Cybersecurity News


Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
24 September 2021

New Guidelines on Remote Assessments


Today, the Council has published “PCI SSC Remote Assessment Guidelines and Procedures”. These Guidelines define the principles and procedures for the appropriate use of remote assessments for PCI SSC standards when an onsite assessment is not possible. Here we interview Emma Sutcliffe, SVP Standards Officer on how the industry can use these guidelines to support secure remote assessment practices.

24 September 2021

TangleBot Malware Reaches Deep into Android Device Functions

TangleBot Malware Reaches Deep into Android Device Functions The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others.
24 September 2021

Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN

Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN Unauthenticated cyberattackers can also wreak havoc on networking device configurations.
24 September 2021

Week in security with Tony Anscombe

ESET unmasks FamousSparrow APT group – Stopping cloud data leaks – European cybercrime ring busted

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

24 September 2021

Apple Patches 3 More Zero-Days Under Active Attack

Apple Patches 3 More Zero-Days Under Active Attack One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.
24 September 2021

FBI arrests 75-year-old for allegedly placing pipe bombs outside phone, carrier stores

The suspect was reportedly upset over handsets being used to spread "immoral content."
24 September 2021

REvil Affiliates Confirm: Leadership Were Cheating Dirtbags

REvil Affiliates Confirm: Leadership Were Cheating Dirtbags After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court."
23 September 2021

5 Tips for Achieving Better Cybersecurity Risk Management

5 Tips for Achieving Better Cybersecurity Risk Management Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively.
23 September 2021

100M IoT Devices Exposed By Zero-Day Bug

100M IoT Devices Exposed By Zero-Day Bug A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.
23 September 2021

Bug in macOS Finder allows remote code execution

While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented

The post Bug in macOS Finder allows remote code execution appeared first on WeLiveSecurity

23 September 2021

FamousSparrow APT Wings in to Spy on Hotels, Governments

FamousSparrow APT Wings in to Spy on Hotels, Governments A custom "SparrowDoor" backdoor has allowed the attackers to collect data from targets around the globe.
23 September 2021

Lawsuits, Indictments Revive Trump-Alfa Bank Story

In October 2016, media outlets reported that data collected by some of the world's most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia's largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as well as a series of lawsuits and investigations that culminated last week with the indictment of the same former federal cybercrime prosecutor who brought the data to the attention of the FBI five years ago.
23 September 2021

Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police

Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.
23 September 2021

Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products

Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid.
23 September 2021

Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API

Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API Domain names are often brands' most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection.
23 September 2021

Large-Scale Phishing-as-a-Service Operation Exposed

Large-Scale Phishing-as-a-Service Operation Exposed Discovery of BulletProofLink—which provides phishing kits, email templates, hosting and other tools—sheds light on how wannabe cybercriminals can get into the business.
23 September 2021

New advanced hacking group targets governments, engineers worldwide

The APT was one of many groups that took part in the Microsoft Exchange Server hacks.
23 September 2021

FamousSparrow: A suspicious hotel guest

Yet another APT group that exploited the ProxyLogon vulnerability in March 2021

The post FamousSparrow: A suspicious hotel guest appeared first on WeLiveSecurity

23 September 2021

Crystal Valley Farm Coop Hit with Ransomware

Crystal Valley Farm Coop Hit with Ransomware It's the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure.
22 September 2021