Cybersecurity News
PayPal Phishing Scam Uses Invoices Sent Via PayPal
Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives -- which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction -- state that the user's account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.Google Patches Chrome’s Fifth Zero-Day of the Year
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation of untrusted input in Intents,” […]
A step‑by‑step guide to enjoy LinkedIn safely
LinkedIn privacy settings are just as overwhelming as any other social media settings. There’s a lot of menus, a lot buttons to enable, select, accept or reject. To make sure you have control over your information we bring you a step-by-step guide on how to enjoy LinkedIn safely.
The post A step‑by‑step guide to enjoy LinkedIn safely appeared first on WeLiveSecurity
APT Lazarus Targets Engineers with macOS Malware
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
When Efforts to Contain a Data Breach Backfire
Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.U.K. Water Supplier Hit with Clop Ransomware Attack
The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
DEF CON – “don’t worry, the elections are safe” edition
Don't worry, elections are safe. Our Security Researcher Cameron Camp provide us highlights from the DEF CON 30 conference.
The post DEF CON – “don’t worry, the elections are safe” edition appeared first on WeLiveSecurity
Xiaomi Phone Bug Allowed Payment Forgery
Mobile transactions could’ve been disabled, created and signed by attackers.
How a spoofed email passed the SPF check and landed in my inbox
The Sender Policy Framework can’t help prevent spam and phishing if you allow billions of IP addresses to send as your domain
The post How a spoofed email passed the SPF check and landed in my inbox appeared first on WeLiveSecurity
Black Hat and DEF CON Roundup
‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
Black Hat USA 2022: Burnout, a significant issue
The digital skills gap, especially in cybersecurity, is not a new phenomenon. This problematic is now exacerbate by the prevalence of burnout, which was presented at Black Hat USA 2022
The post Black Hat USA 2022: Burnout, a significant issue appeared first on WeLiveSecurity
Black Hat – Windows isn’t the only mass casualty platform anymore
Windows used to be the big talking point when it came to exploits resulting in mass casualties. Nowadays, talks turned to other massive attack platforms like #cloud and cars
The post Black Hat – Windows isn’t the only mass casualty platform anymore appeared first on WeLiveSecurity
Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics
The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.
The potential consequences of data breach, and romance scams – Week in security with Tony Anscombe
The NHS was victim of a potential cyberattack, which raises the question of the impact of those data breach for the public.
The post The potential consequences of data breach, and romance scams – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Sounding the Alarm on Emergency Alert System Flaws
The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System -- a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system.Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’
Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.
Black Hat 2022‑ Cyberdefense in a global threats era
Our Security evangelist's take on this first day of Black Hat 2022, where cyberdefense was on every mind.
The post Black Hat 2022‑ Cyberdefense in a global threats era appeared first on WeLiveSecurity
Safety first: how to tweak the settings on your dating apps
Tinder, Bumble or Grindr - popular dating apps depend heavily on your location, personal data, and loose privacy settings. Find out how to put yourself out there safely by following our suggested settings tweaks.
The post Safety first: how to tweak the settings on your dating apps appeared first on WeLiveSecurity
It Might Be Our Data, But It’s Not Our Breach
A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm's analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn't theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.An eighties classic – Zero Trust
A deep-dive in Zero-trust, to help you navigate in a zero-trust world and further secure your organization.
The post An eighties classic – Zero Trust appeared first on WeLiveSecurity