Mobile device and app security firm Zimperium has discovered a new capability in the notorious banking Trojan TrickMo. Some of the samples the company analyzed are able to steal a device’s unlock pattern or PIN. This new feature enables the malefactor to operate on the device even while it is locked. To obtain the necessary unlock information, the malware shows a fake user interface that mimics the device’s legitimate unlock screen. When users enter their unlock pattern or PIN, the data is transmitted to a PHP script along with the Android ID (a unique device identifier), enabling attackers to correlate…
Author: Kirsten Doyle
NHS England’s National Cyber Security Operations Centre (CSOC) has issued a high-severity cyber alert in response to the active exploitation of a critical vulnerability, CVE-2024-40711, in Veeam’s Backup & Replication software. This alert follows Veeam’s security bulletin from September, which addressed one critical and five high-severity vulnerabilities, including CVE-2024-40711. The NHS alert is in line with previous warnings, such as cyber alert CC-4542, highlighting the urgency for rapid patching and other defensive actions. According to the advisory, ransomware groups have been leveraging CVE-2024-40711 as a second-stage exploit to create local Administrator accounts on compromised networks. Executing Remote Code This vulnerability,…
Researchers at Jscrambler have uncovered a new skimming campaign dubbed the “Mongolian Skimmer.” This malware, initially detected through intelligence shared by Sansec, distinguishes itself through its use of unusual Unicode characters to obfuscate JavaScript code. Although at first glance, this may seem like a novel technique, Jscrambler’s experts quickly identified it as a straightforward tactic relying on JavaScript’s capability to use any Unicode character in variable and function names. Obfuscation as a Disguise, Not a Defense The Mongolian Skimmer’s obfuscation methods raised eyebrows due to its odd mix of accented characters, leading some to question whether it might be a…
A whopping almost 32 million records and around 110 TB of data belonging to tech users from Trackman were left exposed to the internet. The database exposed user names, email addresses, device information, IP addresses, and security tokens. They were found by Jeremiah Fowler, a Security Researcher and co-founder of Security Discovery, who reported his findings to Website Planet. He said the records had been sitting in a non-password-protected database for an indeterminate time. TrackMan is a company known for its swing and shot analysis technology used by professional and amateur golfers worldwide. Potential Exploitation Fowler said there were several potential…
We had such an overwhelming response to our first article, which shared industry expert opinions during Cybersecurity Awareness Month, that we’ll be publishing another few articles with more expert insights over the next few weeks. Following on with the theme “Secure Our World,” this second article will once again explore practical, impactful advice that anyone can apply to safeguard their business, data, and personal lives. While there’s no single solution to cover all cyber threats, these insights highlight the importance of adopting fundamental cybersecurity practices tailored to your organization’s specific needs. We asked security professionals for their top recommendations on…
Palo Alto Networks has issued an urgent advisory for its customers following the discovery of multiple critical vulnerabilities in its Expedition tool, which assists with firewall configuration migration. The vulnerabilities are as follows: CVE-2024-9463 has a score of 9.9. It’s an OS command injection vulnerability in Palo Alto Networks Expedition which allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. CVE-2024-9464, with 9.3 is a OS command injection vulnerability that allows a bad actor to run arbitrary OS commands as…
A cyber-enabled disinformation campaign, dubbed Operation MiddleFloor, is targeting Moldova’s government and educational sectors, according to Check Point Research. The campaign began in early August and appears to have been aimed at influencing the country’s presidential elections on 20 October, with a concurrent referendum on EU membership. Malicious actors are leveraging sensitive topics to sway public perception against European values and Moldova’s current pro-European leadership. Setting the Scene In 2022, following Russia’s invasion of Ukraine, Moldova was granted EU candidate status, marking a significant shift for the former Soviet republic. The October 20 referendum will determine whether Moldova’s constitution will…
Early Saturday morning, Lego’s website briefly fell victim to a crypto scam that advertised a fake Lego coin token. The scam appeared as a banner on the homepage, positioned below an advertisement for Lego’s new Fortnite collaboration, which features building models inspired by various Fortnite characters and elements. Fake Lego Coins Users were greeted by a banner featuring illustrated gold coins marked with the Lego logo, announcing the release of a “Lego coin”. However, a user on X (formerly Twitter), ZTBricks, who noticed the hack, shared that the banner claimed visitors could “unlock secret rewards” by purchasing the newly launched…
A newly active botnet, dubbed “Gorilla Botnet,” has unleashed a gargantuan wave of cyberattacks this past September, according to the NSFOCUS Global Threat Hunting System. During a surge in activity from September 4 to September 27, Gorilla Botnet issued more than 300,000 distributed denial-of-service (DDoS) attack commands—an unprecedented level of attack density. The botnet’s targets spanned over 100 countries, with China and the United States experiencing the brunt of the attacks. Among the sectors affected were universities, government websites, telecommunications, banks, as well as gaming and gambling industries. Emerging Threat: A New Twist on the Mirai Source Code Gorilla Botnet…
American Water, the largest publicly traded water and wastewater utility in the United States, has had to shut down certain systems following a cyberattack. The attack impacted the company’s online customer portal, MyWater, and paused billing services. In its 8-K regulatory filing, American Water stated: “Upon learning of this activity, the Company immediately activated its incident response protocols and third-party cybersecurity experts to assist with containment and mitigation activities and to investigate the nature and scope of the incident.” American Water said it promptly notified law enforcement and is coordinating with them. It also said it has “taken and will…