Amazon will automatically enable a feature on its Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams starting June 8. Amazon will register all compatible devices that are operational in the U.S. into an ambitious location-tracking system called Sidewalk. The idea is to co-opt millions of smart home devices into the network…

Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into Google sites that install a Remote Access Trojan (RAT) The attack works by leveraging searches for business forms such as invoices, templates, questionnaires, and receipts as a stepping stone toward infiltrating the systems. Researchers from eSentire said it discovered over 100,000 unique…

Russian search engine, ride-hailing and email service provider Yandex disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain. The security breach was identified during a routine audit of its systems…

Malware dubbed "XLoader" is a successor to another well-known Windows-based info stealer called Formbook. Formbook is known to vacuum credentials from various web browsers, capture screenshots, record keystrokes, and download and execute files from attacker-controlled domains. XLoader is estimated to infected victims spanning across 69 countries between December 1, 2020, and June 1, 2021, with…

Ransomware called "DarkRadiation" targets Linux and Docker cloud containers. The malware is written in Bash script and targets Red Hat/CentOS and Debian Linux distributions. It also uses Telegram's API to communicate with the C2 server via hardcoded API keys. As of writing, there's no information available on the delivery methods or evidence that the ransomware…

A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day Pwn2Own hacking contest. Zoom, Apple Safari, Microsoft Exchange, Microsoft Teams, Parallels Desktop, Windows 10, and Ubuntu Desktop operating systems were among the targets. Zoom said it's pushed a server-side change to patch the bugs, noting that it's working…

Kaspersky attributed the attacks to an advanced persistent threat (APT) it tracks as "WildPressure," with victims believed to be in the oil and gas industry. New malware samples used in WildPressure campaigns have been unearthed, including a newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a…

The National Institute of Standards and Technology (NIST) has revised its recommendations to encourage more modern password security best practices. NIST is now recommending against periodic password resets and suggesting that companies only require passwords to be changed if there is evidence of compromise. With multiple data breaches occurring on a real-time basis, newly compromised…

Human error was a major contributing cause in 95% of cyber breaches, according to IBM Cyber Security Intelligence Index Report. IBM study found that human error was the cause of most successful cyber breaches. Mitigation of human error must be key to cyber business security in 2021, IBM says. Human error can manifest in a…

A whopping 20 billion records were stolen in a single year, increasing 66% from 12 billion in 2019. This is a 9x increase from the comparatively "small" amount of 2.3 billion records stolen in 2018. Malicious actors utilize these treasure troves of information for fraud and further attacks. 2020 closed with a total of 1,114…