Cybersecurity News


Cryptocurrency: secure or not? – Week in security with Tony Anscombe

When you hear the term ‘cryptocurrency’, does ‘secure’ also spring to mind? Here are some implications of the lack of sound security practices in the world of crypto.

The post Cryptocurrency: secure or not? – Week in security with Tony Anscombe appeared first on WeLiveSecurity

20 May 2022

Sandworm uses a new version of ArguePatch to attack targets in Ukraine

ESET researchers spot an updated version of the malware loader used in the Industroyer2 and CaddyWiper attacks

The post Sandworm uses a new version of ArguePatch to attack targets in Ukraine appeared first on WeLiveSecurity

20 May 2022

Closing the Gap Between Application Security and Observability

Closing the Gap Between Application Security and Observability Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell. 
20 May 2022

380K Kubernetes API Servers Exposed to Public Internet

380K Kubernetes API Servers Exposed to Public Internet More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.
20 May 2022

Fake domains offer Windows 11 installers - but deliver malware instead

Be careful what you are downloading - these files deliver the Vidar infostealer.
20 May 2022

Cyberattacks and misinformation activity against Ukraine continues say security researchers

Malware and fake news continues, says Mandiant.
19 May 2022

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover

Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.
19 May 2022

This Russian botnet does far more than DDoS attacks - and on a massive scale

Operators can track social media trends and tailor their propaganda to suit.
19 May 2022

The flip side of the coin: Why crypto is catnip for criminals

Cybercriminals continue to mine for opportunities in the crypto space – here's what you should know about coin-mining hacks and crypto theft

The post The flip side of the coin: Why crypto is catnip for criminals appeared first on WeLiveSecurity

19 May 2022

Senators Urge FTC to Probe ID.me Over Selfie Data

Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for "deceptive statements" the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service, which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me.
18 May 2022

DOJ Says Doctor is Malware Mastermind

DOJ Says Doctor is Malware Mastermind The U.S. Department of Justice indites middle-aged doctor, accusing him of being a malware mastermind.
18 May 2022

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days

APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.
18 May 2022

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell

April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.
18 May 2022

Fake news – why do people believe it?

In the age of the perpetual news cycle and digital media, the risks that stem from the fake news problem are all too real

The post Fake news – why do people believe it? appeared first on WeLiveSecurity

18 May 2022

Wizard Spider hackers hire cold callers to scare ransomware victims into paying up

Researchers believe the group has millions of dollars in assets.
18 May 2022

When Your Smart ID Card Reader Comes With Malware

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder's appropriate security level. But many government employees aren't issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here's one example.
17 May 2022

Sysrv-K Botnet Targets Windows, Linux

Sysrv-K Botnet Targets Windows, Linux Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.
17 May 2022

iPhones Vulnerable to Attack Even When Turned Off

iPhones Vulnerable to Attack Even When Turned Off Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.
17 May 2022

Paving the Way: Inspiring Women in Payments - A Q&A featuring Jennifer Boyd

 

When Jennifer Boyd started her career in Information Technology many years ago, she was one of only a few women in her department. At that time, like in many other professions, technology was perceived as more of a gender-specific role. In this edition of our blog, Jennifer explains how she pursued the career she loved despite the challenges, and why she believes more women will be encouraged to join the industry as they see other women simply leading by example.

16 May 2022

Are period tracking apps safe?

Opinion: The convenience isn't worth the risk.
16 May 2022