Massive ad-fraud op dismantled after hitting millions of iOS devices
A massive ad fraud operation dubbed ‘Vastflux’ that spoofed more than 1,700 applications from 120 publishers, mostly for iOS, has been disrupted by security researchers at…
Category: Bleeping Computer
Hackers now use Microsoft OneNote attachments to spread malware
Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal…
Hackers now use OneNote attachments to spread malware
Threat actors now use OneNote attachments in phishing emails that infect victims with remote access malware which can be used to install further malware, steal…
Riot Games hacked, delays game patches after security breach
Riot Games, the video game developer and publisher behind League of Legends and Valorant, says it will delay game patches after its development environment was…
New Boldmove Linux malware used to backdoor Fortinet devices
Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a…
Over 19,000 end-of-life Cisco routers exposed to RCE attacks
Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain. By chaining two security flaws disclosed…
The Week in Ransomware – January 20th 2023
There has been quite a bit of ransomware news this week, with crypto exchanges being seized for alleged money laundering and researchers providing fascinating reports…
Exploits released for two Samsung Galaxy App Store vulnerabilities
Two vulnerabilities in the Galaxy App Store, Samsung’s official repository for its devices, could enable attackers to install any app in the Galaxy Store without…
Critical ManageEngine RCE bug now exploited to open reverse shells
A critical remote code execution (RCE) vulnerability affecting multiple Zoho ManageEngine products is now being exploited in attacks. The first exploitation attempts were observed by…
LAUSD says Vice Society ransomware gang stole contractors’ SSNs
Los Angeles Unified School District (LAUSD), the second-largest school district in the United States, says the Vice Society ransomware gang has stolen files containing contractors’…
Ransomware profits drop 40% in 2022 as victims refuse to pay
Ransomware gangs extorted from victims about $456.8 million throughout 2022, a drop of roughly 40% from the record-breaking $765 million recorded in the previous two…
New ‘Blank Image’ attack hides phishing scripts in SVG files
An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be DocuSign documents. Security researchers at…