Cybersecurity News


TeamTNT’s New Tools Target Multiple OS

TeamTNT’s New Tools Target Multiple OS The attackers are indiscriminately striking thousands of victims worldwide with their new “Chimaera” campaign.
08 September 2021

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Microsoft Corp. warned Tuesday that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.
08 September 2021

Pro-Chinese government propaganda campaign spurs on COVID-19 protests in the US

The campaign is far more extensive than previously thought.
08 September 2021

Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows

Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files.
08 September 2021

Operation Chimaera: TeamTNT hacking group strikes thousands of victims worldwide

The cybercriminals are now indiscriminate in the operating systems they attack.
08 September 2021

BladeHawk attackers spy on Kurds with fake Android apps

Facebook is being abused to spread surveillanceware focused on the Kurdish ethnic group.
08 September 2021

Ragnar Locker Gang Warns Victims Not to Call the FBI

Ragnar Locker Gang Warns Victims Not to Call the FBI Investigators/the FBI/ransomware negotiators just screw everything up, the ransomware gang said, threatening to publish files if victims look for help.
07 September 2021

Netgear Smart Switches Open to Complete Takeover

Netgear Smart Switches Open to Complete Takeover The Demon's Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks.
07 September 2021

Back-to-Basics: Choose Trusted Partners

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on choosing trusted partners.

07 September 2021

Jenkins Hit as Atlassian Confluence Cyberattacks Widen

Jenkins Hit as Atlassian Confluence Cyberattacks Widen Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed.
07 September 2021

ProtonMail Forced to Log IP Address of French Activist

ProtonMail Forced to Log IP Address of French Activist The privacy-touting, end-to-end encrypted email provider erased its site's “we don’t log your IP” boast after France sicced Swiss cops on it.
07 September 2021

ProtonMail forced to log user’s IP address after an order from Swiss authorities

Following the incident the company has updated its website and privacy policy to clarify its legal obligations to its userbase

The post ProtonMail forced to log user’s IP address after an order from Swiss authorities appeared first on WeLiveSecurity

07 September 2021

Authorities Arrest Another TrickBot Gang Member in South Korea

Authorities Arrest Another TrickBot Gang Member in South Korea A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.
07 September 2021

BladeHawk group: Android espionage against Kurdish ethnic group

ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group, and that has been active since at least March 2020.

The post BladeHawk group: Android espionage against Kurdish ethnic group appeared first on WeLiveSecurity

07 September 2021

Holy Grail of Security: Answers to ‘Did XYZ Work?’ – Podcast

Holy Grail of Security: Answers to ‘Did XYZ Work?’ – Podcast Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to "What are we doing right?" instead of the constant reminders of what's not working in fending off threats.
07 September 2021

“FudCo” Spam Empire Tied to Pakistani Software Firm

In May 2015, KrebsOnSecurity briefly profiled "The Manipulaters," the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers.
06 September 2021

Human Fraud: Detecting Them Before They Detect You

Human Fraud: Detecting Them Before They Detect You Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack.
06 September 2021

IoT Attacks Skyrocket, Doubling in 6 Months

IoT Attacks Skyrocket, Doubling in 6 Months The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.
06 September 2021

This is the perfect ransomware victim, according to cybercriminals

An investigation into what ransomware groups want has painted the picture of the perfect target.
06 September 2021

Apple slams the brakes on plans to scan user images for child abuse content

Backlash stemming from privacy concerns has delayed the rollout.
06 September 2021