Cybersecurity News


Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”

There is a terrifying and highly effective "method" that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can't wait for a court order because it relates to an urgent matter of life and death.
29 March 2022

Exchange Servers Speared in IcedID Phishing Campaign

Exchange Servers Speared in IcedID Phishing Campaign The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.
29 March 2022

Transparent Tribe APT returns to strike India's government and military

The development of custom malware indicates the group is trying to "compromise even more victims."
29 March 2022

Ukraine destroys five bot farms that were spreading 'panic' among citizens

Over 100,000 fake accounts were allegedly used to spread misinformation about Russia's invasion.
29 March 2022

Log4Shell exploited to infect VMware Horizon servers with backdoors, crypto miners

Three backdoors and four miners have been detected in new attacks.
29 March 2022

Europe’s quest for energy independence – and how cyber‑risks come into play

Soaring energy prices and increased geopolitical tensions amid the Russian invasion of Ukraine bring a sharp focus on European energy security

The post Europe’s quest for energy independence – and how cyber‑risks come into play appeared first on WeLiveSecurity

29 March 2022

Okta Says It Goofed in Handling the Lapsus$ Attack

Okta Says It Goofed in Handling the Lapsus$ Attack "We made a mistake," Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers.
28 March 2022

Critical Sophos Security Bug Allows RCE on Firewalls

Critical Sophos Security Bug Allows RCE on Firewalls The security vendor's appliance suffers from an authentication-bypass issue.
28 March 2022

Hundreds more packages found in malicious npm 'factory'

Over 600 malicious packages were published in only five days.
28 March 2022

Sophos patches critical remote code execution vulnerability in Firewall

Sophos Firewall is a network protection solution for the enterprise market.
28 March 2022

Under the hood of Wslink’s multilayered virtual machine

ESET researchers describe the structure of the virtual machine used in samples of Wslink and suggest a possible approach to see through its obfuscation techniques

The post Under the hood of Wslink’s multilayered virtual machine appeared first on WeLiveSecurity

28 March 2022

DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector

DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
25 March 2022

Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison

An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of "cashing out" access to hacked bank accounts worldwide.
25 March 2022

Week in security with Tony Anscombe

ESET discovers Mustang Panda's Hodur trojan – Crypto malware targeting Android and iOS users alike – Nation-state digital deterrent

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

25 March 2022

UK police arrest seven individuals suspected of being hacking group members

The youngest suspect is 16 years old.
25 March 2022

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.
25 March 2022

Frosties NFT operators arrested over $1.1 million 'rug pull' scam

Investors hand over their cryptocurrency. Project developers vanish.
25 March 2022

Avast acquires SecureKey Technologies in authentication, identity management push

The Canadian company specializes in digital identity services.
25 March 2022

UK Cops Collar 7 Suspected Lapsus$ Gang Members

UK Cops Collar 7 Suspected Lapsus$ Gang Members London Police can't say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021.
24 March 2022

Microsoft Azure Developers Awash in PII-Stealing npm Packages

Microsoft Azure Developers Awash in PII-Stealing npm Packages A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.
24 March 2022