Cybersecurity News


Attackers Use Event Logs to Hide Fileless Malware

Attackers Use Event Logs to Hide Fileless Malware A sophisticated campaign utilizes a novel anti-detection method.
04 May 2022

3 most dangerous types of Android malware

Here's what you should know about some of the nastiest mobile malware – from malicious software that takes phones and data hostage to RATs that allow hackers to control devices remotely

The post 3 most dangerous types of Android malware appeared first on WeLiveSecurity

04 May 2022

Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk

Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.
04 May 2022

Chinese hackers perform 'rarely seen' Windows mechanism abuse in three-year campaign

Operation CuckooBees is an elaborate operation against companies in the US and beyond.
04 May 2022

Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’

Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’ Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.
03 May 2022

What’s behind the record‑high number of zero days?

Organizations need to get better at mitigating threats from unknown vulnerabilities, especially as both state-backed operatives and financially-motivated cybercriminals are increasing their activity

The post What’s behind the record‑high number of zero days? appeared first on WeLiveSecurity

03 May 2022

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation's prison population to perform low-cost IT work for domestic companies.
02 May 2022

Bad Actors Are Maximizing Remote Everything

Bad Actors Are Maximizing Remote Everything Aamir Lakhani, global security strategist and researcher at FortiGuard Labs, zeroes in on how adversaries are targeting 'remote everything'.
02 May 2022

Deep Dive: Protecting Against Container Threats in the Cloud

Deep Dive: Protecting Against Container Threats in the Cloud A deep dive into securing containerized environments and understanding how they present unique security challenges.
02 May 2022

Mozilla finds mental health apps fail 'spectacularly' at user security, data policies

Prayer apps, too, have raised serious security concerns.
02 May 2022

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.
29 April 2022

TA410 under the microscope – Week in security with Tony Anscombe

Here's what you should know about FlowingFrog, LookingFrog and JollyFrog – the three teams making up the TA410 espionage umbrella group

The post TA410 under the microscope – Week in security with Tony Anscombe appeared first on WeLiveSecurity

29 April 2022

Security Turbulence in the Cloud: Survey Says…

Security Turbulence in the Cloud: Survey Says… Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps.
29 April 2022

Cyberespionage APT Now Identified as Three Separate Actors

Cyberespionage APT Now Identified as Three Separate Actors The threat group known as TA410 that wields the sophisticated FlowCloud RAT actually has three subgroups operating globally, each with their own toolsets and targets.
29 April 2022

Vulnerable plugins plague the CMS website security landscape

Backdoors, card skimming, and spam are also common factors in website compromise.
29 April 2022

HackerOne acquires code security tester, review service PullRequest

HackerOne says that clients will be able to more easily integrate code security reviews during workflows.
29 April 2022

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.
28 April 2022

Cyberattacks Rage in Ukraine, Support Military Operations

Cyberattacks Rage in Ukraine, Support Military Operations At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure.
28 April 2022

ExtraReplica: Microsoft patches cross-tenant bug in Azure PostgreSQL

The flaw was exploitable to conduct privilege escalation and code execution.
28 April 2022

Emotet is Back From ‘Spring Break’ With New Nasty Tricks

Emotet is Back From ‘Spring Break’ With New Nasty Tricks The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default.
27 April 2022