Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.

https://threatpost.com/wirte-middle-eastern-governments/176688/

Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.

https://threatpost.com/smishing-campaign-iranian-android-users/176679/

The insurer won’t pay for ‘acts of cyber-war’ or nation-state retaliation attacks.

https://threatpost.com/lloyds-cyber-insurance-exclusions/176669/

Millions of texts leading to the Flubot spyware/banking trojan are targeting everyone who uses Androids in the country, in an “exceptional” attack.

https://threatpost.com/finland-flubot-text-messages/176649/

Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research.

https://threatpost.com/yanluowang-ransomware-thieflock-threat-actor/176640/

IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads.

https://threatpost.com/ikea-email-reply-chain-attack/176625/

Attackers are honing Google Play dropper campaigns, overcoming app store restrictions.

https://threatpost.com/banking-trojan-infections-google-play/176630/

The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea.

https://threatpost.com/scarcruft-apt-desktop-mobile-attacks/176620/

Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself.

https://threatpost.com/shape-shifting-tardigrade-malware-hits-vaccine-makers/176601/

Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday.

https://threatpost.com/new-twists-on-gift-card-scams-flourish-on-black-friday/176593/

A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices.

https://threatpost.com/9m-androids-malware-games-huawei-appgallery/176581/

Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company’s woes.

https://threatpost.com/apple-nso-lawsuit-pegasus-spyware/176565/

Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month.

https://threatpost.com/attackers-target-windows-installer-bug/176558/

Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this.

https://threatpost.com/defend-app-impersonation/176519/

The MICROP ransomware spreads via Google Drive and locally stored passwords.

https://threatpost.com/ransomware-phishing-emails-segs/176470/

Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.

https://threatpost.com/tools-defending-phishing-attacks/176463/

Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific ‘ephemeral’ aspect of the project-management tool to link to SharePoint phishing pages.

https://threatpost.com/spear-phishing-exploits-glitch-steal-credentials/176449/

REGISTER TODAY! Join security researchers Erick Galinkin of Rapid7 and Izzy Lazerson of IntSights, as they discuss how non-experts can supercharge threat intelligence efforts in ways that were never before possible, with natural language processing.

https://threatpost.com/webinars/security-threats-natural-language-processing/

WordPress sites have been splashed with ransomware warnings that are as real as dime-store cobwebs made out of spun polyester.

https://threatpost.com/fake-ransomware-infection-wordpress/176410/

Hank Schless, senior manager of security solutions at Lookout, discusses AbstractEmu, mobile malware found on Google Play, Amazon Appstore and the Samsung Galaxy Store.

https://threatpost.com/rooting-malware-mobile/176376/