Cybersecurity News


APT Lazarus Targets Engineers with macOS Malware

APT Lazarus Targets Engineers with macOS Malware The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
17 August 2022

When Efforts to Contain a Data Breach Backfire

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.
16 August 2022

U.K. Water Supplier Hit with Clop Ransomware Attack

U.K. Water Supplier Hit with Clop Ransomware Attack The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
16 August 2022

DEF CON – “don’t worry, the elections are safe” edition

Don't worry, elections are safe. Our Security Researcher Cameron Camp provide us highlights from the DEF CON 30 conference.

The post DEF CON – “don’t worry, the elections are safe” edition appeared first on WeLiveSecurity

16 August 2022

Xiaomi Phone Bug Allowed Payment Forgery

Xiaomi Phone Bug Allowed Payment Forgery Mobile transactions could’ve been disabled, created and signed by attackers.
16 August 2022

How a spoofed email passed the SPF check and landed in my inbox

The Sender Policy Framework can’t help prevent spam and phishing if you allow billions of IP addresses to send as your domain

The post How a spoofed email passed the SPF check and landed in my inbox appeared first on WeLiveSecurity

16 August 2022

Black Hat and DEF CON Roundup

Black Hat and DEF CON Roundup ‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
15 August 2022

Black Hat USA 2022: Burnout, a significant issue

The digital skills gap, especially in cybersecurity, is not a new phenomenon. This problematic is now exacerbate by the prevalence of burnout, which was presented at Black Hat USA 2022

The post Black Hat USA 2022: Burnout, a significant issue appeared first on WeLiveSecurity

15 August 2022

Black Hat – Windows isn’t the only mass casualty platform anymore

Windows used to be the big talking point when it came to exploits resulting in mass casualties. Nowadays, talks turned to other massive attack platforms like #cloud and cars

The post Black Hat – Windows isn’t the only mass casualty platform anymore appeared first on WeLiveSecurity

15 August 2022

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.
12 August 2022

The potential consequences of data breach, and romance scams – Week in security with Tony Anscombe

The NHS was victim of a potential cyberattack, which raises the question of the impact of those data breach for the public.

The post The potential consequences of data breach, and romance scams – Week in security with Tony Anscombe appeared first on WeLiveSecurity

12 August 2022

Sounding the Alarm on Emergency Alert System Flaws

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System -- a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system.
12 August 2022

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’ Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.
12 August 2022

Black Hat 2022‑ Cyberdefense in a global threats era

Our Security evangelist's take on this first day of Black Hat 2022, where cyberdefense was on every mind.

The post Black Hat 2022‑ Cyberdefense in a global threats era appeared first on WeLiveSecurity

12 August 2022

Safety first: how to tweak the settings on your dating apps

Tinder, Bumble or Grindr - popular dating apps depend heavily on your location, personal data, and loose privacy settings. Find out how to put yourself out there safely by following our suggested settings tweaks.

The post Safety first: how to tweak the settings on your dating apps appeared first on WeLiveSecurity

12 August 2022

It Might Be Our Data, But It’s Not Our Breach

A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm's analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn't theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.
11 August 2022

An eighties classic – Zero Trust

A deep-dive in Zero-trust, to help you navigate in a zero-trust world and further secure your organization.

The post An eighties classic – Zero Trust appeared first on WeLiveSecurity

11 August 2022

Starlink Successfully Hacked Using $25 Modchip

Starlink Successfully Hacked Using $25 Modchip Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system
11 August 2022

New Hacker Forum Takes Pro-Ukraine Stance

New Hacker Forum Takes Pro-Ukraine Stance A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
11 August 2022

Cisco Confirms Network Breach Via Hacked Employee Google Account

Cisco Confirms Network Breach Via Hacked Employee Google Account Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.
11 August 2022