Cybersecurity News
Booking your next holiday? Watch out for these Airbnb scams
With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation.
The post Booking your next holiday? Watch out for these Airbnb scams appeared first on WeLiveSecurity
Podcast: Why Securing Active Directory Is a Nightmare
Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam.
Enterprise data breach cost reached record high during COVID-19 pandemic
IBM research estimates that the average data breach now costs upward of $4 million.No More Ransom Saves Victims Nearly €1 Over 5 Years
No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich.
Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS
The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products.
The post Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS appeared first on WeLiveSecurity
Zimbra Server Bugs Could Lead to Email Plundering
Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email.
Back-to-Basics: Use Strong Passwords
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on using strong passwords.
Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers
The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP.
Apple Patches Actively Exploited Zero-Day in iOS, MacOS
Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system.
Malware developers turn to 'exotic' programming languages to thwart researchers
They are focused on exploiting pain points in code analysis and reverse-engineering.Podcast: IoT Piranhas Are Swarming Industrial Controls
Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure.
Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn
A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin.
Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC
Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked.
PlugwalkJoe Does the Perp Walk
One day after last summer's mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph "PlugwalkJoe" O'Connor appeared to have been involved in the incident. When the Justice Department last week announced O'Connor's arrest and indictment, his alleged role in the Twitter compromise was well covered in the media. But most of the coverage so far seem to have overlooked the far more sinister criminal charges in the indictment, which involve an underground scene wherein young men turn to extortion, sextortion, SIM swapping, death threats and physical attacks -- all in a bid to seize control over highly-prized social media accounts.Malware Makers Using ‘Exotic’ Programming Languages
Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection.
The True Impact of Ransomware Attacks
Keeper’s research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations.
Twitter handle swatter jailed after victim dies following home raid
The 60-year-old victim's daughter believes he was "scared to death."WhatsApp chief says government officials, US allies targeted by Pegasus spyware
The officials were allegedly targeted in attacks dating back to 2019.Officials who are US allies among targets of NSO malware, says WhatsApp chief
Will Cathcart claims government officials around the world among 1,400 WhatsApp users targeted in 2019
Senior government officials around the world – including individuals in high national security positions who are “allies of the US” – were targeted by governments with NSO Group spyware in a 2019 attack against 1,400 WhatsApp users, according to the messaging app’s chief executive.
Will Cathcart disclosed the new details about individuals who were targeted in the attack after revelations this week by the Pegasus project, a collaboration of 17 media organisations which investigated NSO, the Israeli company that sells its powerful surveillance software to government clients around the world.
What is in the data leak?
Related: How does Apple technology hold up against NSO spyware?
Continue reading...Discord CDN and API Abuses Drive Wave of Malware Detections
Targets of Discord malware expand far beyond gamers.
