Hostrisk

Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.

https://threatpost.com/threat-actors-androids-flubot-teabot-campaigns/177991/

Visitors who shopped on the company’s eCommerce website in January will likely find their payment-card data heisted, researchers warned.

https://threatpost.com/segway-magecart-attack-favicon/177971/

A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a new macOS backdoor that researchers dubbed DazzleSpy.

https://threatpost.com/macos-malware-dazzlespy-watering-hole-attacks/177943/

A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users.

https://threatpost.com/adsanity-accesspress-plugins-wordpress-sites-takeover/177932/

Researchers identify three new versions of the banking trojan that include various new features, including GPS tracking and novel obfuscation techniques.

https://threatpost.com/brata-android-trojan-kill-switch-wipes/177921/

QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.

https://threatpost.com/fbi-malicious-qr-codes/177902/

State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.

https://threatpost.com/molerats-apt-spy-bankers-politicians-journalists/177907/

The ‘DTPacker’ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds.

https://threatpost.com/donald-trump-packer-malware-infostealers/177887/

Court rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant’s 2017 cyberattack.

https://threatpost.com/merck-insurance-payout-notpetya-attack/177872/

The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.

https://threatpost.com/spyware-blitzes-compromise-cannibalize-ics-networks/177851/

R.R. Donnelly, the integrated services company, confirmed a ‘systems intrusion’ that occurred in late December and is still under investigation.

https://threatpost.com/fortune-500-firm-ransomware/177787/

Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia’s wider effort to undermine Ukraine’s sovereignty, according to analysts.

https://threatpost.com/destructive-wiper-ukraine/177768/

Praise be & pass the recipe for the software soup: There’s too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable.

https://threatpost.com/2022-software-bill-of-materials/177736/

VMware’s container-based application development environment has become attractive to cyberattackers.

https://threatpost.com/cybercriminals-vmware-vsphere-cryptominers/177722/

It’s a double-extortion play that uses the command-line password ‘KissMe’ to hide its nasty acts and adorns its ransom note with cutesy ASCII bunny art.

https://threatpost.com/white-rabbit-ransomware-fin8/177703/

Zoho’s comprehensive endpoint-management platform suffers from an authentication-bypass bug (CVE-2021-44757) that could lead to remote code execution.

https://threatpost.com/critical-manageengine-desktop-server-bug-malware/177705/

Companies must take more ‘innovative and proactive’ approaches to security in 2022 to combat threats that emerged last year, researchers said.

https://threatpost.com/organizations-losing-battle-vulnerabilities/177696/

The country’s FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil’s infrastructure.

https://threatpost.com/russian-security-revil-ransomware/177660/

US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools.

https://threatpost.com/us-military-ties-muddywater-cyberespionage-apt-iran/177633/

GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.

https://threatpost.com/gootloader-accounting-law-firms/177629/