Cybersecurity News
Bugs allowing malicious NFT uploads uncovered in OpenSea marketplace
Malicious NFTs could have become an attack vector for hackers trying to steal digital wallet funds.Don’t get phished! How to be the one that got away
If it looks like a duck, swims like a duck, and quacks like a duck, then it's probably a duck. Now, how do you apply the duck test to defense against phishing?
The post Don’t get phished! How to be the one that got away appeared first on WeLiveSecurity
Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign
Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers.
Patch Tuesday, October 2021 Edition
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited in active attacks. This month's Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.Windows Zero-Day Actively Exploited in Widespread Espionage Campaign
The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers.
Office 365 Spy Campaign Targets US Military Defense
An Iran-linked group is taking aim at makers of drones and satellites, Persian Gulf ports and maritime shipping companies, among others.
Paving the Way: Inspiring Women in Payments - A Podcast Featuring Adelia Castelino
As a female entrepreneur, Adelia Castelino credits much of her early success to the role models who inspired and supported her vision to create a small start-up business, which has since flourished into a successful global company. In this edition of our podcast, Adelia explains that to sustain more women in the dynamic world of payments, mentorships are an increasingly important way that women can nurture their talents while supporting other women in their industry.
Microsoft thwarts record‑breaking DDoS attack
The attack, which clocked in at 2.4 Tbps, targeted one of Azure customers based in Europe
The post Microsoft thwarts record‑breaking DDoS attack appeared first on WeLiveSecurity
Apple Releases Urgent iOS Updates to Patch New Zero-Day Bug
The bug is under attack. Within hours of the patch release, a researcher published POC code, calling it a "great" flaw that can be used for jailbreaks and local privilege escalation.
Ransomware cost US companies almost $21 billion in downtime in 2020
The victims lost an average of nine days to downtime and two-and-a-half months to investigations, an analysis of disclosed attacks shows
The post Ransomware cost US companies almost $21 billion in downtime in 2020 appeared first on WeLiveSecurity
Incident Response: 5 Principles to Boost the Infosec/Legal Relationship
Effective cyber-incident response means working well with legal. Matt Dunn, associate managing director for cyber-risk at Kroll, lays out how to do it.
FontOnLake malware strikes Linux systems in targeted attacks
The malware is accompanied by a rootkit to sink its claws firmly into vulnerable machines.FBI arrests engineer for flogging nuclear warship data hidden in peanut butter sandwich
A husband and wife team tried to sell critical information on US submarine nuclear reactors.NSO Pegasus spyware can no longer target UK phone numbers
Israeli maker of surveillance software blocked +44 code after detecting hack against Princess Haya, source says
The powerful spyware used to hack into mobile phones belonging to Princess Haya and her divorce lawyer Fiona Shackleton is no longer effective against UK numbers, sources familiar with the software’s developer have said.
NSO Group, the Israeli maker of the Pegasus surveillance tool, implemented a change preventing client countries from targeting +44 numbers, the sources said, after it became aware of the British hacking scandal on 5 August last year.
Continue reading...Week in security with Tony Anscombe
ESET research discovers ESPecter bootkit – FontOnLake targeting Linux – Fake SafeMoon app update
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
BrewDog exposed data of 200,000 shareholders for over a year
The beer's on BrewDog, too.Navy Warship’s Facebook Page Hacked to Stream ‘Age of Empires’ Gaming
The destroyer-class USS Kidd streamed hours of game play in a funny incident that has serious cybersecurity ramifications.
Twitch Leak Included Emails, Passwords in Clear Text: Researcher
A researcher combed through the Twitch leak and found what they said was evidence of PayPal chargebacks with names and emails; employees' emails; and more.
Cybersecurity Month: Be Cyber Smart
As an Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sharing educational resources on payment security best practices on the PCI Perspectives blog, and through our Twitter (@PCISSC) and LinkedIn pages. The Council will align these resources with the four weekly themes outlined by the National Cyber Security Alliance:
4 Key Questions for Zero-Trust Success
Anurag Kahol, CTO & co-founder at Bitglass, offers tips for avoiding implementation pitfalls for zero trust.