Cybersecurity News
Home Office’s visa service apologises for email address data breach
Private contractor running service sent email to applicants containing more than 170 email addresses
The Home Office’s visa service has apologised for a data breach in which the email addresses of more than 170 people were mistakenly copied into an email circulated last week.
More than 170 email addresses were accidentally copied into a message on 7 April 2022 about the change of location for a visa appointment with the UK Visa and Citizenship Application Service. The UKVCAS is run on behalf of the Home Office by the private contractor Sopra Steria. Some of the email addresses appeared to be private Gmail accounts, while others belonged to lawyers from a variety of firms.
Continue reading...ESET takes part in global operation to disrupt Zloader botnets
ESET researchers provided technical analysis, statistical information, and known command and control server domain names and IP addresses
The post ESET takes part in global operation to disrupt Zloader botnets appeared first on WeLiveSecurity
Feds Shut Down RaidForums Hacking Marketplace
The DoJ is charging its founder, 21-year-old Portuguese citizen Diogo Santos Coelho, on six criminal counts, including conspiracy, access device fraud and aggravated identity theft.
Microsoft Patch Tuesday, April 2022 Edition
Microsoft on Tuesday released updates to fix roughly 120 security vulnerabilities in its Windows operating systems and other software. Two of the flaws have been publicly detailed prior to this week, and one is already seeing active exploitation, according to a report from the U.S. National Security Agency (NSA).Critical vulnerabilities uncovered in hospital robots
The robots zip around hospitals delivering medicine and other supplies.Innovation and the Roots of Progress
If you look back at the long arc of history, it’s clear that one of the most crucial drivers of real progress in society is innovation
The post Innovation and the Roots of Progress appeared first on WeLiveSecurity
Enemybot: a new Mirai, Gafgyt hybrid botnet joins the scene
The botnet borrows a few tricks from Mirai.Barracuda Networks changes hands with purchase by global investment firm KKR
KKR is taking over from Thoma Bravo.Microsoft Zero-Days, Wormable Bugs Spark Concern
For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits.
RaidForums Gets Raided, Alleged Admin Arrested
The U.S. Department of Justice (DOJ) said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world's largest data breaches since 2015. The DOJ also charged the alleged administrator of RaidForums -- 21-year-old Diogo Santos Coelho, of Portugal -- with six criminal counts, including conspiracy, access device fraud and aggravated identity theft.Menswear Brand Zegna Reveals Ransomware Attack
Accounting materials from the Italy-based luxury fashion house were leaked online by RansomExx because the company refused to pay.
These hackers pretend to poach, recruit rival bank staff in new cyberattacks
Employees looking for new career opportunities are the targets.Only half of organizations reviewed security policies due to the pandemic: study
Investment is expected to increase but existing cybersecurity strategies are lacking.Industroyer2: Industroyer reloaded
This ICS-capable malware targets a Ukrainian energy company
The post Industroyer2: Industroyer reloaded appeared first on WeLiveSecurity
Microsoft Takes Down Domains Used in Cyberattack Against Ukraine
The APT28 (Advanced persistence threat) is operating since 2009, this group has worked under different names such as Sofacy, Sednit, Strontium Storm, Fancy Bear, Iron Twilight, and Pawn.
Double-Your-Crypto Scams Share Crypto Scam Host
Online scams that try to separate the unwary from their cryptocurrency are a dime a dozen, but a great many seemingly disparate crypto scam websites tend to rely on the same dodgy infrastructure providers to remain online in the face of massive fraud and abuse complaints from their erstwhile customers. Here's a closer look at hundreds of phony crypto investment schemes that are all connected through a hosting provider which caters to people running crypto scams.XSS vulnerability patched in Directus data engine platform
The platform is described as a "flexible powerhouse for engineers."Google Play Bitten by Sharkbot Info-stealer ‘AV Solution’
Google removed six different malicious Android applications targeting mainly users in the U.K. and Italy that were installed about 15,000 times.
Week in security with Tony Anscombe
Fake e-shops & Android malware – A journey into the dark recesses of the world wide web – Keeping your cloud resources safe
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity