Even yourmost security-savvy users may have difficulty identifying honed spear phishingcampaigns. Unlike traditional phishing campaigns that are blasted to a largeemail list in hopes that just one person will bite, advanced spear phishingcampaigns are highly targeted and personal. They are so targeted, in fact, thatwe sometimes refer to them as “laser” phishing. And because these attacks areso focused, even tech-savvy executives and other senior managers have beenduped into handing over money and sensitive files by a well-targeted email.That’s how good they are. Read More
Cybersecurityresearchers have discovered a new unpatched vulnerability in the Androidoperating system that dozens of malicious mobile apps are already exploiting inthe wild to steal users' banking and other login credentials and spy on theiractivities.
Dubbed Strandhogg, thevulnerability resides in the multitasking feature of Android that can beexploited by a malicious app installed on a device to masquerade as any otherapp on it, including any privileged system app.
In other words, when a user taps the icon of alegitimate app, the malware exploiting the Strandhogg vulnerability canintercept and hijack this task to display a fake interface to the user insteadof launching the legitimate application.
A cryptomining malware has infected at least 80k devicesand uses various tactics to evade detection. Microsoft is warning of malware,Dexphot, that has infected more than 80,000 machines, sucking up their CPUpower in order to mine cryptocurrency.
Researchers first discoveredDexphot in October 2018 and saw its activity peak during July. They said thatthe malware has a complex attack chain and also uses various methods to outwitdetection efforts, including an obfuscated script designed to check for antivirusproducts, and regularly-scheduled malware updates. Read More
Information for industrial control systems owners, operators, and vendors.
Resources for information sharing and collaboration among government agencies.
Information for system administrators and technical users.
