Tag: Threat Watch

BEC Scam Affects Small Colorado Town

Erie, Colorado, a small town just outside of Denver, was hit with a business email compromise (BEC) scam in the fall of 2019. The town had a contract with SEMA Construction for construction of the Erie Parkway Bridge. Since this…

IP Addresses From Iran Target Texas

Unknown Actors Supporting Iran: According to Texas officials, they have been combating approximately 10,000 cyber-attacks per minute coming from IP addresses in the region around Iran. The spike occurred in the past few days, and the attacks are on the Texas…

Scammers Use Iranian Cyberattack Scare

A new phishing scam attempts to use the possible Iranian-backed cyber attack scare to harvest user Microsoft login credentials. According to Michael Gillett, who received the phishing email and shared it, the email was capable of bypassing spam filters and…

Pulse Secure VPN Bug Allows Unauthenticated Access

In April 2019, Pulse Secure issued a security advisory for its VPN application. According to the advisory, multiple bugs had been found that could bypass authentication, allow file access and even remote code execution. Public proof of concept exploits were…

Campaign Leveraging CVE-2019-2215 Discovered on Google Play

SideWinder:  Three malicious Android apps were discovered on the Google Play Store that work in concert with each other to compromise victim’s devices and steal user information.  This represents the first known instance of the vulnerability CVE-2019-2215 being exploited in…

APT Using Multiple VPN Vulnerabilities:

According to the NSA, multiple Advanced Persistent Threat (APT) actors have been exploiting multiple VPN vulnerabilities from several VPN products including Palo Alto GlobalProtect™ and Fortinet Fortigate™ products.  These vulnerabilities allow threat actors to gain remote access to affected networks,…

BusKill Cable Safety Device

When using laptops in a public environment, a thief may attempt a snatch-and-grab of the computer. If a victim is logged into something sensitive, this could pose a serious security risk. Linux system administrator and software engineer Michael Altfield has…

Pro-Iranian Attackers Deface U.S. Government Website

Pro-Iran Hackers: The website of the US Federal Depository Library Program was defaced with a pro-Iran, anti-United States image on Saturday. This is the first “cyber-attack” against a US government website by pro-Iranian hackers following the US strike that killed…

Active Network Suffers Data Breach

Blue Bear, a software platform provided by Active Network, was breached recently. Blue Bear helps schools manage accounting, student fees, and online stores related to schools. Any parents or guardians who logged in to school web stores that use Blue…

Travelex Suffers Malware Attack

Travelex, known for currency exchange services, was the victim of a malware attack on New Year’s Eve which suspended some of their services. The attack forced some systems to go offline to avoid further spread of the malware. This also…

Landry’s Restaurant Chain Hit With POS Malware

The restaurant chain Landry’s recently disclosed a security incident with malware designed to harvest credit card data from 63 different bar and restaurant brands, including Claim Jumper, Rainforest Cafe, Morton’s Steakhouse, and others. Although the malware went unnoticed for nearly…

Private Crypto Keys Being Stolen by Malicious Chrome Extension

Harry Denley, the Director of Security for MyCrypto platform, discovered a malicious Chrome browser extension that claims to help its users manage cryptocurrency, but actually steals crypto wallet private keys and passwords for several cryptocurrency management websites.  The extension, named…