Cybersecurity News


NPM Package Steals Passwords via Chrome’s Account-Recovery Tool

NPM Package Steals Passwords via Chrome’s Account-Recovery Tool In another vast software supply-chain attack, the password-stealer is filching credentials from Chrome on Windows systems.
21 July 2021

Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say

Indictments, Attribution Unlikely to Deter Chinese Hacking, Researchers Say Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change.
21 July 2021

Request for Comments: PCI Card Production and Provisioning v3 Draft Standard


From 21 July to 20 August, PCI SSC stakeholders can participate in a Request for Comments (RFC) on PCI Card Production and Provisioning v3 Draft Standard. 

21 July 2021

Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows

Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows Misconfigured permissions for Argo's web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers.
21 July 2021

French Launch NSO Probe After Macron Believed Spyware Target

French Launch NSO Probe After Macron Believed Spyware Target Fourteen world leaders were among those found on list of NSO believed targets for its Pegasus spyware.
21 July 2021

Tracking Malware and Ransomware Domains in 2021

Tracking Malware and Ransomware Domains in 2021 Ransomware is the threat of 2021. It’s impacting everything from large enterprises, hospitals, to other aspects of our critical infrastructure. Here, we’ll take a look at actual malware domain traffic and how it correlates to ransomware attacks in the news.
21 July 2021

MacOS Being Picked Apart by $49 XLoader Data Stealer

MacOS Being Picked Apart by $49 XLoader Data Stealer Cheap, easy & prolific, the new version of the old FormBook form-stealer and keylogger has added Mac users to its hit list, and it’s selling like hotcakes.
21 July 2021

$49 malware receives major upgrade to strike both Windows and macOS PCs

The new family stems from Formbook, an old but prevalent malware strain.
21 July 2021

Joker billing fraud malware found in Google Play Store

The Android malware circumvented security controls by using short URL tricks.
21 July 2021

Spam Kingpin Peter Levashov Gets Time Served

A federal judge in Connecticut today handed down a sentence of time served to spam kingpin Peter “Severa” Levashov, a prolific purveyor of malicious and junk email, and the creator of malware strains that infected millions of Microsoft computers globally. Levashov has been in federal custody since his extradition to the United States and guilty plea in 2018, and was facing up to 12 more years in prison. Instead, he will go free under three years of supervised release and a possible fine.
20 July 2021

Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability

Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability Our roundtable of experts weighs in on implications for Apple and lawmakers in the wake of the bombshell report showing widespread surveillance of dissidents, journalists and others.
20 July 2021

Back-to-Basics: Reduce Where Payment Data Can Be Found

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on reducing where payment data can be found.

20 July 2021

Law Firm to the Fortune 500 Breached with Ransomware

Law Firm to the Fortune 500 Breached with Ransomware Deep-pocketed clients' customers & suppliers could be in the attacker's net, with potential PII exposure from an A-list clientele such as Apple, Boeing and IBM.
20 July 2021

Why Your Business Needs a Long-Term Remote Security Strategy

Why Your Business Needs a Long-Term Remote Security Strategy Chris Hass, director of information security and research at Automox, discusses the future of work: A hybrid home/office model that will demand new security approaches.
20 July 2021

16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines

16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode.
20 July 2021

A New Security Paradigm: External Attack Surface Management

A New Security Paradigm: External Attack Surface Management Advanced EASM solutions are crucial to automating the discovery of the downstream third-party (or fourth-party, or fifth-party, etc.) IT infrastructures that your organization is exposed to, and may be vulnerable to attack, posing a critical risk for your organization.
20 July 2021

MosaicLoader Malware Delivers Facebook Stealers, RATs

MosaicLoader Malware Delivers Facebook Stealers, RATs The newly documented code is a full-service malware-delivery threat that's spreading indiscriminately globally through paid search ads.
20 July 2021

Some URL shortener services distribute Android malware, including banking or SMS trojans

On iOS we have seen link shortener services pushing spam calendar files to victims’ devices.

The post Some URL shortener services distribute Android malware, including banking or SMS trojans appeared first on WeLiveSecurity

20 July 2021

HP patches vulnerable driver lurking in printers for 16 years

Cyberattackers could exploit the bug to secure system-level privileges.
20 July 2021

Microsoft heads to court to take on imposter, homoglyph domains

Fake domains impersonating Microsoft are a thorn not only in the company's side but in that of its customers.
20 July 2021