Cybersecurity News


US gov’t warns against paying off ransomware attackers

Companies facilitating ransomware payments run the risk of facing stern penalties for violating US regulations

The post US gov’t warns against paying off ransomware attackers appeared first on WeLiveSecurity

06 October 2020

Grindr’s Bug Bounty Pledge Doesn’t Translate to Security

Grindr’s Bug Bounty Pledge Doesn’t Translate to Security At SAS@Home, Luta Security CEO Katie Moussouris stressed that bug bounty programs aren't a 'silver bullet' for security teams.
06 October 2020

New HEH botnet can wipe routers and IoT devices

The disk-wiping feature is present in the code but has not been used yet.
06 October 2020

Male Chastity Device Comes with Massive Security Flaws

Male Chastity Device Comes with Massive Security Flaws Smart sex toy vulnerable to hacks, researchers say -- which could expose users’ most sensitive bits (of data) to cybercriminals.
06 October 2020

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack The Magecart spinoff group targeted the wireless service provider in an odd choice of victim.
06 October 2020

Women in Payments: Q&A with Diana Greenhaw

 

Protecting data is everyone’s responsibility, according to Diana Greenhaw who followed a nontraditional path into the security space. In this month’s blog series, Greenhaw explains why you don’t have to be an information technology expert to work in cybersecurity.

06 October 2020

Chrome 86 released with password-related security improvements

The new Native File System API now also lets websites to interact with any file or folder stored on the user's local disk.
06 October 2020

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.
06 October 2020

COVID-19 Clinical Trials Slowed After Ransomware Attack

COVID-19 Clinical Trials Slowed After Ransomware Attack The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest a nation-state actor could be behind the incident.
06 October 2020

APT Attack Injects Malware into Windows Error Reporting

APT Attack Injects Malware into Windows Error Reporting The fileless attack uses a phishing campaign that lures victims with information about a worker’s compensation claim.
06 October 2020

Unpatched Apple T2 Chip Flaw Plagues Macs

Unpatched Apple T2 Chip Flaw Plagues Macs A researcher claims that the issue can be exploited by attackers in order to gain root access.
06 October 2020

Had your face stolen lately?

It’s easy to reset your password or PIN after a data breach. But reset your face? Not so much.

The post Had your face stolen lately? appeared first on WeLiveSecurity

06 October 2020

Post Grid WordPress Plugin Flaws Allow Site Takeovers

Post Grid WordPress Plugin Flaws Allow Site Takeovers Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs -- together they have 66,000 installs.
05 October 2020

Black-T Malware Emerges From Cryptojacker Group TeamTNT

Black-T Malware Emerges From Cryptojacker Group TeamTNT The cryptojacking malware variant builds on the TeamTNT group’s typical approach, with a few new — and sophisticated — extras.
05 October 2020

Malware Families Turn to Legit Pastebin-Like Service

Malware Families Turn to Legit Pastebin-Like Service AgentTesla, LimeRAT, W3Cryptolocker and Redline Stealer are now using Paste.nrecom in spear-phishing attacks.
05 October 2020

Rare Bootkit Malware Targets North Korea-Linked Diplomats

Rare Bootkit Malware Targets North Korea-Linked Diplomats The MosaicRegressor espionage framework is newly discovered and appears to be the work of Chinese-speaking actors.
05 October 2020

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its denial-of-service functions.
05 October 2020

Video-Game Piracy Group ‘Team Xecuter’ Leaders in Custody

Video-Game Piracy Group ‘Team Xecuter’ Leaders in Custody The two alleged leaders of Team Xecuter targeted popular consoles like the Nintendo Switch, the Sony PlayStation Classic and Microsoft Xbox.
05 October 2020

Four npm packages found uploading user details on a GitHub page

Collected information included IP address, country, city, computer username, home directory path, and CPU model.
05 October 2020

5 steps to secure your connected devices

As we steadily adopt smart devices into our lives, we shouldn’t forget about keeping them secured and our data protected

The post 5 steps to secure your connected devices appeared first on WeLiveSecurity

05 October 2020