Blog

Blog

NCSC Warns That AI is Already Being Used by Ransomware Gangs

In a newly published report, the UK's National Cyber Security Centre (NCSC) has warned that malicious attackers are already taking advantage of artificial intelligence and that the volume and impact of threats - including ransomware - will increase in the next two years. The NCSC, which is part of GCHQ - the UK's intelligence, security and cyber...
Blog

US Agencies Issue Cybersecurity Guide in Response to Cybercriminals Targeting Water Systems

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity...
Blog

Critical flaw found in WordPress plugin used on over 300,000 websites

A WordPress plugin used on over 300,000 websites has been found to contain vulnerabilities that could allow hackers to seize control. Security researchers Ulyses Saicha and Sean Murphy found two critical flaws in the POST SMTP Mailer plugin. The first flaw made it possible for attackers to reset the plugin's authentication API key and view...
Blog

Cryptocurrency wallet CEO loses $125,000 in wallet-draining scam

Anyone can get scammed. If you think you're somehow immune to being scammed, then, in my opinion, you're a prime target for being scammed. No one is too big, too clever, too security-savvy to avoid being duped because it's only human to make a mistake and screw up. And that certainly seems to be the case with Bill Lou. Bill Lou is the CEO and co...
Blog

Google Forms Used in Call-Back Phishing Scam

What's happened? Researchers at Abnormal have discovered the latest evolution in call-back phishing campaigns. Call-back phishing? Traditional phishing emails might contain a malicious link or attachment, and lure recipients into clicking on them via social engineering techniques. Call-back phishing dupes unsuspecting victims into telephoning a...
Blog

Kelvin Security cybercrime gang suspect seized by Spanish police

A malicious hacking group, thought to have been operating since at least 2013, may have suffered a significant blow after the arrest of a suspected leading member by Spanish police late last week. Spain's National Police arrested a Venezuelan man in Alicante on Thursday, in the belief that he is connected to the Kelvin Security gang. In an...
Blog

BlackSuit ransomware - what you need to know

What's going on? A cybercriminal group calling itself BlackSuit has claimed responsibility for a series of ransomware attacks, including breaches at schools in central Georgia. And earlier in the year, a zoo in Tampa Bay was targeted by the same hacking gang. Meanwhile, liberal arts college DePauw University in Indiana says that it was recently...
Blog

Supply-chain ransomware attack causes outages at over 60 credit unions

Over sixty credit unions across the United States have been taken offline following a ransomware attack at one of their technology providers - demonstrating once again the damage that can be caused by a supply-chain attack. There are a few moving parts here, so here’s a quick summary: Trellance - A provider of solutions and services used by credit...
Blog

Ex-worker phished former employer to illegally hack network and steal data

Once again, companies are being warned to be wary of past employees who may turn rogue. 28-year-old Andrew Mahn, of Derry, New Hampshire, has pleaded guilty to charges that he illegally hacked the network of his former company, telecoms firm Motorola after he successfully tricked current staff into handing over their login credentials Mahn, who...
Blog

$9 million seized from "pig butchering" scammers who preyed on lonely hearts

US authorities have seized almost $9 million worth of cryptocurrency linked to a gang engaged in cryptocurrency investment fraud and romance scams. The US Department of Justice has announced that the seized funds are connected to cryptocurrency wallet addresses alleged to be associated with a "pig butchering" gang that has claimed over 70 victims...
Blog

CherryBlos, the malware that steals cryptocurrency via your photos - what you need to know

What's the deal with CherryBlos? CherryBlos is a rather interesting family of Android malware that can plunder your cryptocurrency accounts - with a little help from your photos. Wait. I've heard of hackers stealing photos before, but what do you mean by malware stealing cryptocurrency via my photos? How does it do that? Well, imagine you have...
Blog

Phony Corsair job vacancy targets LinkedIn users with DarkGate malware

Job hunters should be on their guard. Researchers at security firm WithSecure have described how fake job opportunities are being posted on LinkedIn with the intent of spreading malware. A Vietnamese cybercrime gang is being blamed for a malware campaign that has seen bogus adverts posted on LinkedIn, pretending to be related to jobs at computer...
Blog

Ex-Navy IT manager jailed for selling people's data on the dark web

A former US Navy IT manager has been sentenced to five years and five months in prison after illegally hacking a database containing personally identifiable information (PII) and selling it on the dark web. 32-year-old Marquis Cooper, of Selma, California, was a chief petty officer in the US Navy's Seventh Fleet when he opened an account in August...
Blog

Plastic surgeries warned by the FBI that they are being targeted by cybercriminals

Plastic surgeries across the United States have been issued a warning that they are being targeted by cybercriminals in plots designed to steal sensitive data including patients' medical records and photographs that will be later used for extortion. The warning, which was issued by the FBI yesterday and is directed towards plastic surgery offices...
Blog

Revealed! The top 10 cybersecurity misconfigurations, as determined by CISA and the NSA

A joint cybersecurity advisory from the United States's National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations. The report aims to detail the weaknesses found in many large organisations,...
Blog

ZeroFont trick makes users think that message has been scanned for threats

It's nothing new for cybercriminals to use sneaky HTML tricks in their attempt to infect computers or dupe unsuspecting recipients into clicking on phishing links. Spammers have been using a wide variety of tricks for years in an attempt to get their marketing messages past anti-spam filters and in front of human eyeballs. It's enough to make you...
Blog

Snatch ransomware - what you need to know

What's happened? The FBI and US Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory warning organisations about a ransomware-as-a-service operation called "Snatch." Snatch? As in the movie from twenty odd years ago? I'm not sure I've heard of Snatch before... Maybe you haven't. They don't have as high a profile as...
Blog

BLASTPASS: Government agencies told to secure iPhones against spyware attacks

What's happened? CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group. A "zero-click attack"? That's an attack that doesn't require any interaction from...