Daily Cyber Brief

Hackers are spreading malware via trending TikTok challenge, Russian company Pushwoosh still involved with many apps, and CISA warns of actively exploited Oracle vulnerability...

Cybersecurity

Hackers are spreading malware via trending TikTok challenge: report

Hackers are using a popular TikTok challenge to get people to download information-stealing malware, according to a new report from cybersecurity firm Checkmarx. The campaign takes advantage of a TikTok trend called the “Invisible Challenge” in which people use a special…

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that…

CISA Warns of Actively Exploited Critical Oracle Fusion Middleware Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical flaw impacting Oracle Fusion Middleware to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2021…

North Carolina college confirms ransomware group stole sensitive data

Guilford College in North Carolina confirmed that ransomware actors who attacked their school also stole sensitive data of students, faculty and staff. A spokesperson for the college — which is more than 185 years old — said the attack occurred in October and law…

Acer fixes UEFI bugs that can be used to disable Secure Boot

Acer has fixed a high-severity vulnerability affecting multiple laptop models that could enable local attackers to deactivate UEFI Secure Boot on targeted systems. The Secure Boot security feature blocks untrusted operating systems bootloaders on computers with a Trusted…

Malicious Android app found powering account creation service

A fake Android SMS application, with 100,000 downloads on the Google Play store, has been discovered to secretly act as an SMS relay for an account creation service for sites like Microsoft, Google, Instagram, Telegram, and Facebook. A researcher says the infected…

Black Basta Gang Deploys Qakbot Malware in Aggressive Cyber Campaign

The Black Basta ransomware group is using Qakbot malware — also known as QBot or Pinkslipbot — to perpetrate an aggressive and widespread campaign using an .IMG file as the initial compromise vector. More than 10 different customers have been targeted by the…

Phishing Campaign Impersonating UAE Ministry of Human Resources Grows

A phishing campaign discovered in July that saw threat actors impersonating the Ministry of Human Resources of the UAE government may be more significant in scale than previously believed. The findings come from security researchers at CloudSEK, who published a new…

Project Zero Flags 'Patch Gap' Problems on Android

Vulnerability researchers at Google Project Zero are calling attention to the ongoing “patch-gap” problem in the Android ecosystem, warning that downstream vendors continue to be tardy at delivering security fixes to Android-powered devices. In a research note…

Millions of Twitter Accounts Potentially Compromised

Over five million user accounts may have been compromised in Europe and the US, according to cybersecurity expert Chad Loder. The researcher made the announcement on Twitter last week but subsequently had his account suspended. The posts are still available on the…

Daily Cyber Brief

Hackers are spreading malware via trending TikTok challenge, Russian company Pushwoosh still involved with many apps, and CISA warns of actively exploited Oracle vulnerability...

Cybersecurity

Join the conversation

Overt Operator