Cybersecurity News
MSHTML Flaw Exploited to Attack Russian Dissidents
A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin.
As Lapsus$ comes back from 'vacation,' Sitel clarifies position on data breach
Lapsus$ also claims to have compromised a software solutions provider.This new ransomware targets data visualization tool Jupyter Notebook
Misconfigured environments are the entry point for the ransomware strain.Women in tech: Unique insights from a lifelong pursuit of innovation
Leading Slovak computer scientist Mária Bieliková shares her experience working as a woman driving technological innovation and reflects on how to inspire the next generation of talent in tech
The post Women in tech: Unique insights from a lifelong pursuit of innovation appeared first on WeLiveSecurity
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors
Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.
Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”
There is a terrifying and highly effective "method" that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can't wait for a court order because it relates to an urgent matter of life and death.Exchange Servers Speared in IcedID Phishing Campaign
The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.
Transparent Tribe APT returns to strike India's government and military
The development of custom malware indicates the group is trying to "compromise even more victims."Ukraine destroys five bot farms that were spreading 'panic' among citizens
Over 100,000 fake accounts were allegedly used to spread misinformation about Russia's invasion.Log4Shell exploited to infect VMware Horizon servers with backdoors, crypto miners
Three backdoors and four miners have been detected in new attacks.Europe’s quest for energy independence – and how cyber‑risks come into play
Soaring energy prices and increased geopolitical tensions amid the Russian invasion of Ukraine bring a sharp focus on European energy security
The post Europe’s quest for energy independence – and how cyber‑risks come into play appeared first on WeLiveSecurity
Okta Says It Goofed in Handling the Lapsus$ Attack
"We made a mistake," Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers.
Critical Sophos Security Bug Allows RCE on Firewalls
The security vendor's appliance suffers from an authentication-bypass issue.
Hundreds more packages found in malicious npm 'factory'
Over 600 malicious packages were published in only five days.Sophos patches critical remote code execution vulnerability in Firewall
Sophos Firewall is a network protection solution for the enterprise market.Under the hood of Wslink’s multilayered virtual machine
ESET researchers describe the structure of the virtual machine used in samples of Wslink and suggest a possible approach to see through its obfuscation techniques
The post Under the hood of Wslink’s multilayered virtual machine appeared first on WeLiveSecurity
DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector
The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison
An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of "cashing out" access to hacked bank accounts worldwide.Week in security with Tony Anscombe
ESET discovers Mustang Panda's Hodur trojan – Crypto malware targeting Android and iOS users alike – Nation-state digital deterrent
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity