Cybersecurity News


Charming Kitten Sharpens Its Claws with PowerShell Backdoor

Charming Kitten Sharpens Its Claws with PowerShell Backdoor The notorious Iranian APT is fortifying its arsenal with new malicious tools and evasion tactics and may even be behind the Memento ransomware.
02 February 2022

Meet CoinStomp: new cryptojacking malware targets Asian cloud service providers

Shell scripts are being used to exploit cloud instances.
02 February 2022

Arid Viper hackers strike Palestine with political lures - and Trojans

The threat group is suspected of being located in Gaza.
02 February 2022

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Some fraudsters may use low-tech tactics to steal your sensitive information – peering over your shoulder as you enter that data is one of them

The post Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone appeared first on WeLiveSecurity

02 February 2022

FBI: Use a Burner Phone at the Olympics

FBI: Use a Burner Phone at the Olympics The warning follows a Citizen Lab report that found the official, mandatory app has an encryption flaw that "can be trivially sidestepped." Besides burners, here are more tips on staying cyber-safe at the Games.
01 February 2022

Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft

Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn.
01 February 2022

The Account Takeover Cat-and-Mouse Game

The Account Takeover Cat-and-Mouse Game ATO attacks are evolving. Jason Kent, hacker-in-residence at Cequence Security, discusses what new-style cyberattacks look like in the wild.
01 February 2022

Samba ‘Fruit’ Bug Allows RCE, Full Root User Access

Samba ‘Fruit’ Bug Allows RCE, Full Root User Access The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages.
01 February 2022

Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities

Living Off the Land: How to Defend Against Malicious Use of Legitimate Utilities LOLBins help attackers become invisible to security platforms. Uptycs provides a rundown of the most commonly abused native utilities for Windows, Linux and macOS – and advice for protection.
01 February 2022

One in seven ransomware extortion attempts leak key operational tech records

Researchers say that double-extortion ransomware attacks represent a severe risk to operational processes.
01 February 2022

State-sponsored Iranian hackers attack Turkish government, private organizations

MuddyWater is impersonating the Turkish Health and Interior Ministries to sink its claws into victim networks.
01 February 2022

Public Exploit Released for Windows 10 Bug

Public Exploit Released for Windows 10 Bug The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update.
31 January 2022

Apple Pays $100.5K Bug Bounty for Mac Webcam Hack

Apple Pays $100.5K Bug Bounty for Mac Webcam Hack The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also "hack every website you've ever visited."
31 January 2022

NSO Group Pegasus Spyware Aims at Finnish Diplomats

NSO Group Pegasus Spyware Aims at Finnish Diplomats Finland is weathering a bout of Pegasus infections, along with a Facebook Messenger phishing scam.
31 January 2022

Unsecured AWS server exposed 3TB in airport employee records

The exposure impacted airport staff across Colombia and Peru.
31 January 2022

How to tell if your phone has been hacked

Think your smartphone has been compromised by malware? Here's how to spot the signs of a hacked phone and how to remove the hacker from your phone.

The post How to tell if your phone has been hacked appeared first on WeLiveSecurity

31 January 2022

Fake Investor John Bernard Sinks Norwegian Green Shipping Dreams

Several articles here have delved into the history of John Bernard, the pseudonym used by a fake billionaire technology investor who's tricked dozens of start-ups into giving him tens of millions of dollars. Bernard's latest victim -- a Norwegian startup hoping to build a fleet of environmentally friendly shipping vessels -- is now embroiled in a lawsuit over a deal gone bad, in which Bernard falsely claimed to have secured $100 million from six other wealthy investors, including the founder of Uber and the artist Abel Makkonen Tesfaye, better known as The Weeknd.
29 January 2022

Lazarus APT Uses Windows Update to Spew Malware

Lazarus APT Uses Windows Update to Spew Malware The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2.
28 January 2022

Zerodium Spikes Payout for Zero-Click Outlook Zero-Days

Zerodium Spikes Payout for Zero-Click Outlook Zero-Days The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.
28 January 2022

Week in security with Tony Anscombe

ESET Research uncovers DazzleSpy malware attacks targeting macOS users – Trading personal data for free online services – PayPal hacking made easy

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

28 January 2022