Cybersecurity News
Lyceum APT Returns, This Time Targeting Tunisian Firms
The APT, which targets Middle-Eastern energy firms & telecoms, has been relatively quiet since its exposure but not entirely silent. It's kept up attacks through 2021 and is working on retooling its arsenal yet again.
A Guide to Doing Cyberintelligence on a Restricted Budget
Cybersecurity budget cuts are everywhere. Chad Anderson, senior security researcher at DomainTools, discusses alternatives to fancy tooling, and good human skills alignment.
At least 13 phone firms hit by suspected Chinese hackers since 2019, say experts
LightBasin hackers were able to obtain subscriber information and call metadata, says CrowdStrike
At least 13 phone companies around the world have been compromised since 2019 by sophisticated hackers who are believed to come from China, a cybersecurity expert group has said.
The roaming hackers – known as LightBasin – were able to “search and find” individual mobile phones and “target accordingly”, according to CrowdStrike, a group regularly cited by western intelligence.
Continue reading...Feds Warn BlackMatter Ransomware Gang is Poised to Strike
An advisory by the CISA, FBI and NSA reveals hallmark tactics of and shares defense tips against the cybercriminal group that’s picked up where its predecessor DarkSide left off.
FCC mulls over new rules demanding carriers block spam robot texts at network level
The proposal hones in on rising rates of robot texts.Twitter accounts linked to cyberattacks against security researchers suspended
North Korean hackers are luring professionals with "zero-day vulnerability hype."TA505 Gang Is Back With Newly Polished FlawedGrace RAT
TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.
Time to Build Accountability Back into Cybersecurity
Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing 'security champions' to help small businesses.
Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?
Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass.
Sinclair Confirms Ransomware Attack That Disrupted TV Stations
A major cyberattack resulted in data being stolen, too, but Sinclair's not sure which information is now in the hands of the crooks.
TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings
The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.
Request for Comments: PCI 3DS SDK and 3DS Core Security Standards
From 18 October to 17 November 2021, eligible PCI SSC stakeholders are invited to review and provide feedback on the currently published PCI 3DS SDK Security Standard and the PCI 3DS Core Security Standard during a 30-day request for comments (RFC) period. The full list of stakeholders eligible to participate can be found on the PCI SSC RFC webpage.
Twitter Suspends Accounts Used to Snare Security Researchers
The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea.
BlackByte ransomware decryptor released
The "odd" malware avoids systems based on Russian and ex-USSR languages.TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates
The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever.
Missouri Vows to Prosecute ‘Hacker’ Who Disclosed Data Leak
Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees.
Critical infrastructure security dubbed 'abysmal' by researchers
Researchers find that lax ICS security is putting critical services at risk of exploitation.Week in security with Tony Anscombe
Phishing and how to avoid taking the bait – Offboarding employees securely – Why old malware refuses to die
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Virus Bulletin: Old malware never dies – it just gets more targeted
Putting a precision payload on top of more generic malware makes perfect sense for malware operators
The post Virus Bulletin: Old malware never dies – it just gets more targeted appeared first on WeLiveSecurity
Rickroll Grad Prank Exposes Exterity IPTV Bug
IPTV and IP video security is increasingly under scrutiny, even by high school kids.