News

Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco’s Talos division report. With the COVID-19 pandemic forcing many organizations to switch to telework, interactive communication platforms such as Discord and Slack saw increased adoption and adversaries didn’t wait long to start abusing these tools….

Several users of Trezor, a small hardware device that acts as a cryptocurrency wallet, have lost fortunes after being duped by a phishing app. Several users of Trezor, a small hardware device that acts as a cryptocurrency wallet, have been duped by a fake app with the same name. The app was available on Google…

Several days ago, we reported a large-scale data leak that affected 533 million Facebook accounts. The vulnerability that caused the data leak is now fixed. However, the social media platform is facing an investigation by EU regulators. The data breach was possible due to a vulnerability addressed by Facebook in 2019. Despite being two-years old,…

Endpoint Security , Fraud Management & Cybercrime , Incident & Breach Response ISMG Editors Discuss Hot Topics, Including Health Data Breaches Anna Delaney (annamadeline) • April 9, 2021     Clockwise, from top left: Scott Ferguson, Anna Delaney, Marianne Kolbasuk McGee and Tom Field Four editors…

Upon clicking the ad, the user is taken to a fake Clubhouse app website that looks quite authentic but its download link drops malware. Last year, in two separate incidents hackers abused Facebook ads to phish 615,000 account credentials. Then, the infamous Ragnar Locker ransomware gang was found using Facebook ads to extort victims. Now…

ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa ESET researchers have discovered a previously undocumented Lazarus backdoor, which they have dubbed Vyveva, being used to attack a freight logistics company in South Africa. The backdoor consists of multiple components and communicates with its C&C server via the…

Cryptocurrency Fraud , Cybercrime , Fraud Management & Cybercrime Group-IB: Administrator, Seller and Buyer Data Also Stolen Doug Olenick (DougOlenick) • April 8, 2021     Here’s a guide to the national origin of card data that was stolen from the Swarmshop market. (Source: Group-IB) For the second time in two years, the contents of…

Account Takeover Fraud , Card Not Present Fraud , Cybercrime Cybercriminals Using Web Shells to Control Retailers’ Servers Doug Olenick (DougOlenick) • April 9, 2021     Visa’s Payment Fraud Disruption team reports that cybercriminals are increasingly using web shells to establish command and control over retailers’ servers during payment card skimming attacks. See Also:…

A newly-discovered Android malware app called FlixOnline promised users access to Netflix content from all around the world on their smartphones before exploiting access to their WhatsApp, according to Check Point Research. Troubling, the app was not solely on third-party app stores – it was, instead, found on the Google Play Store, using Netflix imagery to…

Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management ESET Report Ties ‘Vyveva’ Backdoor to North Korean APT Group Akshaya Asokan (asokan_akshaya) • April 9, 2021     Example of how the “Vyveva” backdoor works (Source: ESET) The Lazarus Group, a North Korean-linked advanced persistent threat group also known as…