Cybersecurity News
Week in security with Tony Anscombe
ESET research analyzes the Vadokrist banking trojan – Beware smishing scams – WhatsApp postpones privacy policy changes
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
22 January 2021
As Bitcoin price surges, DDoS extortion gangs return in force
Companies are receiving emails from cyber-criminals threatening large DDoS attacks unless a ransom is paid. Some groups are delivering on their threats.22 January 2021
Why North Korea Excels in Cybercrime
North Korea is laser-focused on boosting its cyber capabilities, and it's doing a remarkable job of it.22 January 2021
New website launched to document vulnerabilities in malware strains
Launched by security researcher John Page, the new MalVuln website lists bugs in malware code.22 January 2021
Threat Actors Can Exploit Windows RDP Servers to Amplify DDoS Attacks
Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.
22 January 2021
SEC calls out dubious cryptocurrency traders, miners soliciting customers worldwide
The companies mentioned are considered “misleading” or impersonators of genuine businesses.22 January 2021
Why do we fall for SMS phishing scams so easily?
Here’s how to spot scams where criminals use deceptive text messages to hook and reel in their marks
The post Why do we fall for SMS phishing scams so easily? appeared first on WeLiveSecurity
22 January 2021
Windows RDP servers are being abused to amplify DDoS attacks
Windows RDP servers running on UDP port 3389 can be ensnared in DDoS botnets and abused to bounce and amplify junk traffic towards victim networks.22 January 2021
DreamBus, FreakOut Botnets Pose New Threat to Linux Systems
Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes.21 January 2021
Breach Data Shows Attackers Switched Gears in 2020
Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked.21 January 2021
Attackers Leave Stolen Credentials Searchable on Google
Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search.21 January 2021
Einstein Healthcare Network Announces August Breach
Einstein is in violation of the the HHS 60-day breach notification rule, but unlikely to face penalty.
21 January 2021
SQL Server Malware Tied to Iranian Software Firm, Researchers Allege
Researchers have traced the origins of a campaign - infecting SQL servers to mine cryptocurrency - back to an Iranian software firm.
21 January 2021
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.21 January 2021
QNAP warns users of a new crypto-miner named Dovecat infecting their devices
QNAP says the malware is targeting NAS devices with weak passwords.21 January 2021
7 Steps to Secure a WordPress Site
Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth.
21 January 2021
Hacker leaks data of millions of Teespring users
Teespring account passwords were not released.21 January 2021
Hacker Pig Latin: A Base64 Primer for Security Analysts
The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks.
21 January 2021
Malware reportedly found on laptops given to children in England
Investigation launched after teachers warn of worm on devices handed out for home schooling
An investigation has been launched into reports that some of the laptops handed out to vulnerable children for homeschooling in England are infected with malware.
According to an online forum, teachers from a school in Bradford noticed the issue and believe it contacts Russian servers.
Continue reading...21 January 2021
DDoS-Guard To Forfeit Internet Space Occupied by Parler
Parler, the beleaguered social network advertised as a "free speech" alternative to Facebook and Twitter, has had a tough month. Apple and Google removed the Parler app from its stores, and Amazon blocked the platform from using its hosting services. Parler has since found a home in DDoS-Guard, a Russian digital infrastructure company. But now it appears DDoS-Guard is about to be relieved of more than two-thirds of the Internet address space the company leases to clients -- including the Internet addresses currently occupied by Parler.21 January 2021