The Often-Overlooked Element of a Hack: Endpoints
The number of data breaches has skyrocketed during the ongoing health crisis, as hackers have taken full advantage of these uncertain times. According to the FBI’s 2020 Internet Crime Report, complaints soared by 69.4% in the last year. Unfortunately, media coverage of mega breaches (e.g., SolarWinds, Capital One) often puts a spotlight on the tail…
Purple Fox Malware Squirms Like a Worm on Windows
The malware campaign, dubbed Purple Fox, has been active since at least 2018 and the discovery of the new worm-like infection vector is yet another sign that consumer-grade malware continues to reap profits for cybercriminals. According to Guardicore researcher Amit Serper, the Purple Fox operators primarily used exploit kits and phishing emails to build botnets…
Researchers Raise Alarm for F5 BIG-IP Malware Attacks
Malware hunters at U.K.-based NCC Group are raising the alarm for mass scanning and “multiple exploitation attempts” with exploits targeting critical security flaws in the F5 enterprise networking infrastructure products. The vulnerabilities were patched on March 10 and are considered high-priority fixes because of the risk of exposure to authentication bypass and remote code execution…
Microsoft Defender Antivirus Now Protects Users Against Ongoing Exchange Attacks
Microsoft has released patches, detailed guidance, and a one-click mitigation tool to ensure that Exchange Server users are protected against attacks. The tech giant has now taken another step to protect customers who haven’t managed to install the available patches but who have Defender deployed on vulnerable servers. The Exchange vulnerabilities are tracked as CVE-2021-26855,…
Healthcare IoT Security Firm Cylera Closes $10 Million Series A Round
Founded in 2017 and headquartered in New York City, Cylera seeks to protect both healthcare organizations and patients, providing a security and analytics platform that aims to deliver asset management, risk analysis, and threat detection for IoT, ICS, and IoMT (Internet of Medical Things). Cylera seeks to secure the entire connected environment, providing insights and…
F5 Patches Four Critical Bugs in Big-IP Suite
The BIG-IP software powers a wide range of products, including hardware, modularized software, and virtual appliances, which run on the TMOS architecture and provide customers with modules that support load balancing, firewall, access control, threat protection, and more. On March 10, F5 announced the release of fixes for multiple vulnerabilities in BIG-IP, some of which…
Apple Patches Remote Code Execution Bug in WebKit
Tracked as CVE-2021-1844 and co-reported by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research, the flaw was addressed with software updates for macOS, iOS, watchOS, and Safari. To exploit the vulnerability, an attacker would simply need to craft a webpage containing malicious code, and then lure the victim…
Thousands of Mobile Apps Expose Data via Misconfigured Cloud Containers
The issue, the company notes, is rooted in the fact that many developers tend to overlook the security of cloud containers during the development process. Cloud services help resolve the issue of storage space on mobile devices, and developers have numerous such solutions to choose from, some of the most popular being Amazon Web Services,…
FBI Warns of Employee Credential Phishing via Phone, Chat
Taking advantage of the COVID-19 pandemic, which has forced the broad adoption of telework, cyber-criminals and threat actors are attempting to exploit possible misconfiguration and lack of monitoring for remote network access and user privileges. An observed shift in tactics, the FBI says, is the targeting of all employee credentials, not exclusively of those individuals…
Facebook Takes Legal Action Against Data Scrapers
In a lawsuit filed in Portugal, Facebook Inc. and Facebook Ireland seek permanent injunction against the two for violation of the social media platform’s terms of service and Portugal’s Database Protection Law. The social media giant says that the two created browser extensions that they made available for download through the Chrome Web Store. The…