Phishing Campaign Targeting Verizon Mobile Users

Posted on April 6th, 2019 by Responsible Cyber

Lookout Phishing AI, which discovered the attack, says it has been going on since late November. Verizon is warning customers about a phishing campaign that is going specifically after mobile users. Mobile devices have emerged as an effective attack vector, according to Jeremy Richards, principal security researcher at Lookout Phishing AI, which discovered the phishing […]

Read More

Python-Based Bot Scanner Gorging on Recon Intel

Posted on April 6th, 2019 by Responsible Cyber

Discovered by AT&T AlienLabs, new malware Xwo seeking default creds and misconfigurations in MySQL and MongoDB, among other services A new Python-based bot scanner is snaking its way through Internet resources, seeking out exposed Web services and default passwords on critical network resources. The information grab doesn’t yet appear to be weaponized, but researchers believe […]

Read More

Researchers Link ‘Sharpshooter’ Cyber Attacks to North Korean Hackers

Posted on March 14th, 2019 by Responsible Cyber

Security researchers have finally, with “high confidence,” linked a previously discovered global cyber espionage campaign targeting critical infrastructure around the world to a North Korean APT hacking group.Thanks to the new evidence collected by researchers after analyzing a command-and-control (C2) server involved in the espionage campaign and seized by law enforcement.Dubbed Operation Sharpshooter, the cyber […]

Read More

Severe Flaw Disclosed In StackStorm DevOps Automation Software

Posted on March 14th, 2019 by Responsible Cyber

A security researcher has discovered a severe vulnerability in the popular, open source event-driven platform StackStorm that could allow remote attackers to trick developers into unknowingly execute arbitrary commands on targeted services.StackStorm, aka “IFTTT for Ops,” is a powerful event-driven automation tool for integration and automation across services and tools that allows developers to configure […]

Read More

Severe Flaws in SHAREit Android App Let Hackers Steal Your Files

Posted on March 1st, 2019 by Responsible Cyber

Security researchers have discovered two high-severity vulnerabilities in the SHAREit Android app that could allow attackers to bypass device authentication mechanism and steal files containing sensitive from a victim’s device.With over 1.5 billion users worldwide, SHAREit is a popular file sharing application for Android, iOS, Windows and Mac that has been designed to help people […]

Read More

New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers

Posted on March 1st, 2019 by Responsible Cyber

Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks.Known for years, Direct memory access (DMA)-based attacks let an attacker compromise a targeted computer in a matter of seconds […]

Read More

Dow Jones list of high-risk businesses, people on unsecured database

Posted on February 28th, 2019 by Responsible Cyber

Security researcher Bob Diachenko discovered an unprotected 4.4GB Elasticsearch database chock-full of more than 2.4 million records of people and businesses considered to be high-risk by Dow Jones. A third-party company left this Dow Jones watchlist on a public server without even so much as a password to protect it. The proprietary watchlist, hosted on […]

Read More

Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years

Posted on February 21st, 2019 by Responsible Cyber

Beware Windows users… a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide.Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the software released […]

Read More

Critical Zcash Bug Could Have Allowed ‘Infinite Counterfeit’ Cryptocurrency

Posted on February 15th, 2019 by Responsible Cyber

The developers behind the privacy-minded Zcash cryptocurrency have recently discovered and patched a highly dangerous vulnerability in the most secretive way that could have allowed an attacker to coin an infinite number of Zcash (ZEC).Yes, infinite… like a never-ending source of money.Launched in October 2016, Zcash is a privacy-oriented cryptocurrency that claims to be more […]

Read More

First Android Clipboard Hijacking Crypto Malware Found On Google Play Store

Posted on February 14th, 2019 by Responsible Cyber

A security researcher has discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users.The malware, described as a “Clipper,” masqueraded as a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet addresses copied into the Android clipboard with one belonging to attackers, […]

Read More