Cybersecurity News


Booking your next holiday? Watch out for these Airbnb scams

With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation.

The post Booking your next holiday? Watch out for these Airbnb scams appeared first on WeLiveSecurity

28 July 2021

Podcast: Why Securing Active Directory Is a Nightmare

Podcast: Why Securing Active Directory Is a Nightmare Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam.
28 July 2021

Enterprise data breach cost reached record high during COVID-19 pandemic

IBM research estimates that the average data breach now costs upward of $4 million.
28 July 2021

No More Ransom Saves Victims Nearly €1 Over 5 Years

No More Ransom Saves Victims Nearly €1 Over 5 Years No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich.
27 July 2021

Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS

The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products.

The post Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS appeared first on WeLiveSecurity

27 July 2021

Zimbra Server Bugs Could Lead to Email Plundering

Zimbra Server Bugs Could Lead to Email Plundering Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email.
27 July 2021

Back-to-Basics: Use Strong Passwords

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on using strong passwords.

27 July 2021

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP.
27 July 2021

Apple Patches Actively Exploited Zero-Day in iOS, MacOS

Apple Patches Actively Exploited Zero-Day in iOS, MacOS Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system.
27 July 2021

Malware developers turn to 'exotic' programming languages to thwart researchers

They are focused on exploiting pain points in code analysis and reverse-engineering.
27 July 2021

Podcast: IoT Piranhas Are Swarming Industrial Controls

Podcast: IoT Piranhas Are Swarming Industrial Controls Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure.
26 July 2021

Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn

Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin.
26 July 2021

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked.
26 July 2021

PlugwalkJoe Does the Perp Walk

One day after last summer's mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph "PlugwalkJoe" O'Connor appeared to have been involved in the incident. When the Justice Department last week announced O'Connor's arrest and indictment, his alleged role in the Twitter compromise was well covered in the media. But most of the coverage so far seem to have overlooked the far more sinister criminal charges in the indictment, which involve an underground scene wherein young men turn to extortion, sextortion, SIM swapping, death threats and physical attacks -- all in a bid to seize control over highly-prized social media accounts.
26 July 2021

Malware Makers Using ‘Exotic’ Programming Languages

Malware Makers Using ‘Exotic’ Programming Languages Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection.
26 July 2021

The True Impact of Ransomware Attacks

The True Impact of Ransomware Attacks Keeper’s research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations.
26 July 2021

Twitter handle swatter jailed after victim dies following home raid

The 60-year-old victim's daughter believes he was "scared to death."
26 July 2021

WhatsApp chief says government officials, US allies targeted by Pegasus spyware

The officials were allegedly targeted in attacks dating back to 2019.
26 July 2021

Officials who are US allies among targets of NSO malware, says WhatsApp chief

Officials who are US allies among targets of NSO malware, says WhatsApp chief

Will Cathcart claims government officials around the world among 1,400 WhatsApp users targeted in 2019

Senior government officials around the world – including individuals in high national security positions who are “allies of the US” – were targeted by governments with NSO Group spyware in a 2019 attack against 1,400 WhatsApp users, according to the messaging app’s chief executive.

Will Cathcart disclosed the new details about individuals who were targeted in the attack after revelations this week by the Pegasus project, a collaboration of 17 media organisations which investigated NSO, the Israeli company that sells its powerful surveillance software to government clients around the world.

What is in the data leak?

Related: How does Apple technology hold up against NSO spyware?

Continue reading...
24 July 2021

Discord CDN and API Abuses Drive Wave of Malware Detections

Discord CDN and API Abuses Drive Wave of Malware Detections Targets of Discord malware expand far beyond gamers.
23 July 2021