Cybersecurity News
Malicious npm Code Packages Built for Hijacking Discord Servers
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.
Moobot Botnet Chews Up Hikvision Surveillance Systems
Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned.
Not with a Bang but a Whisper: The Shift to Stealthy C2
DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike's arsenal.
Critical SonicWall VPN Bugs Allow Complete Appliance Takeover
Unauthenticated, remote attackers can achieve root-level RCE on SMA 100-series appliances.
AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK
Researchers have found a number of high-security vulnerabilities in a library created by network virtualization firm Eltima, that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, among others: all apps that enable remote desktop access by using the Eltima software […]
Emotet’s Behavior & Spread Are Omens of Ransomware Attacks
The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.
Windows 10 Drive-By RCE Triggered by Default URI Handler
There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.
Windows 10 Drive-By RCE Triggered by Default URI Handler
There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.
When Scammers Get Scammed, They Take It to Cybercrime Court
Underground arbitration system settles disputes between cybercriminals.
Paving the way: Inspiring Women in Payments - A Q&A featuring Jessica Smith
With inspiration from her family of engineers, Jessica Smith was raised to approach problem-solving with curiosity, critical thinking, and creativity. These skillsets have helped her to pivot in a career path that started in photography, developed into finance and auditing, and now focuses on information security standards and compliance for the payments industry. In this edition of our blog, Jessica explains that working for a company that encourages the exploration of new skills and cross-training, including harnessing the power of mentorship programs, can make all the difference in one’s success.
Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators
The malware's unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.
SolarWinds Attackers Spotted Using New Tactics, Malware
One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.
5 common gift card scams and how to spot them
It often pays to look a gift horse in the mouth – recognizing these types of gift card fraud will go a long way toward helping you stay safe from this growing threat not just this holiday season
The post 5 common gift card scams and how to spot them appeared first on WeLiveSecurity
Crypto-Exchange BitMart to Pay Users for $200M Theft
BitMart confirmed it had been drained of ~$150 million in cryptocurrency assets, but a blockchain security firm said it's closer to $200 million.
Are You Guilty of These 8 Network-Security Bad Practices?
Tony Lauro, director of Security Technology & Strategy at Akamai, discusses VPNs, RDP, flat networks, BYOD and other network-security bugbears.
Cyber Command Publicly Joins Fight Against Ransomware Groups
U.S. military acknowledges targeting cybercriminals who launch attacks on U.S. companies.
Cuba Ransomware Gang Hauls in $44M in Payouts
The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned.
Pegasus Spyware Infects U.S. State Department iPhones
It's unknown who's behind the cyberattacks against at least nine employees' iPhones, who are all involved in Ugandan diplomacy.
Apache Kafka Cloud Clusters Expose Sensitive Data for Large Companies
The culprit is misconfigured Kafdrop interfaces, used for centralized management of the open-source platform.
What are buffer overflow attacks and how are they thwarted?
Ever since the Morris worm, buffer overflows have become notorious fare in the world of vulnerabilities
The post What are buffer overflow attacks and how are they thwarted? appeared first on WeLiveSecurity