Cybersecurity News
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
French hospital crippled by cyberattack – Week in security with Tony Anscombe
As another hospital falls victim to ransomware, Tony weighs in on the much-debated issue of banning ransomware payouts
The post French hospital crippled by cyberattack – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
What is doxing and how to protect yourself
Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you
The post What is doxing and how to protect yourself appeared first on WeLiveSecurity
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
How Twitter’s whistleblower could boost Elon Musk’s legal battle
Peiter Zatko, former security chief, brought allegations of widespread security threats and spam concerns against the company
New whistleblower allegations of widespread security threats and spam concerns at Twitter may give Elon Musk ammunition in his fight to back out of a deal to buy the company.
On Tuesday, an 84-page complaint written by Twitter’s former security chief turned whistleblower, Peiter Zatko, alleged that Twitter prioritizes user growth over reducing spam, did not have a plan in place for major security issues, and that half the company’s servers were running out-of-date and vulnerable software.
Continue reading...Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Is your personal data all over the internet? 7 steps to cleaning up your online presence
You may not be able to disappear completely from the internet, but you can minimize your digital footprint with a few simple steps
The post Is your personal data all over the internet? 7 steps to cleaning up your online presence appeared first on WeLiveSecurity
Paving the Way: Inspiring Women in Payments - A Q&A featuring Viviana Wesley
Although Viviana Wesley always knew that she wanted a career in computers and technology, when she first started pursuing it, she realized her strengths were not in coding. But, through the guidance of a friend, she was redirected into IT Support and a new world opened for her; a dynamic world where she could use her technical expertise to help people, which is what she truly wanted to do. In this edition of our blog, Viviana describes why soft skills are critically important in this industry and how women are particularly adept at bridging communication gaps between technology and business.
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
CEO of Israeli Pegasus spyware firm NSO to step down
CEO Shalev Hulio is stepping down as part of NSO reorganisation that will see it focus on sales in Nato member countries
Israel’s NSO Group, which makes the globally controversial Pegasus spyware said on Sunday its CEO Shalev Hulio would step down as part of a reorganisation.
The indebted, privately owned company also said it would focus sales on countries belonging to the Nato alliance.
Continue reading...We can make our phones harder to hack but complete security is a pipe dream | John Naughton
Even the latest iPhone scare won’t persuade us to choose safety over convenienceApple caused a stir a few weeks ago when it announced that the forthcoming update of its mobile and laptop operating systems would contain an optional high-security mode that would provide users with an unprecedented level of protection against powerful “spyware” software that surreptitiously obtains control of their devices.
It’s called Lockdown Mode and, according to Apple, “offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware”.
Continue reading...Google and Apple both release patches against zero‑day vulnerabilities – Week in security with Tony Anscombe
Zero-day vulnerabilities are super active and Google and Apple are acting to patch these vulnerabilities, some of which seen on-the-wild.
The post Google and Apple both release patches against zero‑day vulnerabilities – Week in security with Tony Anscombe appeared first on WeLiveSecurity
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
PayPal Phishing Scam Uses Invoices Sent Via PayPal
Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives -- which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction -- state that the user's account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.Google Patches Chrome’s Fifth Zero-Day of the Year
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation of untrusted input in Intents,” […]
A step‑by‑step guide to enjoy LinkedIn safely
LinkedIn privacy settings are just as overwhelming as any other social media settings. There’s a lot of menus, a lot buttons to enable, select, accept or reject. To make sure you have control over your information we bring you a step-by-step guide on how to enjoy LinkedIn safely.
The post A step‑by‑step guide to enjoy LinkedIn safely appeared first on WeLiveSecurity
APT Lazarus Targets Engineers with macOS Malware
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.