Cybersecurity News


Microsoft Zero-Days, Wormable Bugs Spark Concern

Microsoft Zero-Days, Wormable Bugs Spark Concern For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits.
12 April 2022

RaidForums Gets Raided, Alleged Admin Arrested

The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world's largest data breaches since 2015. The DOJ also charged the alleged administrator of RaidForums -- 21-year-old Diogo Santos Coelho, of Portugal -- with six criminal counts, including conspiracy, access device fraud and aggravated identity theft.
12 April 2022

Menswear Brand Zegna Reveals Ransomware Attack

Menswear Brand Zegna Reveals Ransomware Attack Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay.
12 April 2022

These hackers pretend to poach, recruit rival bank staff in new cyberattacks

Employees looking for new career opportunities are the targets.
12 April 2022

Only half of organizations reviewed security policies due to the pandemic: study

Investment is expected to increase but existing cybersecurity strategies are lacking.
12 April 2022

Industroyer2: Industroyer reloaded

This ICS-capable malware targets a Ukrainian energy company

The post Industroyer2: Industroyer reloaded appeared first on WeLiveSecurity

12 April 2022

Microsoft Takes Down Domains Used in Cyberattack Against Ukraine

Microsoft Takes Down Domains Used in Cyberattack Against Ukraine The APT28 (Advanced persistence threat) is operating since 2009, this group has worked under different names such as Sofacy, Sednit, Strontium Storm, Fancy Bear, Iron Twilight, and Pawn.
11 April 2022

Double-Your-Crypto Scams Share Crypto Scam Host

Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. Here's a closer look at hundreds of phony crypto investment schemes that are all connected through a hosting provider which caters to people running crypto scams.
11 April 2022

XSS vulnerability patched in Directus data engine platform

The platform is described as a "flexible powerhouse for engineers."
11 April 2022

Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’

Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’ Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times.
08 April 2022

Week in security with Tony Anscombe

Fake e-shops & Android malware – A journey into the dark recesses of the world wide web – Keeping your cloud resources safe

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

08 April 2022

FIN7 hacking group member sentenced to five years behind bars

He worked as a penetration tester for the criminal outfit.
08 April 2022

Actions Target Russian Govt. Botnet, Hydra Dark Market

The U.S. Federal Bureau of Investigation (FBI) says it has disrupted a giant botnet built and operated by a Russian government intelligence unit known for launching destructive cyberattacks against energy infrastructure in the United States and Ukraine. Separately, law enforcement agencies in the U.S. and Germany moved to decapitate "Hydra," a billion-dollar Russian darknet drug bazaar that also helped to launder the profits of multiple Russian ransomware groups.
07 April 2022

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts

SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds.
07 April 2022

MacOS Malware: Myth vs. Truth – Podcast

MacOS Malware: Myth vs. Truth – Podcast Huntress Labs R&D Director Jamie Levy busts the old “Macs don’t get viruses” myth and offers tips on how MacOS malware differs and how to protect against it.
07 April 2022

How secure is your cloud storage? Mitigating data security risks in the cloud

As cloud systems are increasingly the bedrock on which digital transformation is built, keeping a close eye on how they are secured is an essential cybersecurity best practice

The post How secure is your cloud storage? Mitigating data security risks in the cloud appeared first on WeLiveSecurity

07 April 2022

VMware warns of critical remote code execution bug in Workspace ONE Access

Other severe vulnerabilities have been resolved.
07 April 2022

Zoom awarded $1.8 million in bug bounty rewards over 2021

The program has paid out $2.4 million since its launch.
07 April 2022

Israeli officials are being catfished by AridViper hackers

APT-C-23 is targeting high-ranking individuals in defense, law, and emergency services.
07 April 2022

The Original APT: Advanced Persistent Teenagers

Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual "smash and grab" attacks we've seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactics are putting some of the world's biggest corporations on edge.
06 April 2022