Cybersecurity News


Black Hat: Scaling Automated Disinformation for Misery and Profit

Black Hat: Scaling Automated Disinformation for Misery and Profit Researchers demonstrated the power deep neural networks enlisted to create a bot army with the firepower to shape public opinion and spark QAnon 2.0.
09 August 2021

Auth Bypass Bug Exploited, Affecting Millions of Routers

Auth Bypass Bug Exploited, Affecting Millions of Routers A mere three days after disclosure, cyberattackers are hijacking home routers from 20 vendors & ISPs to add them to a Mirai-variant botnet used for carrying out DDoS attacks.
09 August 2021

How to find and remove spyware from your phone

Surveillance isn't just the purview of nation-states and government agencies -- sometimes, it's closer to home.
09 August 2021

DEF CON 29: Satellite hacking 101

How peering into the innards of a future satellite can make cybersecurity in space more palatable

The post DEF CON 29: Satellite hacking 101 appeared first on WeLiveSecurity

09 August 2021

Android Malware ‘FlyTrap’ Hijacks Facebook Accounts

Android Malware ‘FlyTrap’ Hijacks Facebook Accounts Coupon codes for Netlifx or Google AdWords? Voting for the best football team? Beware: Malicious apps offering such come-ons could inflict a new trojan.
09 August 2021

Phishing Sites Targeting Scammers and Thieves

I was preparing to knock off work on a recent Friday evening when a curious and annoying email came in via the contact form on this site: “Hello I go by the username Nuclear27 on your site Briansclub[.]com,” wrote “Mitch,” confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. “I made a deposit to my wallet on the site but nothing has shown up yet and I would like to know why.” Several things stood out in Mitch’s message. For starters, that is not the actual domain for BriansClub. And it’s not hard to see why Mitch got snookered: The real BriansClub site is currently not at the top of search results when one queries that shop name at Google.
09 August 2021

Cutting Through the Noise from Daily Alerts

Cutting Through the Noise from Daily Alerts The biggest challenge for security teams today is the quality of the threat intelligence platforms and feeds. How much of the intel is garbage and unusable? Threat intelligence process itself spans and feeds into many external and internal systems and applications. Without actionable data, it is impossible to understand the relevance and potential impact of a threat. Learn how Threat Intelligence management plays a role to help prioritize and act fast.
09 August 2021

IISpy: A complex server‑side backdoor with anti‑forensic features

The second in our series on IIS threats dissects a malicious IIS extension that employs nifty tricks in an attempt to secure long-term espionage on the compromised servers

The post IISpy: A complex server‑side backdoor with anti‑forensic features appeared first on WeLiveSecurity

09 August 2021

Password of three random words better than complex variation, experts say

Password of three random words better than complex variation, experts say

UK National Cyber Security Centre recommends approach for improved combination of usability and safety

It is far better to concoct passwords made up of three random words than to use more complex variations involving streams of letters, numbers and symbols, UK government experts have said.

The National Cyber Security Centre (NCSC), part of Government Communications Headquarters, highlighted its “three random words” recommendation in a new blogpost.

Continue reading...
07 August 2021

FragAttacks Foil 2 Decades of Wireless Security

Wireless security protocols have improved, but product vendors continue to make implementation errors that allow a variety of attacks.
06 August 2021

Golang Cryptomining Worm Offers 15% Speed Boost

Golang Cryptomining Worm Offers 15% Speed Boost The latest variants of the Monero-mining malware exploit known web server bugs and add efficiency to the mining process.
06 August 2021

Amazon Kindle Vulnerable to Malicious EBooks

Amazon Kindle Vulnerable to Malicious EBooks Prior to a patch, a serious bug could have allowed attackers to take over Kindles and steal personal data.
06 August 2021

Week in security with Tony Anscombe

ESET research dissects IIS web server threats – How IIStealer steals credit card data – The flood of spam in your inbox

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

06 August 2021

Black Hat 2021: Lessons from a lawyer

Why companies and their security teams need to engage with a lawyer before an incident occurs

The post Black Hat 2021: Lessons from a lawyer appeared first on WeLiveSecurity

06 August 2021

Critical Cisco Bug in VPN Routers Allows Remote Takeover

Critical Cisco Bug in VPN Routers Allows Remote Takeover Security researchers warned that at least 8,800 vulnerable systems are open to compromise.
06 August 2021

Black Hat 2021: Wanted posters for ransomware slingers

Is the net closing in on cyber-extortionists and can bounties on their collective heads ultimately help stem the ransomware scourge?

The post Black Hat 2021: Wanted posters for ransomware slingers appeared first on WeLiveSecurity

06 August 2021

Researchers Call for 'CVE' Approach for Cloud Vulnerabilities

New research suggests isolation among cloud customer accounts may not be a given -- and the researchers behind the findings issue a call to action for cloud security.
06 August 2021

Zoom Settlement: An $85M Business Case for Security Investment  

Zoom Settlement: An $85M Business Case for Security Investment   Zoom’s security lesson over end-to-end encryption shows the costs of playing cybersecurity catchup.
06 August 2021

Angry Affiliate Leaks Conti Ransomware Gang Playbook

Angry Affiliate Leaks Conti Ransomware Gang Playbook The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks.
06 August 2021

IIStealer: A server‑side threat to e‑commerce transactions

The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information

The post IIStealer: A server‑side threat to e‑commerce transactions appeared first on WeLiveSecurity

06 August 2021