Cybersecurity News


Signed kernel drivers – Unguarded gateway to Windows’ core

ESET researchers look at malware that abuses vulnerabilities in kernel drivers and outline mitigation techniques against this type of exploitation

The post Signed kernel drivers – Unguarded gateway to Windows’ core appeared first on WeLiveSecurity

11 January 2022

URL Parsing Bugs Allow DoS, RCE, Spoofing & More

URL Parsing Bugs Allow DoS, RCE, Spoofing & More Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications.
10 January 2022

Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High

Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found.
10 January 2022

CES 2022 – the “anyone can make an electric car” edition

But as we learned in mashing up other technologies, the security devil is in the details

The post CES 2022 – the “anyone can make an electric car” edition appeared first on WeLiveSecurity

10 January 2022

Indian Patchwork hacking group infects itself with remote access Trojan

Researchers pounced on the opportunity the mistake created.
10 January 2022

Abcbot botnet has now been linked to Xanthe cryptojacking group

Researchers believe the focus is moving from cryptocurrency to traditional botnet attacks.
10 January 2022

500M Avira Antivirus Users Introduced to Cryptomining

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn't alone in this dubious endeavor: Avira antivirus -- which has built a base of 500 million users worldwide largely by making the product free -- was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.
08 January 2022

EoL Systems Stonewalling Log4j Fixes for Fed Agencies

EoL Systems Stonewalling Log4j Fixes for Fed Agencies End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, federal cyberserurity CTO Matt Keller says.
07 January 2022

Cyberattackers Hit Data of 80K Fertility Patients

Cyberattackers Hit Data of 80K Fertility Patients Fertility Centers of Illinois' security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files.
07 January 2022

3.7M FlexBooker Records Dumped on Hacker Forum

3.7M FlexBooker Records Dumped on Hacker Forum Attackers are trading millions of records from a trio of pre-holiday breaches on an online forum.
07 January 2022

QNAP: Get NAS Devices Off the Internet Now

QNAP: Get NAS Devices Off the Internet Now There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.
07 January 2022

Week in security with Tony Anscombe

CES gives us a glimpse of our connected future – 10 bad cybersecurity habits to break this year – How hackers steal passwords

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

07 January 2022

Log4J-Related RCE Flaw in H2 Database Earns Critical Rating

Log4J-Related RCE Flaw in H2 Database Earns Critical Rating Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.
07 January 2022

CES 2022: Space security – no more flying blind

And no more worrying about your satellite being smashed by a “drunk driver” as new tech promises to predict hazards in orbit

The post CES 2022: Space security – no more flying blind appeared first on WeLiveSecurity

07 January 2022

NoReboot attack fakes iOS phone shutdown to spy on you

The PoC malware can be used to hijack microphone and camera functions.
07 January 2022

Chinese scientist pleads guilty to stealing US agricultural tech

US prosecutors have labeled his actions as "economic espionage."
07 January 2022

Activision Files Unusual Lawsuit over Call of Duty Cheat Codes

Activision Files Unusual Lawsuit over Call of Duty Cheat Codes Activision is suing to shut down the EngineOwning cheat-code site and hold individual developers and coders liable for damages.
06 January 2022

Google Voice Authentication Scam Leaves Victims on the Hook

Google Voice Authentication Scam Leaves Victims on the Hook The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week.
06 January 2022

Norton 360 Now Comes With a Cryptominer

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers' computers. Norton's parent firm says the cloud-based service that activates the program and enables customers to profit from the scheme -- in which the company keeps 15 percent of any currencies mined -- is "opt-in," meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, "Dude, where's my crypto?"
06 January 2022

CES 2022: More sensors than people

A sea of sensors will soon influence almost everything in your world

The post CES 2022: More sensors than people appeared first on WeLiveSecurity

06 January 2022