Cybersecurity News


PayPal Phishing Scam Uses Invoices Sent Via PayPal

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives -- which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction -- state that the user's account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.
18 August 2022

Google Patches Chrome’s Fifth Zero-Day of the Year

Google Patches Chrome’s Fifth Zero-Day of the Year Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation of untrusted input in Intents,” […]
18 August 2022

A step‑by‑step guide to enjoy LinkedIn safely

LinkedIn privacy settings are just as overwhelming as any other social media settings. There’s a lot of menus, a lot buttons to enable, select, accept or reject. To make sure you have control over your information we bring you a step-by-step guide on how to enjoy LinkedIn safely.

The post A step‑by‑step guide to enjoy LinkedIn safely appeared first on WeLiveSecurity

18 August 2022

APT Lazarus Targets Engineers with macOS Malware

APT Lazarus Targets Engineers with macOS Malware The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
17 August 2022

When Efforts to Contain a Data Breach Backfire

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.
16 August 2022

U.K. Water Supplier Hit with Clop Ransomware Attack

U.K. Water Supplier Hit with Clop Ransomware Attack The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
16 August 2022

DEF CON – “don’t worry, the elections are safe” edition

Don't worry, elections are safe. Our Security Researcher Cameron Camp provide us highlights from the DEF CON 30 conference.

The post DEF CON – “don’t worry, the elections are safe” edition appeared first on WeLiveSecurity

16 August 2022

Xiaomi Phone Bug Allowed Payment Forgery

Xiaomi Phone Bug Allowed Payment Forgery Mobile transactions could’ve been disabled, created and signed by attackers.
16 August 2022

How a spoofed email passed the SPF check and landed in my inbox

The Sender Policy Framework can’t help prevent spam and phishing if you allow billions of IP addresses to send as your domain

The post How a spoofed email passed the SPF check and landed in my inbox appeared first on WeLiveSecurity

16 August 2022

Black Hat and DEF CON Roundup

Black Hat and DEF CON Roundup ‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
15 August 2022

Black Hat USA 2022: Burnout, a significant issue

The digital skills gap, especially in cybersecurity, is not a new phenomenon. This problematic is now exacerbate by the prevalence of burnout, which was presented at Black Hat USA 2022

The post Black Hat USA 2022: Burnout, a significant issue appeared first on WeLiveSecurity

15 August 2022

Black Hat – Windows isn’t the only mass casualty platform anymore

Windows used to be the big talking point when it came to exploits resulting in mass casualties. Nowadays, talks turned to other massive attack platforms like #cloud and cars

The post Black Hat – Windows isn’t the only mass casualty platform anymore appeared first on WeLiveSecurity

15 August 2022

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.
12 August 2022

The potential consequences of data breach, and romance scams – Week in security with Tony Anscombe

The NHS was victim of a potential cyberattack, which raises the question of the impact of those data breach for the public.

The post The potential consequences of data breach, and romance scams – Week in security with Tony Anscombe appeared first on WeLiveSecurity

12 August 2022

Sounding the Alarm on Emergency Alert System Flaws

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System -- a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system.
12 August 2022

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’ Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.
12 August 2022

Black Hat 2022‑ Cyberdefense in a global threats era

Our Security evangelist's take on this first day of Black Hat 2022, where cyberdefense was on every mind.

The post Black Hat 2022‑ Cyberdefense in a global threats era appeared first on WeLiveSecurity

12 August 2022

Safety first: how to tweak the settings on your dating apps

Tinder, Bumble or Grindr - popular dating apps depend heavily on your location, personal data, and loose privacy settings. Find out how to put yourself out there safely by following our suggested settings tweaks.

The post Safety first: how to tweak the settings on your dating apps appeared first on WeLiveSecurity

12 August 2022

It Might Be Our Data, But It’s Not Our Breach

A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm's analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn't theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.
11 August 2022

An eighties classic – Zero Trust

A deep-dive in Zero-trust, to help you navigate in a zero-trust world and further secure your organization.

The post An eighties classic – Zero Trust appeared first on WeLiveSecurity

11 August 2022