will continue into next quarter, researchers predict.
Deepfake Attacks Are About to Surge, Experts Warn
New deepfake products and services are cropping up across the Dark Web.
Experian API Leaks Most Americans’ Credit Scores
Researchers fear wider exposure, amidst a tepid response from Experian.
Multi-Gov Task Force Plans to Take Down the Ransomware Economy
A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations.