A new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims’ local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021.
Researchers warn Amazon’s voice assistant Alexa is vulnerable to malicious third-party “skills” that could leave smart-speaker owners vulnerable to a wide range of cyberattacks. The security-threat claim is roundly dismissed by Amazon.
Microsoft has won praise from security researchers by making its CodeQL queries public so any organization could use the open source tools to analyze if they experienced any vulnerabilities from the SolarWinds or similar supply chain attacks.
Several Tibetan organizations were targeted in a cyber-espionage campaign by a state-backed hacking group using a malicious Firefox extension designed to hijack Gmail accounts and infect victims with malware.
T-Mobile has disclosed a data breach after an unknown number of customers were apparently affected by SIM swap attacks. SIM swap fraud allows scammers to take control of targets’ phone numbers after porting them using social engineering.
A report revealed that a Chinese APT has been abusing a Windows zero-day exploit, stolen from the NSA’s Equation Group even before The Shadow Brokers group leaked it.
The same cryptocurrency exchange has been hacked again, and this time the attackers stole USD 45,000 (NZD 62,000) worth of crypto, reported local news network Stuff.co.NZ.
On Wednesday, the U.S. CISA along with its counterparts in the U.K., Australia, New Zealand, and Singapore warned that hackers are exploiting unpatched vulnerabilities in Accellion FTA.
BTS fans are the target of a massive crypto scam on Twitter. For a little more than two weeks, cryptocurrency-related posts started appearing on timelines of BTS fans, also known as ARMY.
Attackers are exploiting the Google App Script domain—script.google.com—to evade Content Security Policy (CSP) controls and malware scan engines.