An ingenious attack on Android devices self-propagates, with the potential for a range of damage.
A new Android malware that impersonates the Google Chrome app has spread to hundreds of thousands of people in the last few weeks, according to researchers. The fake app is being used as part of a sophisticated hybrid cyberattack campaign that also uses mobile phishing to steal credentials.
Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” a LIVE roundtable event on Wednesday, May 12 at 2:00 PM EDT for this FREE webinar sponsored by Zoho ManageEngine.
According to researchers at Pradeo, the attack starts with a basic “smishing” gambit: Targets receive an SMS text asking them to pay “custom fees” to release a package delivery. If they fall for it and click, a message comes up asking them to update the Chrome app.
minute read
Share this article:
A patch for Adobe Acrobat, the world’s leading PDF reader, fixes a vulnerability under active attack affecting both Windows and macOS systems that could lead to arbitrary code execution.
Adobe is warning customers of a critical zero-day bug actively exploited in the wild that affects its ubiquitous Adobe Acrobat PDF reader software. A patch is available, as part of the company’s Tuesday roundup of 43 fixes for 12 of its products, including Adobe Creative Cloud Desktop Application, Illustrator, InDesign, and Magento.
Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” a LIVE roundtable event on Wednesday, May 12 at 2:00 PM EDT for this FREE webinar sponsored by Zoho ManageEngine.
minute read
Share this article:
The sophisticated threat is targeting Microsoft Exchange servers via ProxyLogon in a wave of fresh attacks against North American targets.
The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers.
That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework into its malware toolkit and has beefed up anti-detection capabilities. On the latter front, it’s using fake domains on East Asian top-level domains (TLDs) to hide command-and-control (C2) infrastructure.
minute read
Share this article:
Security researchers mull possible perpetrators of the attack, and warned that the incident could be a harbinger of things to come.
The Biden administration has declared a state of emergency that covers 17 states and Washington D.C. in the wake of the ransomware attack on the Colonial Pipeline Co., and is working with Colonial to restart operations.
On Monday morning, FireEye also confirmed to Threatpost that it’s been called in to help with the investigation, but it wasn’t at liberty to say anything more.
The news came as security researchers mulled possible perpetrators of the attack, and warned that the incident could be a harbinger of things to come.
minute read
Share this article:
Colonial Pipeline says it is the victim of a cyberattack that forced the major provider of liquid fuels to the East Coast to temporarily halted all pipeline operations.
A ransomware attack has halted pipeline activities for the Colonial Pipeline Co., which supplies the East Coast with roughly 45 percent of its liquid fuels.
In a statement released on Saturday, Colonial Pipeline said it has temporarily halted pipeline operations in response to a cyberattack impacting the company starting Friday.
Join Threatpost for “Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks” a LIVE roundtable event on Wednesday, May 12 at 2:00 PM EDT for this FREE webinar sponsored by Zoho ManageEngine.