Cybersecurity News


An eighties classic – Zero Trust

A deep-dive in Zero-trust, to help you navigate in a zero-trust world and further secure your organization.

The post An eighties classic – Zero Trust appeared first on WeLiveSecurity

11 August 2022

Starlink Successfully Hacked Using $25 Modchip

Starlink Successfully Hacked Using $25 Modchip Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system
11 August 2022

New Hacker Forum Takes Pro-Ukraine Stance

New Hacker Forum Takes Pro-Ukraine Stance A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
11 August 2022

Cisco Confirms Network Breach Via Hacked Employee Google Account

Cisco Confirms Network Breach Via Hacked Employee Google Account Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.
11 August 2022

Fears for patient data after ransomware attack on NHS software supplier

Fears for patient data after ransomware attack on NHS software supplier

Attack being investigated for potential data theft as experts warn criminals could use stolen details as leverage

A ransomware attack on an NHS software supplier last week is being investigated for potential theft of patient data, as experts warned that criminals could use personal information as leverage in negotiations.

Advanced, which provides services for NHS 111 and patient records, said it was investigating “potentially impacted data” and that it would provide updates when it had more information about “potential data access or exfiltration”. The UK data watchdog confirmed it was aware of the incident and was “making inquiries.”

Continue reading...
11 August 2022

Podcast: Inside the Hackers’ Toolkit

Podcast: Inside the Hackers’ Toolkit This edition of the Threatpost podcast is sponsored by Egress.
11 August 2022

The Security Pros and Cons of Using Email Aliases

One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a "+" character after the username portion of your email address -- followed by a notation specific to the site you're signing up at -- lets you create an infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here's a look at the pros and cons of adopting a unique alias for each website.
10 August 2022

Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws

Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.
10 August 2022

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.
09 August 2022

Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs

Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program.
09 August 2022

Spyware is huge threat to global human rights and democracy, expert warns

Spyware is huge threat to global human rights and democracy, expert warns

Cybersecurity expert Ron Diebert to testify to Canadian MPs about troubling spread of invasive surveillance tools

The mercenary spyware industry represents “one of the greatest contemporary threats to civil society, human rights and democracy”, a leading cybersecurity expert warns, as countries grapple with the unregulated spread of powerful and invasive surveillance tools.

Ron Diebert, a political science professor at the university of Toronto and head of Citizen Lab, will testify in front of a Canadian parliamentary committee on Tuesday afternoon about the growing threat he and others believe the technology poses to citizens and democracies.

Continue reading...
09 August 2022

How to check if your PC has been hacked, and what to do next

Has your PC been hacked? Whatever happens, don’t panic. Read on for ten signs your PC has been hacked and handy tips on how to fix it.

The post How to check if your PC has been hacked, and what to do next appeared first on WeLiveSecurity

09 August 2022

How to find out if you are involved in a data breach -- and what to do next

Here's a guide highlighting the tools you can use to determine if your account is at risk.
08 August 2022

Phishers Swim Around 2FA in Coinbase Account Heists

Phishers Swim Around 2FA in Coinbase Account Heists Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds.
08 August 2022

Class Action Targets Experian Over Account Security

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts simply by signing up for new accounts using the victim’s personal information and a different email address.
05 August 2022

Open Redirect Flaw Snags Amex, Snapchat User Data

Open Redirect Flaw Snags Amex, Snapchat User Data Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.
05 August 2022

Develop a zero‑trust environment to protect your organization – Week in security with Tony Anscombe

Learn the basics of zero-trust, and how building a zero-trust environment can protect your organization.

The post Develop a zero‑trust environment to protect your organization – Week in security with Tony Anscombe appeared first on WeLiveSecurity

05 August 2022

Scammers Sent Uber to Take Elderly Lady to the Bank

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters.  In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.
04 August 2022

Don’t get singed by scammers while you’re carrying the torch for Tinder 

Are you on Tinder? With 75 million monthly active users, you might be able to find the right one. However there are also traps you need to look out for. Read more about catfishing, sextortion, phishing and other practices used by scammers.

The post Don’t get singed by scammers while you’re carrying the torch for Tinder  appeared first on WeLiveSecurity

04 August 2022

VMWare Urges Users to Patch Critical Authentication Bypass Bug

VMWare Urges Users to Patch Critical Authentication Bypass Bug Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
03 August 2022