- Mac-Focused Malvertising Campaign Abuses Google Firebase DBs
Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan.
- Post-Perimeter Security: Addressing Evolving Mobile Enterprise Threats
Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay.
- Years-Long Phishing Campaign Targets Saudi Gov Agencies
The campaign, codenamed “Bad Tidings,” has sought out victims’ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interior’s e-Service portal.
- Fin7 Ramps Up Campaigns With Two Fresh Malware Samples
Despite the 2018 crackdown on Fin7, the cybercrime group has been ramping up its efforts with two new malware samples and an attack panel.
- Uber Deployed ‘Surfcam Spyware’ in Australia to Crush the Competition – Report
Until a report this week, Uber's Surfcam's use was thought to be limited to incidents uncovered in Singapore in 2017. For its part, Uber denies that it's a "spyware."
- Cardinal RAT Resurrected to Target FinTech Firms
A long-quiet malware family has been spotted targeting financial technology firms, armed with new obfuscation techniques to avoid detection.
- Host of Flaws Found in CUJO Smart Firewall
Some of the flaws would allow remote code-execution.
- Podcast: The High-Risk Threats Behind the Norsk Hydro Cyberattack
Threatpost talks to Phil Neray with CyberX about Tuesday's ransomware attack on aluminum producer Norsk Hydro, and how it compares to past manufacturing attacks like Triton, WannaCry and more.
- Old Tech Spills Digital Dirt on Past Owners
Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.
- Researcher Says NSA’s Ghidra Tool Can Be Used for RCE
Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users.