-
iOS 15.2.1 Fixes ‘doorLock’ HomeKit Flaw and Other Bugs
Apple today started rolling out iOS 15.2.1 for iPhones and iPads, addressing a security flaw in the HomeKit framework that could be exploited to trigger denial of service and lock users out of their devices. According to the release notes (pictured below), iOS 15.2.1 is a bug-fix release, addressing an issue with Messages…
-
Backscatter Spam Attack Used to Deliver Bitcoin Extortion Messages to Eastern Europe
Bitdefender Antispam Lab researchers have been analyzing a wave of extortion messages sent via backscatter spam or “non-delivery report messages” (NDR). Beginning Jan. 4, spammers have been focusing on delivering tens of thousands of messages to recipients in Eastern Europe, including Romania, Hungary and Croatia.…
-
Is VPN Legal? Understanding VPN and the Law around the World
The surge in popularity of VPNs among privacy-conscious netizens stems from their ability to anonymize your connection, encrypt your traffic, and circumvent geo-restrictions set in place by various entities. It’s no surprise that their usefulness in protecting individual privacy often leaves them at the center of legal…
-
Accounts of Top FIFA 22 Gamers Hijacked in Hacking Wave
The FIFA game franchise, enjoyed by millions of gamers worldwide, isn’t just about breaking controllers and tantrums anymore. For some, it’s also about breaking into accounts. Over the last few weeks, several high-profile FIFA 22 players, streamers, and traders have vented on Twitter, saying their EA accounts were…
-
VPN vs. Smart DNS: Which One’s Better at Protecting Your Privacy?
VPN and Smart DNS proxies are handy if you want to hide your digital identity from various online services. However, their functionality is wildly different, and one of them is considerably more effective than the other at safekeeping your privacy. It’s no secret that VPNs are one of the most efficient ways to anonymize…
-
Finalsite Ransomware Attack Freezes Thousands of School Websites
A major cyber attack on Finalsite, a leading school platform provider, disrupted thousands of schools worldwide over several days this week. Finalsite offers website, communications, enrollment and marketing platforms to more than 8,000 schools and universities in 115 countries around the world. On Jan. 4, an unexpected…
-
Hackers Are Sending Malicious Links Via Google Docs
Security firm Avanan says it "observed a new, massive wave of hackers leveraging the comment feature in Google Docs, targeting primarily Outlook users" starting in December 2021. Attackers reportedly created Google Docs and left comments using tags (the "@" symbol followed by the victim's name) so Google would notify the…
-
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway
Log4Shell is a 0-day vulnerability in the Log4j Java library that allows attackers to download and run scripts on targeted servers, leaving them open to complete remote control. After a user posted a proof-of-concept (PoC) on Twitter, Bitdefender’s honeypots started to register attacks using the PoC, underlining just how…
-
Rookie Researcher Finds Potential Ransomware Attack Vector for iPhone
A rookie security researcher claims to have discovered a potential ransomware attack vector for iPhones and iPads that exploits a weakness in Apple’s HomeKit framework. He calls the exploit ‘doorLock’ and says any iPhone or iPad running iOS 14.7 through iOS 15.2 is vulnerable, with older iOS 14 releases likely affected as…
-
Ukrainian Police Arrest 51 Suspects Allegedly Peddling Data of 300 Million European and US Citizens
Ukraine cyber police have arrested 51 individuals suspected of illegally distributing stolen personal information of 300 million people from the US, Ukraine and several European countries. The large-scale operation, fittingly dubbed “DATA,” involved 117 searches throughout the Ukraine in November 2021. “As a result of the…
-
Auch! Google Play Removes App With 500,000 Downloads After Catching It Harvest User Data
A popular Android app with over 500,000 downloads was removed from Google Play earlier today after security researchers detected that it was hosting a dangerous strain of malware. The malicious component stealthily used the app to collect personal data from unsuspecting users and send it to a remote server that appears to…
-
Facebook (Meta) adds scraping attacks to Bug Bounty Program
Meta (formally Facebook) has announced that its existing Bug Bounty program will expand to include scraping attacks. Data scraping is a procedure that lets attackers gather bulk data of any Facebook user that has the profile set to public, and sometimes even from private accounts. “We will reward reports of unprotected or…
-
7 Cybersecurity Tips for Your Last-Minute Christmas Shopping
The holiday season is a busy time of the year, traditionally known for increased consumer spending across much of the globe. Big money also means profitable opportunities for the cybercrooks who lurk in every corner of the internet. Fraud and other malicious activity targeting consumers and businesses are rampant, and…
-
North American Gas Supplier Superior Plus Hit with Ransomware
Superior Plus, a leading natural gas supplier in North America, fell victim to a ransomware attack last weekend that forced it to shut down some of its operations, the firm disclosed today. “The Corporation was subject to a ransomware incident on Sunday, December 12, 2021, which impacted the Corporation’s computer…
-
Google Patches Zero-Day Vulnerability with Emergency Chrome Update
Google pushed an emergency Chrome update this week to fix a severe zero-day vulnerability that has been exploited in the wild. The patched zero-day, tracked as CVE-2021-4102, was reported by an anonymous researcher on the 9th of December, but little else is known about it. Google Chrome’s Stable and Extended Stable…
-
Fighting REvil: Bitdefender webinar
REvil, the notorious ransomware-as-a-service group, have extorted hundreds of millions of dollars from its victims. However, in the past 6 months, things have started to change for the threat actor group. After vanishing from the internet in July, REvil reemerged in September - only to go dark again in October. What can we…
-
Europol: “The Hidden Internet Is No Longer Hidden..."
Europol this week has announced the arrest of 179 vendors of illicit goods on the dark web, in a coordinated operation known as DisrupTor. According to the press release, operation DisrupTor follows the takedown of Wall Street Market, the world’s then second largest illegal online market in the dark web, which provided…
-
Quickly patch your iPhones & Macs against active exploit
If you're the owner of an iPhone, iPad, or Apple Mac you should update your system right now. Apple has released a major security update for its devices, after finding a zero-day flaw that the company indicates has been the focus of in-the-wild attacks by hackers, and might have been used to plant malware. Full article…
-
A dedicated website announcing the latest news and threats by BD
Hi, It would be an excellent idea if Bitdefender can create a dedicated new website for all the latest Cybersecurity news and related updated. Being a Kaspersky user in the past, I use to greatly benefit from Securelist.com - a website dedicated with the latest news. Hope Bitdefender can consider this request.
-
Five Easy Steps to Strengthen the Security of Your Google Account
The Security pane in your Google Account settings offers a plethora of ways to strengthen and tweak your account’s security. Chief among them is the Security Checkup module, which offers the most important settings related to the security of your Google Account. 1. Unlink old or unfamiliar devices 2. Check recent security…
-
Half of Internet Users Fall Victim to Cyber Attacks
Half of computer users confirm that they have fallen victim to some form of cybercrime, according to a new NordLocker cybersecurity report. [...] In April, the company polled 1,400 Internet users in the US and UK, revealing that over 50% of respondents had fallen victim to malicious cyber activity. Brits hold steady at…
-
Alleged Ransomware Attack Disrupts Medical Care at UHS Hospitals Across the US
Universal Health Services (UHS), one of the largest hospital chains in the US, was hit by an apparent cyberattack over the weekend that disrupted IT and phone systems at healthcare facilities in California, Florida, Texas, Arizona and Washington DC. According to UHS employee reports, the attack occurred on Sunday morning,…
-
Cyber-crime against children spikes amid stay-at-home orders
To read the full article, please click here While the virtual environment helps teachers and parents struggling to maintain a balanced day-to-day schedule for children, it also serves as a malicious vector for the cyber exploitation of children. In the first two months of spring, the Minnesota Bureau of Criminal…
-
U.S. Treasury anticipates surge in fraudulent attempts regarding Economic Stimulus Payments
Read the full article here. In times of crisis, we become most vulnerable, and brushing up on fraudsters’ M.O. can protect you from becoming another victim. Scammers can play their part quite nicely, and fool unsuspecting citizens that rely so much on government aid. You can make a difference by following some simple rules…
-
Covid-19 related crimes swindled $12 million from U.S. citizens in just 3 months
The coronavirus outbreak has opened new doors for bad actors and fraudsters attempting to profit off the health crisis. Scammers have shown no sign of fatigue over the past months, hitting consumers with a varied menu of tricks, ranging from impersonating government officials from the WHO and CDC, to fake work-from-home…
-
Department of Justice goes after scammers exploiting Coronavirus pandemic
“It is essential that the Department of Justice remain vigilant in detecting, investigating, and prosecuting wrongdoing related to the crisis,” said U.S. Attorney General William Barr in the Memorandum sent out to attorney offices across the nation. [...] The DOJ also advises consumers to be vigilant and follow protective…
-
Social Distancing: The hidden risks of online exposure
In just a few weeks following the outbreak, social and economic habits were broken, and we are now struggling to keep our smiling poker face amid the crisis. The side effects of isolation may also influence your online activity, attracting unwanted attention from cyber criminals. Here's one of the dangers of online…
-
Don’t Fall for These COVID-19 Scams, FBI Warns
The FBI has warned that scammers are using email scams to capitalize on the coronavirus scare, including messages purporting to be from national authorities like the Centers for Disease Control and Prevention. “Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. Don’t let…
-
Phishing Email Aims to Trick Hospital Staff with ‘Coronavirus Seminar’
A new phishing scam is capitalizing on the COVID-19 pandemic, seeking to steal credentials of healthcare workers with the promise of a “coronavirus awareness” seminar. An email purporting to come from the organization’s IT department urges employees to access a link and enter their username and password. If duped by the…
-
Coronavirus Medical Supply Scams Prey on Fear
As headlines buzz with the latest news and developments on the Coronavirus outbreak, scammers and threat actors are piggybacking on the fears of consumers everywhere. They are becoming more resourceful in their schemes and are constantly monitoring the web, preying on our fears and relying on the fact that we’ve let down…