Spyware Blitzes Compromise, Cannibalize ICS Networks
The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud. Source: Threatpost.com
Continue ReadingAuthor: Elizabeth Montalbano
SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack
R.R. Donnelly, the integrated services company, confirmed a ‘systems intrusion’ that occurred in late December and is still under investigation. Source: Threatpost.com
Continue ReadingBeijing Olympics App Flaws Allow Man-in-the-Middle Attacks
Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details. Source: Threatpost.com
Continue ReadingOrganizations Face a ‘Losing Battle’ Against Vulnerabilities
Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said. Source: Threatpost.com
Continue ReadingThree Plugins with Same Bug Put 84K WordPress Sites at Risk
Researchers discovered vulnerabilities that can allow for full site takeover in login and e-commerce add-ons for the popular website-building platform. Source: Threatpost.com
Continue ReadingAdobe Cloud Abused to Steal Office 365, Gmail Credentials
Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered. Source: Threatpost.com
Continue ReadingPhishers Rip Off High-Profile EA Gamers
Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts. Source: Threatpost.com
Continue ReadingCritical SonicWall NAC Vulnerability Stems from Apache Mods
Researchers offer more detail on the bug, which can allow attackers to completely take over targets. Source: Threatpost.com
Continue ReadingLog4J-Related RCE Flaw in H2 Database Earns Critical Rating
Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat. Source: Threatpost.com
Continue ReadingAttackers Exploit Flaw in Google Docs’ Comments Feature
A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said. Source: Threatpost.com
Continue Reading