Facebook: A Top Launching Pad For Phishing Attacks
Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users.
DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks
DOJ charges six Russian nationals for their alleged part in the NotPetya, Ukraine power grid and Olympics cyberattacks.
Microsoft Exchange, Outlook Under Siege By APTs
A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.
Microsoft Fixes RCE Flaws in Out-of-Band Windows Update
The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could enable remote code execution.
Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy
Google's Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden's presidential campaign.
Phishing Lures Shift from COVID-19 to Job Opportunities
Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.
Dickey’s BBQ Breach: Meaty 3M Payment Card Upload Drops on Joker’s Stash
After cybercriminals smoked out 3 million compromised payment cards on the Joker’s Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.
News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More
From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week.
Critical Magento Holes Open Online Shops to Code Execution
Adobe says the two critical flaws (CVE-2020-24407 and CVE-2020-24400) could allow arbitrary code execution as well as read or write access to the database.
Zoom Rolls Out End-to-End Encryption After Setbacks
After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week.
Travelex, Other Orgs Face DDoS Threats as Extortion Campaign Rages On
Organizations worldwide – including Travelex – have been sent letters threatening to launch DDoS attacks on their network unless a $230K ransom is paid.
Intel Adds Memory Encryption, Firmware Security to Ice Lake Chips
Intel's addition of memory encryption to its upcoming 3rd generation Xeon Scalable processors matches AMD's Secure Memory Encryption (SME) feature.
Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices
Intel and Google are urging users to update the Linux kernel to version 5.9 or later.
Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes
Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.
Ransomware Attackers Buy Network Access in Cyberattack Shortcut
Network access to various industries is being offered in underground forums at as little as $300 a pop - and researchers warn that ransomware groups like Maze and NetWalker could be buying in.