Cybersecurity News
No honor among thieves: One in five targets of FIN12 hacking group is in healthcare
The group strikes big game targets with annual revenues of over $6 billion.FontOnLake: Previously unknown malware family targeting Linux
ESET researchers discover a malware family with tools that show signs they’re used in targeted attacks
The post FontOnLake: Previously unknown malware family targeting Linux appeared first on WeLiveSecurity
Former Kent police officer sentenced for downloading child sex abuse material
The disgraced officer has avoided jail.Canopy Parental Control App Wide Open to Unpatched XSS Bugs
The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users.
VMware ESXi Servers Encrypted by Lightning-Fast Python Script
The little snippet of Python code strikes fast and nasty, taking less than three hours to complete a ransomware attack from initial breach to encryption.
ESPecter Bootkit Malware Haunts Victims with Persistent Espionage
The rare UEFI bootkit drops a fully featured backdoor on PCs and gains the ultimate persistence by modifying the Windows Boot Manager.
Becoming a new chief information security officer today: The steps for success
It's no easy ride -- but here are some tips from an experienced CISO.Google to turn on 2FA by default for 150 million users, 2 million YouTubers
Two-factor authentication is a simple way to greatly enhance the security of your account
The post Google to turn on 2FA by default for 150 million users, 2 million YouTubers appeared first on WeLiveSecurity
Twitch Gets Gutted: All Source Code Leaked
An anonymous user posted a link to a 125GB torrent to 4chan yesterday, containing all of Twitch's source code, comments going back to its inception and more.
Dubai ruler hacked ex-wife using NSO Pegasus spyware, high court judge finds
Sheikh Mohammed used spyware on Princess Haya and five associates in unlawful abuse of power, judge rules
The ruler of Dubai hacked the phone of his ex-wife Princess Haya using NSO Group’s controversial Pegasus spyware in an unlawful abuse of power and trust, a senior high court judge has ruled.
The president of the family division found that agents acting on behalf of Sheikh Mohammed bin Rashid al-Maktoum, who is also prime minister of the United Arab Emirates, a close Gulf ally of Britain, hacked Haya and five of her associates while the couple were locked in court proceedings in London concerning the welfare of their two children.
Continue reading...‘The walls are closing in on me’: the hacking of Princess Haya
Court judgments reveal how Sheikh Mohammed’s use of Pegasus spyware against his ex-wife was uncovered
Eleven court judgments, covering 181 pages, plus hundreds of other pages of legal documents have revealed an extraordinary spying scandal: state-sponsored mobile phone hacking conducted on behalf of the ruler of Dubai against his fearful sixth and former wife, Princess Haya, Britain’s most famous divorce lawyer and her associate, plus three others – against the backdrop of a bitter child protection battle being played out day after day in the English courts.
The conclusion, after just over a year of intense and costly legal arguments, is that “servants or agents” of Sheikh Mohammed bin Rashid al-Maktoum, the vice-president and prime minister of the United Arab Emirates, engaged in “the surveillance of the six phones” in Britain using technology supplied by Israel’s NSO Group, a company already embroiled in a string of hacking scandals, apparently to further his cause in the welfare battle.
Continue reading...Apache HTTP Server Project patches exploited zero-day vulnerability
The critical vulnerability is being actively exploited in the wild.Meet ESPecter: a new UEFI bootkit for cyber spying
The bootkit is able to load unsigned drivers to hijack the ESP.To the moon and hack: Fake SafeMoon app drops malware to spy on you
Cryptocurrencies rise and fall, but one thing stays the same – cybercriminals attempt to cash in on the craze
The post To the moon and hack: Fake SafeMoon app drops malware to spy on you appeared first on WeLiveSecurity
IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft
Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses.
Apache Web Server Zero-Day Exposes Sensitive Data
The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating.
Request for Comments: PTS POI Modular Security Requirements v6.1
From 5 October to 3 November 2021, eligible PCI SSC stakeholders are invited to review and provide feedback on the PTS POI Modular Security Requirements v6.1 draft during a 30-day request for comments (RFC) period. The full list of stakeholders eligible to participate can be found on the PCI SSC RFC webpage.
Facebook whistleblower: 'Morally bankrupt' social giant will have to 'hook kids' to grow
The whistleblower has accused Facebook of putting its "astronomical profits before people."How to Build an Incident-Response Plan, Before Security Disaster Strikes
Joseph Carson, Chief Security Scientist at ThycoticCentrify, offers a 7-step practical IR checklist for ensuring a swift recovery from a cyberattack.
Facebook Blames Outage on Faulty Router Configuration
One easily disproved conspiracy theory linked the ~six-hour outage to a supposed data breach tied to a Sept. 22 hacker forum ad for 1.5B Facebook user records.