Major Vulnerabilities in Top Free Android VPN Apps Let Hackers Stealing Passwords, Photos, Messages From 120 Million Users

From gbhackers.com

Major Vulnerabilities in Top Free Android VPN Apps Let Hackers Stealing Passwords, Photos, Messages From 120 Million Users

Researchers discovered major vulnerabilities in several Free VPN apps for Android that allow attackers to perform dangerous Man-in-the-Middle Attacks and steal usernames, passwords, photos, videos, messages and more.

There are several VPN’s caught in this list that downloaded more than 120 million times from Google Play and the Free VPN called SuperVPN alone downloaded 100 million times.

Read more…

Coom ransomware is the threat that sets the ransom note as lock screens and desktop when the ransom note text file is red

From 2-spyware.com

Coom ransomware

Coom ransomware is the cryptovirus that gets released on the system to encrypt common files and make them useless. Developers designed the threat to then release a ransom note READ_IT.txt that directly states what the victim should do next – pay at least 0.015BTC., the ransom can differ from victim to victim, depending on the target and the value of stored and affected files. The particular file is not displaying much information, only stating that the person needs to pay to get those files unlocked and how to obtain Bitcoins for the payment. There is no contact information that could help to communicate with virus developers, so victims have not many options. 

Read more…

Clear your iPhone from malicious attacks – calendar spam that tries to catch the eye of an iPhone user

From 2-spyware.com

Clear your iPhone from malicious attacks spam

Clear your iPhone from malicious attacks is a rogue notification that appears on the Apple mobile phone’s calendar. The potentially unwanted program, mostly, adware that enters the targeted device hacks the person’s calendar and includes suspicious virus warnings, news reports, and fake prize claims as events. According to research, Clear your iPhone from malicious attacks Calendar spam mostly appears on iPhone devices and because of this it refers to the iPhone virus category but might also be able to enter other operating systems such as Windows or Mac.

Read more…

The MITRE ATT&CK Framework: Impact

From tripwire.com

IMPACT

Not all attackers are trying to exfiltrate data. In security, we’re all familiar with CIA triad—confidentiality, availability, and integrity. While Exfiltration describes adversarial behavior with the goal of violating confidentiality, attackers may look to manipulate, interrupt, or destroy your systems and data. The Impact tactic describes techniques that adversaries use to compromise the availability or integrity of your systems and data. This tactic was introduced to capture disruptive behavior such as ransomware, denial of service, and other destructive enterprise attacks that aren’t captured by the other ATT&CK tactics.

Read more…

Quick look at a couple of current online scam campaigns

From isc.sans.edu

Since I was exposed to three different online scam campaigns in the last three weeks, without having to go out and search for them, I thought that today might be a good time to take a look at how some of the current online scams work.

All of the campaigns we’ll mention seemed to target people in the Czech Republic, although not exclusively, as one of the landing pages I found had at least 20 different regional variants set up for countries from all over the world. In cases where I was unable to find an English version of a page, I had Chrome translate it – the results are not always pretty, but should be sufficient for our purposes.

Read more…

PayPal accounts are getting abused en-masse for unauthorized payments

From zdnet.com

paypal-gpay.png

Hackers have found a bug in PayPal’s Google Pay integration and are now using it to buy products online and incur unauthorized charges to PayPal accounts.

Since last Friday, users have reported seeing mysterious transactions pop up in their PayPal history as originating from their Google Pay account.

Read more…