The IcedID banking Trojan has been updated with additional evasion techniques, including a password-protected attachment, keyword obfuscation and a DLL file that acts as a second-stage downloader, according to Juniper Threat Labs.
Two critical, zero-day vulnerabilities affecting Internet Explorer and multiple versions of the Windows operating system are being exploited in the wild, Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency warn, urging prompt patching.
Qualcomm is prepping patches for its Snapdragon Digital Signal Processor, used in an estimated 1 billion or more Android devices, after researchers at Check Point counted 400 flaws that attackers could exploit to take control of devices and steal all data they store.
The latest edition of the ISMG Security Report analyzes the hijacking of a virtual court hearing in the Twitter hacking case. Also featured: Why network segmentation is more important than ever; update on Windows print spooler vulnerability.
Adobe Flash Player, which has been patched hundreds of times during its lifetime to address vulnerabilities, will no longer be supported after Dec. 31, leaving an attack vector that can be exploited by malicious actors unless it's removed. That's why eliminating all instances of Flash Player is so urgent.
Mobile banking startup Dave is just the latest victim of criminal data brokers. Extensive evidence now points to Dave having been hit by a ShinyHunters, which has been tied to the sale of millions of stolen records to fraudsters - either via a phishing attack or hack of a third-party service provider.
Mobile-only banking app Dave has suffered a data breach that exposed personal details for at least 3 million users. But the fintech startup says no account information was exposed, and there are no signs of fraud. Dave says the incident traces to credentials stolen from Waydev, a third-party service provider.
The latest edition of the ISMG Security Report analyzes the hacking of high-profile Twitter accounts. Also featured: Addressing security when offices reopen; the role of personal protective equipment, or PPE, in money laundering during the pandemic.
A group of spoofed cryptocurrency trading apps is targeting devices running macOS to install malware called Gmera, security firm ESET reports. The malware can steal users' data as well as their cryptocurrency wallets.
COVID-19 contract-tracing applications that help monitor individuals' possible exposure to those who have tested positive for the virus present a variety of privacy issues that must be addressed, says regulatory attorney Nancy Perkins.
The lessons of the Mirai botnet's abuse of internet-connected devices four years ago have been taken to heart, says Aaron Guzman of OWASP, which is working with others to improve security benchmarks and testing for connected devices.
Apache Guacamole, an open-source application that allows for remote connections to devices, contains several vulnerabilities that could enable attackers to steal data or run remote code execution, Check Point Research found. These bugs come at a time when many employees are still working remotely.
Vulnerabilities due to "coding errors" in a number of mobile banking applications make them all too susceptible to hacking and customer account data theft, the security firm Positive Technologies warns.
Microsoft's Azure Security Center has detected a new hacking campaign that for the first time specifically targets the Kubeflow platform on Kubernetes and uses XMRig cryptominer to mine for monero across multiple clusters.
Researchers at MIT and the University of Michigan have uncovered multiple security flaws in the online voting platform OmniBallot which could allow hackers to access and manipulate voter data. The platform is currently in use in three states for military personnel and disabled residents.