Cybersecurity News


Tor Project battles Russian censorship through the courts

An appeal has been filed to challenge a block imposed by Russian authorities.
24 January 2022

Researchers break down WhisperGate wiper malware used in Ukraine website defacement

The wiper is similar to malware previously used in attacks against the country – with added functions.
24 January 2022

How I hacked my friend’s PayPal account

Somebody could easily take control of your PayPal account and steal money from you if you’re not careful – here's how to stay safe from a simple but effective attack

The post How I hacked my friend’s PayPal account appeared first on WeLiveSecurity

24 January 2022

Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers

Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers The ‘DTPacker’ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds.
24 January 2022

Hackers hijack smart contracts in cryptocurrency token 'rug pull' exit scams

Misconfiguration provides the perfect opportunity for token-based theft.
24 January 2022

The Internet’s Most Tempting Targets

The Internet’s Most Tempting Targets What attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
21 January 2022

Merck Awarded $1.4B Insurance Payout over NotPetya Attack

Merck Awarded $1.4B Insurance Payout over NotPetya Attack Court rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant's 2017 cyberattack.
21 January 2022

20K WordPress Sites Exposed by Insecure Plugin REST-API

20K WordPress Sites Exposed by Insecure Plugin REST-API The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
21 January 2022

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
21 January 2022

Crime Shop Sells Hacked Logins to Other Crime Shops

Up for the "Most Meta Cybercrime Offering" award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.
21 January 2022

Spyware Blitzes Compromise, Cannibalize ICS Networks

Spyware Blitzes Compromise, Cannibalize ICS Networks The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
21 January 2022

Week in security with Tony Anscombe

ESET research into Donot Team attacks – Common signs that your email has been hacked – Social media dos and don'ts in the workplace

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

21 January 2022

Chinese APT deploys MoonBounce implant in UEFI firmware

The highly targeted attack reveals a new level of sophistication in attacks against UEFI firmware.
21 January 2022

Amazon fake crypto token investment scam steals Bitcoin from victims

Criminals are peddling the idea of a new Amazon cryptocurrency token to swindle victims.
21 January 2022

2FA Bypassed in $34.6M Crypto.com Heist

2FA Bypassed in $34.6M Crypto.com Heist In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds.
20 January 2022

Critical Cisco StarOS Bug Grants Root Access via Debug Mode

Critical Cisco StarOS Bug Grants Root Access via Debug Mode Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
20 January 2022

Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug

Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks’ internal devices.
20 January 2022

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.
20 January 2022

Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data

Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration.
20 January 2022

SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack

SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack R.R. Donnelly, the integrated services company, confirmed a ‘systems intrusion’ that occurred in late December and is still under investigation.
20 January 2022