1. Nmap Online
  2. Cybersecurity News

Cybersecurity News

Week in security with Tony Anscombe

The Kaseya VST supply-chain attack impacts hundreds of companies – ESET discovers a new version of Bandook malware – How the ransomware business model works

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

09 July 2021

Lazarus Targets Job-Seeking Engineers with Malicious Documents

Lazarus Targets Job-Seeking Engineers with Malicious Documents Notorious North Korean APT impersonates Airbus, General Motors and Rheinmetall to lure potential victims into downloading malware.
09 July 2021

Scam artists exploit Kaseya security woes to deploy malware

The company is being impersonated in the fallout of a recent ransomware attack.
09 July 2021

Texas resident jailed for role in $2.2 million romance, business email scams

The Nigerian national will spend over seven years behind bars.
09 July 2021

Morgan Stanley Discloses Data Breach

Attackers were able to compromise customers' personal data by targeting the Accellion FTA server of a third-party vendor.
08 July 2021

Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign

Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign A global effort to steal information from energy companies is using sophisticated social engineering to deliver Agent Tesla and other RATs.
08 July 2021

New WildPressure Malware Capable of Targeting Windows and MacOS

The Trojan sends information back to the attackers' servers about the programming language of a target device.
08 July 2021

Coursera Flunks API Security Test in Researchers’ Exam

Coursera Flunks API Security Test in Researchers’ Exam The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data.
08 July 2021

How Fake Accounts and Sneaker-Bots Took Over the Internet

How Fake Accounts and Sneaker-Bots Took Over the Internet Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis.
08 July 2021

Microsoft issues patch to fix PrintNightmare zero‑day bug

The out-of-band update fixes a remote code execution flaw affecting the Windows Print Spooler service

The post Microsoft issues patch to fix PrintNightmare zero‑day bug appeared first on WeLiveSecurity

08 July 2021

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya's customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.
08 July 2021

Kaseya Hacked via Authentication Bypass

The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar -- but good authentication practices are also imperative.
08 July 2021

The NSA's 'New' Mission: Get More Public With the Private Sector

The National Security Agency's gradual emergence from the shadows was "inevitable" in cybersecurity, says Vinnie Liu, co-founder and CEO of offensive security firm Bishop Fox and a former NSA analyst. Now the agency has to figure out how to best work with the private sector, especially organizations outside the well-resourced and seasoned Fortune 100.
08 July 2021

Ransomware as a service: Negotiators are now in high demand

RaaS groups are hiring negotiators whose primary role is to force victims to pay up.
08 July 2021

What Colonial Pipeline Means for Commercial Building Cybersecurity

Banks and hospitals may be common targets, but now commercial real estate must learn to protect itself against stealthy hackers.
08 July 2021

Coursera API vulnerabilities disclosed by researchers

Coursera took “prompt ownership” of the bugs, once reported.
08 July 2021

170 Android cryptocurrency mining scam apps have stolen $350,000 from users

Users are paying up in the belief they are mining cryptocurrency. In reality, they get nothing.
08 July 2021

Ransomware: To pay or not to pay? Legal or illegal? These are the questions …

Caught between a rock and a hard place, many ransomware victims cave in to extortion demands. Here’s what might change the calculus.

The post Ransomware: To pay or not to pay? Legal or illegal? These are the questions … appeared first on WeLiveSecurity

08 July 2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.
07 July 2021

Fake Android Apps Promise Cryptomining Services to Steal Funds

Researchers discover more than 170 Android apps that advertise cloud cryptocurrency mining services and fail to deliver.
07 July 2021