RAINBOWMIX Apps in Google Play Serve Up Millions of Ad Fraud Victims
Collectively, 240 fraudulent Android apps — masquerading as retro game emulators — account for 14 million installs.
Cisco Fixes High-Severity Webex, Security Camera Flaws
Three high-severity flaws exist in Cisco’s Webex video conferencing system, Cisco’s Video Surveillance 8000 Series IP Cameras and Identity Services Engine.
HEH P2P Botnet Sports Dangerous Wiper Function
The P2P malware is infecting any and all types of endpoints via brute-forcing, with 10 versions targeting desktops, laptops, mobile and IoT devices.
Microsoft Azure Flaws Open Admin Servers to Takeover
Two flaws in Microsoft’s cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks.
Announcing Windows Server Summit 2020
We’re right on the heels of Microsoft Ignite and in comes another exciting virtual event: Windows Server Summit 2020! Mark your calendars for Thursday, October 29 at 9:00 AM Pacific Time where we will dive deeper into the latest and greatest innovation in Windows Server announced at Ignite such as Azure Automanage, Windows Admin Center…
Amazon Prime Day Spurs Spike in Phishing, Fraud Attacks
A spike in phishing and malicious websites aimed at defrauding Amazon.com customers aim to make Prime Day a field day for hackers.
MontysThree APT Takes Unusual Aim at Industrial Targets
The newly discovered APT specializes in espionage campaigns against industrial holdings — a rare target for spyware.
MontysThree: Industrial espionage with steganography and a Russian accent on both sides
In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. Initially the reason for our interest in this malware was its rarity, the obviously targeted nature of the campaign and the fact that there are no obvious similarities with already known campaigns at…
Feds Sound Alarm Over Emotet Attacks on State, Local Govs
CISA warned already-strained public-sector entities about disturbing spikes in Emotet phishing attacks aimed at municipalities.
Google Rolls Out Fixes for High-Severity Android System Flaws
The most serious bugs are elevation-of-privilege issues in the Android System component (CVE-2020-0215 and CVE-2020-0416).