XorDdos Malware Spike in May

OneMoreLead, a business-to-business (B2B) marketing enterprise, suffered a significant data breach late last year. The marketing company left a database misconfigured, prompting the unintentional leaking of 63 million records. 

When you think of scams, you probably think of them as someone trying to trick you out of money. While data loss is typically not the primary goal of a scam, it can be the outcome.

The personal information of nearly 700,000 individuals was stolen in a data breach at the University of New Mexico Health. The data breach was revealed in the second half of 2021.

Following a statement by Twilio outlining a phishing attack that led to a data breach, Cloudflare released a statement sharing they were a victim of the same attack.

Twilio recently revealed that several employees were tricked by hackers, leading them to divulge personal, corporate-level logins.

A hacker has illegally accessed and leaked several hundred million user records from the popular Raychat app. Raychat, especially popular in the Middle East, is now in damage control after this digital infiltration.

From email marketing companies to law firms, healthcare companies, and beyond, organizations of all types are being hit by online attacks at an increasing frequency nearly across the board.

Hackers plucked a tidy $600 million worth of cryptocurrency out of Poly Network accounts. Poly Network is a popular DeFi (decentralized finance) platform.

BitMart, a cryptocurrency trading platform, has been in the news for all the wrong reasons. BitMart suffered a nasty digital security breach that prompted a corrective update.

Digital security specialists are issuing a siren call in response to the significant uptick in phishing attacks. Phishing is now a component of a decentralized offensive through an IPFS network.

A recent IBM report estimates healthcare data breaches have reached a record high of $10 million per incident. This eye-popping statistic is just one of many examples of the actual cost of digital security breaches.

Smishing is the latest form of phishing that has taken the mobile world by storm. It's not a new concept, but it has been modified to suit today's fast-paced society and accessibility to mobile devices.

The average person downloads Android apps from the Google Play Store without a second thought. However, more than a dozen such apps are planting malware on phones after download.

Digital security specialists have identified more than 3,200 apps used on mobile devices that are leaking API keys related to Twitter.

Early reports indicate Twitter might have suffered a massive data breach. It appears that between five and six million accounts were compromised in the attack.

By snooping on their email messages, hackers from North Korea are using harmful browser extensions to uncover information about targeted individuals.

Harmful NPM packages are stealing usernames, passwords, and financial information from Discord users. The campaign, dubbed "LofyLife", plucks tokens from users, infects files for monitoring activity, and can even change a Discord user's password in mere seconds.

The Roaming Mantis mobile campaign has returned to no fanfare at all. The threat connects several new forms of attempts at digital compromise targeting smartphone customers in France.

The end of the final week of July has arrived. The time has come to recap the week's top online breaches, hacks, and other digital offensives.

Raccoon Stealer has once again reared its ugly head to the delight of no one outside of the hacking community. It is not a question of whether Raccoon Stealer will remain on the digital threat landscape but whether your organization or your personal computer will be victimized by it.

Digital security experts have identified a new UEFI firmware rootkit. Referred to as Cosmic Strand, the UEFI firmware rootkit poses a significant threat, as detailed below.

It wasn't long ago when the term "mercenary" was limited to soldiers on the field of traditional battle. The battleground has partially shifted to the digital realm.

Neopets' website has suffered a significant data breach. In all, just under 70 million users are affected by the breach. Below, we provide the details of the breach and outline some digital security tips to bolster your online defenses.

In 2016, more than 16 million patient records were stolen in the US. Some papers fetched high prices, up to $1,000 for complete information.

Having your wallet stolen can be frightening; losing your credit and debit card can be devastating financially, and thieves may clean out your accounts before you can freeze them.

People once thought that water was the new oil, as the availability of fresh, potable water was starting to dwindle while the population continued to soar.

Google has officially removed Android apps containing malware. The tech powerhouse eliminated the eight apps in the aftermath of a whopping three million total downloads.

Premint, a platform for NFTs, suffered a loss of nearly $400,000 after an especially damaging online attack. Hackers pocketed a tidy sum of money by implementing malicious code to infiltrate the site and redirect funds to their own accounts.

CloudMensis spyware has emerged as a nasty threat to businesses and everyday computer users. It appears as though the spyware went undocumented for quite some time.

Wordfence digital security specialists are issuing a siren call concerning the unexpected hike in online attacks designed to take advantage of unpatched weaknesses within WordPress plugins.

Microsoft recently revealed online miscreants aggressively targeted 10,000+ organizations dating back to last fall. The tech giant is warning its business email clients about a massive phishing campaign designed to avoid multifactor authentication, obtain access to inboxes and engage in fraudulent activity.

Business email compromise or BEC, also known as email account compromise, can cost your business hundreds or thousands of dollars in lost revenue.

Botnet scams are multi-fold in their danger. Each botnet scam requires a criminal and a series of victims. Victims are those who have had their computers hijacked, plus the targets of the criminal's assaults.

According to VentureBeat, the frequency of online attacks in the new year has increased by three million more than that of the year prior.

A new callback phishing scam has victimized several digital security firms. Though the scam was limited to security firms, it has the potential to extend to other enterprises spanning several sectors and industries.

A North Korean hacker obtained access to the systems of Axie Infinity, an NFT marketplace, and blockchain gaming service. The attack resulted in a loss of about $540 million.

The internet has grown significantly over the past 20 years and continues to grow at an accelerated rate. The cyber threat landscape continues to grow as more people and businesses invest in digital services.

Personally Identifiable Information (PII) is sensitive data that can identify an individual. Examples of PII include an individual's name, address, phone number, email address, social security number, passport number, driver's license number, and other similar PII information.

SHI has been hit by malware, spurring the temporary shutdown of the company's public websites and email services. SHI took down their sites and email for several days during the attack and its aftermath.

The massive global hotel chain Marriott has been digitally breached yet again. Marriott International revealed the breach earlier this week.

The OpenSea data breach made waves throughout the digital security industry earlier this year, spurring a sector-wide siren call to improve digital protections safeguarding networks, computers, and web-connected devices.

An influence campaign tied to China has zeroed in on rare earth mining businesses. The United States, Canada, and Australia were the home of most of the targetted companies.

Summer is in full swing, yet the online threats aren't dissipating in the slightest. The digital criminals are out in full force, as evidenced by the attacks that occurred this past week and throughout the entire month of June.

Digital security specialists have identified harmful NPM packages that have stolen significant information from online forms and apps.

Leaky access tokens have created quite the digital storm as we transition to the second half of 2022. Hackers employed Amazon user authentication tokens to encrypt or steal pictures and documents.

OpenSea, the popular NFT platform, suffered a significant data breach. The NFT trading marketplace endured yet another attack.

If you own a SOHO router, you should be aware that ZuoRAT has the potential to take it over. SOHO routers transmit wireless and wired broadband routing across networks.

Identity theft is serious, and it can be challenging to know if someone is illegally using your personal information. Identity theft affects more than 13 million individuals annually in the U.S., with losses topping $15 billion.

The Google Threat Analysis Group, commonly referred to as TAG, recently revealed it blocked nearly 40 harmful domains controlled by mercenary hackers.

Did you know that hackers create 300,000 new malware threats daily? According to Web Arx Security, those hundreds of thousands of new forms of malware range from keyloggers to Trojans, adware, viruses, and more. 

Social and political issues have spread like wildfire across the globe since the advent of the internet. While this instantaneous interconnectedness provides a platform for informing the world about the plight of one group or another, it doesn't solve the issue of doing something about the issues at hand.

The latest string of hacks is highlighted by an especially harmful digital attack on Baptist Medical Center. The malware incident centers on data exfiltration.

The latest string of ransomware attacks has exploited a VoIP bug. More specifically, the bug in question is a Mitel VoIP bug.

As the internet grows and integrates into our work, school, and entertainment, every facet of life is being transformed into tangible data.

The internet is like an iceberg; the part you see every day is merely a small section of a huge network of hidden pages and data.

Flagstar Bank is in the news for the wrong reason. The bank recently publicized the fact that it discovered a digital breach.

We are nearly halfway through 2022. News stories detailing hacks and other digital breaches continue to roll in on a daily basis.

There has been a significant spike in tourism following the gradual decline of the coronavirus pandemic.  The increase in travel has caught the attention of digital miscreants looking to scam tourists as well as travel services providers.

The cybercriminals responsible for BRATA malware have enhanced their digital Frankenstein with a slew of additional features.

Digital security specialists have identified an APT linked to China that was unknown for nearly a decade. Though the APT is diminutive, it is quite potent.

A messenger scam on Facebook has fooled millions of the social media platform's users.  Around 10 million Facebook users were duped by the phishing message.

Researchers with Google have identified a vulnerability in Apple Safari that has been exploited in the wild. The 5-year-old vulnerability resurfaced yet went unnoticed for quite a lengthy period of time, even after repair and reintroduction.

With nearly $160 billion in total payment volume for 2020, Venmo is quickly growing into one of the most popular peer-to-peer, or P2P, payment systems on the market.

While we need the internet for everything from entertainment to employment, it undoubtedly exposes us to a number of harmful scams.

If you're an Apple user, you've likely heard something about the mysterious process known as "jailbreaking. " It's a common way to work around the many restrictions manufacturers place on smartphones and other digital devices, but its safety and legal status have always been a bit murky. 

Most people are surprised to learn hundreds of thousands of new forms of malware are made on a daily basis. Programming has advanced to the point that hackers can lean on artificial intelligence to help craft new and even more creative internet-based attacks.  

Digital security specialists insist a new form of Linux malware is discrete to the point that it is almost impossible to identify.

The medical records of nearly 70,000 individuals have been exposed in a massive data breach. The breach occurred at Kaiser Permanente. 

Chinese hackers are zeroing in on Android and iOS users with the distribution of Web3 wallets that are backdoored. The hackers are attempting to steal money using the backdoored apps in a creative way.

An internet marketplace that made the private information of more than 20 million individuals available for purchase has been removed from the web, hopefully for good.

Qbot, a powerful form of malware, is now being used by Black Basta ransomware attackers to create a whole that is greater than the sum of its parts.

When we ask the question "What is an APT," there is no simple or succinct answer. The world of cybersecurity is complex, with many layers interacting to create the safety nets we all enjoy online.

Speculation proliferates on the internet. Everyone wants to be on the ground floor of money-making, buzz-building events. That means many people will buy something they don't understand for a price that is likely to spike – and collapse--quickly.

In 2021, the U.S. Border Patrol seized nearly 23,000 fake CDC vaccination cards, a number that represents only a fraction of the total fake card market.

Shields Health Care Group, a medical imaging provider, has been hacked. A total of two million people were affected by the attack.

Take a look back through the previous week's digital security news headlines and you'll find no shortage of stories.  Online aggression has reached an all-time high, yet it isn't only multinational corporations that are in hackers' crosshairs.

The online attacks simply do not stop. In the latest wave of online crime, ransomware hackers have obtained 1,200 Elasticsearch databases that lacked the necessary digital security protections.  

Apple is programming its computers with a new feature that adds security updates without requiring a manual prompt. Nor is there any need for a full operating system update for the improvements to be seamlessly implemented.

An especially harmful strain of malware known as "FluBot" has finally been taken down. It took several federal agencies and more than a year's time to eliminate FluBot.

Atlassian, one of the world's leading digital work specialists, is in the news for issuing a new security patch. The patch pertains to a zero-day vulnerability that is considered to be critical.

Identity theft is increasingly common in the United States and worldwide. The practice of obtaining identifying information, such as social security numbers, dates of birth, and addresses, happens every day.

In today's high-tech world, identity theft and fraud are all too common. Scams are changing and evolving, often becoming savvier and harder to spot.

Maintaining digital safety is quickly becoming a priority for companies in every industry and sector. Utilizing cybersecurity best practices can keep your clients, employees, and management team safe from data leaks and malware attacks.

The pace of online attacks hasn't slowed nearly halfway into the year. Fire up a digital security website in your browser, and you are sure to find a nearly endless list of digital break-ins and other crimes in the virtual realm.

A PyPi package referred to as "CTX," and another referred to as "phpass" PHP Library are being used to steal AWS keys. The PHP and Python packages function as trojans.

A zero-day bug referred to as "Follina" sets the stage for outdated versions of Microsoft Office to be attacked. The malware is a significant threat as it loads itself on remote servers, bypassing the system's scanner dubbed "Defender AV" and permitting the running of harmful code on computers.

Flaws described as "critical" within the widely used ICS platform have the potential to catalyze RCE into action. RCE is an acronym commonly used by those in the tech world to refer to remote code execution.

REvil, one of the most feared cyber gangs in the history of the internet, appears to have returned.  The hacking collective is back on the scene with new DDoS attacks.

A link between several different types of the most threatening ransomware has been identified.  The link connects Yashma, Onyx, and Chaos ransomware together.

Private browsing is an option that's available on every web browser without the need to upgrade to a premium product. This feature allows users to use search terms without concerns that other users on the same device or account might discover them.

Over the last decade or two, we have seen a noticeable shift in general childhood activities. Society is silently pulling away from more active games and tasks and leaning towards more passive ones.

The final days of May have been quite tumultuous in the context of internet security. Online attacks continue to occur at an alarmingly high frequency here in the United States and abroad.

Those who pay attention to malware attacks have noted a considerable uptick in the number of XorDdos Linux attacks. XorDdos has developed a reputation for using attacks characterized as secure with shell brute force.  

A new ransomware variant dubbed Yashma has been pinpointed in the wild. The Chaos builder represents the latest version of the ransomware line.

A botnet referred to as Fronton tracks activity on the internet and conducts illegal operations. The IoT botnet aims to steal information, disinform, and wreak general havoc on the web.

A keylogger is infecting computers through harmful PDF files. The snake keylogger centers on an email campaign that sends PDF files and other files from Microsoft Word programs.

The failure to quickly patch a bug might empower online criminals to steal money directly out of the accounts of PayPal users.

Maintaining cybersecurity is a priority for organizations and individuals alike. Statistically, cyberattacks are rising, with cybercrime strategies evolving and adapting to mitigation strategies.

Cybersecurity is a significant area of focus in technology, regardless of use and industry. Achieving security in applications and across networks is essential for individuals and businesses alike.

Devices like smartphones have moved from a luxury to a necessity in our lives; many of us rely on our phones to store important information like passwords, bank account logins, and other personal data.

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

The dark web, also known as "darknet" is a portion of the internet that lies outside the boundaries of traditional search engines.

Your Wi-Fi network is another handy access point that hackers use to infiltrate your computers, steal your identity, and grab your personal details.

Six databases that were owned by Friend Finder Networks, Inc. suffered a massive data breach in 2016, which cost 412 million users their accounts.

In this highly digital age, it is near impossible to erase all information online about yourself, but you can do a lot to remove online information and minimize your risk of identity theft or worse. 

The main difference between a credit freeze and credit lock is that while freezing your credit you restrict access to your credit report.