Cybersecurity News
Starlink Successfully Hacked Using $25 Modchip
Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal for SpaceX’s satellite-based internet system
New Hacker Forum Takes Pro-Ukraine Stance
A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
Cisco Confirms Network Breach Via Hacked Employee Google Account
Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.
Fears for patient data after ransomware attack on NHS software supplier
Attack being investigated for potential data theft as experts warn criminals could use stolen details as leverage
A ransomware attack on an NHS software supplier last week is being investigated for potential theft of patient data, as experts warned that criminals could use personal information as leverage in negotiations.
Advanced, which provides services for NHS 111 and patient records, said it was investigating “potentially impacted data” and that it would provide updates when it had more information about “potential data access or exfiltration”. The UK data watchdog confirmed it was aware of the incident and was “making inquiries.”
Continue reading...Podcast: Inside the Hackers’ Toolkit
This edition of the Threatpost podcast is sponsored by Egress.
The Security Pros and Cons of Using Email Aliases
One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online. Adding a "+" character after the username portion of your email address -- followed by a notation specific to the site you're signing up at -- lets you create an infinite number of unique email addresses tied to the same account. Aliases can help users detect breaches and fight spam. But not all websites allow aliases, and they can complicate account recovery. Here's a look at the pros and cons of adopting a unique alias for each website.Microsoft Patches ‘Dogwalk’ Zero-Day and 17 Critical Flaws
August Patch Tuesday tackles 121 CVEs, 17 critical bugs and one zero-day bug exploited in the wild.
Microsoft Patch Tuesday, August 2022 Edition
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections.Virtual Currency Platform ‘Tornado Cash’ Accused of Aiding APTs
U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program.
Spyware is huge threat to global human rights and democracy, expert warns
Cybersecurity expert Ron Diebert to testify to Canadian MPs about troubling spread of invasive surveillance tools
The mercenary spyware industry represents “one of the greatest contemporary threats to civil society, human rights and democracy”, a leading cybersecurity expert warns, as countries grapple with the unregulated spread of powerful and invasive surveillance tools.
Ron Diebert, a political science professor at the university of Toronto and head of Citizen Lab, will testify in front of a Canadian parliamentary committee on Tuesday afternoon about the growing threat he and others believe the technology poses to citizens and democracies.
Continue reading...How to check if your PC has been hacked, and what to do next
Has your PC been hacked? Whatever happens, don’t panic. Read on for ten signs your PC has been hacked and handy tips on how to fix it.
The post How to check if your PC has been hacked, and what to do next appeared first on WeLiveSecurity
How to find out if you are involved in a data breach -- and what to do next
Here's a guide highlighting the tools you can use to determine if your account is at risk.Phishers Swim Around 2FA in Coinbase Account Heists
Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds.
Class Action Targets Experian Over Account Security
A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts simply by signing up for new accounts using the victim’s personal information and a different email address.Open Redirect Flaw Snags Amex, Snapchat User Data
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.
Develop a zero‑trust environment to protect your organization – Week in security with Tony Anscombe
Learn the basics of zero-trust, and how building a zero-trust environment can protect your organization.
The post Develop a zero‑trust environment to protect your organization – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Scammers Sent Uber to Take Elderly Lady to the Bank
Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.Don’t get singed by scammers while you’re carrying the torch for Tinder
Are you on Tinder? With 75 million monthly active users, you might be able to find the right one. However there are also traps you need to look out for. Read more about catfishing, sextortion, phishing and other practices used by scammers.
The post Don’t get singed by scammers while you’re carrying the torch for Tinder appeared first on WeLiveSecurity
VMWare Urges Users to Patch Critical Authentication Bypass Bug
Vulnerability—for which a proof-of-concept is forthcoming—is one of a string of flaws the company fixed that could lead to an attack chain.
Universities Put Email Users at Cyber Risk
DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails.
