Cybersecurity Threat Blog – Sponsored by 171Comply.com

Cybersecurity Threat Blog - Sponsored by 171Comply.com

This phishing scam left thousands of stolen passwords exposed through Google search

Check Point Research and Otorio published a blog post describing the campaign, in which stolen information was dumped on compromised WordPress domains.   The recent phishing attack began with one of...Read More
January 21, 2021

Chinese hacking group is stealing airline passenger details

Chinese hackers are gathering passenger details from airlines across the world to track high-value targets’ movements.  The intrusions have been linked to a threat actor that the cyber-security has been...Read More
January 20, 2021

FireEye Releases New Open Source Tool in Response to SolarWinds Hack

FireEye Mandiant announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the threat group that attacked IT...Read More
January 19, 2021

FBI Warns of Employee Credential Phishing via Phone, Chat

The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or...Read More
January 18, 2021

US Government warns of cyberattacks targeting cloud services

In an advisory issued on Wednesday, CISA (Cybersecurity and Infrastructure Security Agency) revealed that hackers have been employing successful phishing campaigns, brute force login attempts, and potentially pass-the-cookie attacks to exploit weaknesses...Read More
January 14, 2021

Vulnerabilities Can Allow Hackers to Create Backdoors in Comtrol Industrial Gateways

Austria-based cybersecurity consultancy SEC Consult discovered five types of vulnerabilities in Pepperl+Fuchs Control industrial products, including cross-site request forgery (CSRF), reflected cross-site scripting (XSS), blind command injection, and denial-of-service (DoS)...Read More
January 14, 2021

TikTok Harvested MAC Addresses by Exploiting Android Loophole

The Chinese company has been accused of spying on millions of Android TikTok users using a technique banned by Google.  According to a Wall Street Journal report, TikTok used a banned tactic...Read More
January 14, 2021

Microsoft urges users to stop using call & SMS-based multi-factor authentication

Microsoft is urging users to abandon telephone-based multi-factor authentication (MFA) solutions like one-time codes sent via SMS and voice calls and instead replace them with newer MFA technologies, like app-based...Read More
January 11, 2021

United Nations Environment Program Exposed 100,000 Employee Records

Sakura Samurai security researchers identified exposed GitHub credentials on a United Nations Environment Program (UNEP) subdomain, which allowed them to access a trove of data, including more than 100,000 employee...Read More
January 11, 2021

This ‘costly and destructive’ malware is the biggest threat to your network

Emotet has secured its spot as the most prolific malware threat.  Over the Christmas and New Year period a spam campaign using Emotet targeted over 100,000 users a day.  Emotet...Read More
January 11, 2021

FBI Warns Businesses of Egregor Ransomware Attacks

The FBI warns the Egregor ransomware, offered under a Ransomware-as-a-Service (RaaS) business model, poses a great threat to businesses due to the use of double extortion.  Egregor has claimed more...Read More
January 8, 2021

Threat Alerts

Threat Alerts Jan7 2021   This new phishing attack uses an odd lure to deliver Windows trojan malware Be warned: COVID-19 vaccine scams are now appearing online, over text, and...Read More
January 7, 2021

How to lock down your Microsoft account and keep it safe from outside attackers

Setting up a Microsoft account doesn’t begin to describe its value, especially if you use that account for crucial email and cloud storage. Follow these seven steps to establish a...Read More
January 5, 2021

Ransomware victims aren’t reporting attacks to police. That’s causing a big problem

Ransomware victims aren’t reporting attacks to police. That’s causing a big problem   ZDNet Ransomware victims aren’t reporting attacks to police. That’s causing a big problem | ZDNet Europol’s annual cybercrime...Read More
January 4, 2021

Lightning does strike twice: If you get hacked once, you’ll probably be attacked again within a year

Lightning does strike twice: If you get hacked once, you’ll probably be attacked again within a year   Danny Palmer ZDNet Lightning does strike twice: If you get hacked once,...Read More
January 4, 2021

Businesses are overconfident about the state of their security

Businesses are overconfident about the state of their security N.F. Mendoza  Tech Republic Businesses are overconfident about the state of their security – TechRepublic 60% of remote workers use personal...Read More
January 4, 2021

Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email

Be warned: COVID-19 vaccine scams are now appearing online, over text, and by email  Charlie Osborne for Zero Day | January 4, 2021 Be warned: COVID-19 vaccine scams are now appearing online, over text,...Read More
January 4, 2021

Pentagon reveals first contracts to serve as pathfinders for CMMC

Pentagon reveals first contracts to serve as pathfinders for CMMC Source: https://federalnewsnetwork.com/defense-main/2020/12/pentagon-reveals-first-contracts-to-serve-as-pathfinders-for-cmmc/ The Defense Department on Thursday disclosed the first seven contracts that are likely to be the initial test...Read More
December 16, 2020

CISA, FBI Alert Warns of Vishing Campaign

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an alert to warn of a voice phishing (vishing) campaign targeting the employees of...Read More
December 11, 2020

IBM indicates that the international vaccine supply chain has been targeted by cyber-espionage

IBM has identified phishing emails which were sent out across six countries, which targeted organizations linked to the Cold Chain Equipment Optimization Platform (CCEOP) of Gavi, the international vaccine alliance. ...Read More
December 3, 2020

FBI Warns of HTTPS Abuse in Phishing Campaigns

Malicious actors are abusing users’ trust in the HTTPS protocol to launch phishing campaigns.  Modern browsers mark websites that use the protocol with a lock icon to indicate that browser...Read More
December 1, 2020