Apps with 1.5M installs on Google Play send your data to China
Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what’s needed to offer the promised functionality. […]
CISA: Netwrix Auditor RCE bug exploited in Truebot malware attacks
CISA and the FBI warned today of new Truebot malware variants deployed on networks compromised using a critical remote code execution (RCE) vulnerability in the Netwrix Auditor software in attacks targeting organizations across the United States and Canada. […]
JumpCloud resets admin API keys amid ‘ongoing incident’
JumpCloud, a US-based enterprise software firm is notifying several customers of an “ongoing incident.” As a caution, the company has invalidated existing admin API keys to protect its customer organizations. Headquartered in Colorado, the cloud-based directory-as-a-service platform serves over 180,000 organizations across the world. […]
New tool exploits Microsoft Teams bug to send malware to users
A member of U.S. Navy’s red team has published a tool called TeamsPhisher that leverages an unresolved security issue in Microsoft Teams to bypass restrictions for incoming files from users outside of a targeted organization, the so-called external tenants. […]
Police arrest suspect linked to notorius OPERA1ER cybercrime gang
Law enforcement has detained a suspect believed to be a key member of the OPERA1ER cybercrime group, which has targeted mobile banking services and financial institutions in malware, phishing, and Business Email Compromise (BEC) campaigns. […]