Cybersecurity News


T-Mobile Investigating Claims of Massive Data Breach

Communications giant T-Mobile said today it is investigating the extent of a data breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer's mobile device.
16 August 2021

Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets

Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets Valve plugs an API bug found in its Steam platform that that abused the Smart2Pay system to add unlimited funds to gamer digital wallets.
16 August 2021

XSS Bug in SEOPress WordPress Plugin Allows Site Takeover

XSS Bug in SEOPress WordPress Plugin Allows Site Takeover The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites.
16 August 2021

100m T-Mobile Customer Records Purportedly Up for Sale

100m T-Mobile Customer Records Purportedly Up for Sale The seller claims to have sucker-punched U.S. infrastructure out of retaliation. The offer: 30m records for ~1 penny each, with the rest being sold privately.
16 August 2021

Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come?

Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come? Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps. A confidential memo from inside Amazon explained that customer service credential abuse and data theft was on the rise, according to Motherboard which reviewed the document. […]
13 August 2021

Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware

Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware CAPTCHA-protected malicious URLs are snowballing lately, researchers said.
13 August 2021

SolarWinds 2.0 Could Ignite Financial Crisis – Podcast

SolarWinds 2.0 Could Ignite Financial Crisis – Podcast That’s what NY State suggests could happen, given the utter lack of cybersec protection at many private equity & hedge fund firms. Can AI help avert it?
13 August 2021

Exchange Servers Under Active Attack via ProxyShell Bugs

Exchange Servers Under Active Attack via ProxyShell Bugs There’s an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs.
13 August 2021

New Anti Anti-Money Laundering Services for Crooks

Two new dark web services are marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed "Antinalysis" and "AMLBot," the services purport to offer a glimpse into how one's payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.
13 August 2021

WordPress Sites Abused in Aggah Spear-Phishing Campaign

WordPress Sites Abused in Aggah Spear-Phishing Campaign The Pakistan-linked threat group's campaign uses compromised WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea.
13 August 2021

Week in security with Tony Anscombe

How IISpy spies on its victims and stays under the radar – IISerpent tampers with search engine results – How to avoid falling prey to ransomware

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

13 August 2021

UK security chiefs issue guidance after hackers target ministers on WhatsApp

UK security chiefs issue guidance after hackers target ministers on WhatsApp

Exclusive: civil service chief points to work to improve cybersecurity in response to Labour concerns

Ministers and civil servants conducting “government by WhatsApp” have been exposed to hackers, leading to new advice from security chiefs about how to improve their privacy.

The cabinet secretary, Simon Case, revealed that the Government Security Group had issued new guidance after Labour raised questions about ministers using their personal phones to conduct official business.

Related: UK government admits ministers can use self-deleting messages

Continue reading...
13 August 2021

Rogue Marketplace AlphaBay Reboots

Rogue Marketplace AlphaBay Reboots Illicit underground marketplace relaunches years after takedown.
12 August 2021

Black Hat: Novel DNS Hack Spills Confidential Corp Data

Black Hat: Novel DNS Hack Spills Confidential Corp Data Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53's DNS service and Google Cloud DNS.
12 August 2021

Payment Security Experts Emphasize Working Together

 

The PCI SSC Latin American Forum, an online event took place this week with more than 1,100 payment security practitioners from Latin America discussing the latest in payment security and standards. Here we talk with Carlos Caetano, PCI Security Standards Council Associate Director, Latin American Region for Brazil, Elder Vinicius Telles de Arruda, Information Security Manager, Getnet; Enildo Barros, IT Services Head, C6 Bank and Ricardo Nilsen Moreno, Information Security Superintendent, Banco Safra about cloud security trends, highlights from the Latin American Forum (LAF) and industry involvement opportunities for the region.

12 August 2021

AdLoad Malware 2021 Samples Skate Past Apple XProtect

AdLoad Malware 2021 Samples Skate Past Apple XProtect A crush of new attacks using the well-known adware involves at least 150 updated samples, many of which aren't recognized by Apple's built-in security controls.
12 August 2021

Ransomware Payments Explode Amid ‘Quadruple Extortion’

Ransomware Payments Explode Amid ‘Quadruple Extortion’ Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks.
12 August 2021

QR Code Scammers Get Creative with Bitcoin ATMs

QR Code Scammers Get Creative with Bitcoin ATMs Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology's trust relationship with users.
12 August 2021

Microsoft Warns: Another Unpatched PrintNightmare Zero-Day

Microsoft Warns: Another Unpatched PrintNightmare Zero-Day The out-of-band warning pairs with a working proof-of-concept exploit for the issue, circulating since mid-July.
12 August 2021

Examining threats to device security in the hybrid workplace

As employees split their time between office and off-site work, there’s a greater potential for company devices and data to fall into the wrong hands

The post Examining threats to device security in the hybrid workplace appeared first on WeLiveSecurity

12 August 2021