Cybersecurity News


Sophos patches critical remote code execution vulnerability in Firewall

Sophos Firewall is a network protection solution for the enterprise market.
28 March 2022

Under the hood of Wslink’s multilayered virtual machine

ESET researchers describe the structure of the virtual machine used in samples of Wslink and suggest a possible approach to see through its obfuscation techniques

The post Under the hood of Wslink’s multilayered virtual machine appeared first on WeLiveSecurity

28 March 2022

DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector

DOJ Indicts Russian Gov’t Employees Over Targeting Power Sector The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
25 March 2022

Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison

An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of "cashing out" access to hacked bank accounts worldwide.
25 March 2022

Week in security with Tony Anscombe

ESET discovers Mustang Panda's Hodur trojan – Crypto malware targeting Android and iOS users alike – Nation-state digital deterrent

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

25 March 2022

UK police arrest seven individuals suspected of being hacking group members

The youngest suspect is 16 years old.
25 March 2022

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch

Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.
25 March 2022

Frosties NFT operators arrested over $1.1 million 'rug pull' scam

Investors hand over their cryptocurrency. Project developers vanish.
25 March 2022

Avast acquires SecureKey Technologies in authentication, identity management push

The Canadian company specializes in digital identity services.
25 March 2022

UK Cops Collar 7 Suspected Lapsus$ Gang Members

UK Cops Collar 7 Suspected Lapsus$ Gang Members London Police can't say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021.
24 March 2022

Microsoft Azure Developers Awash in PII-Stealing npm Packages

Microsoft Azure Developers Awash in PII-Stealing npm Packages A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.
24 March 2022

Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug

Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug A patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’
24 March 2022

PCI DSS v4.0: A Preview of the Standard and Transition Training

 

Alicia Malone: Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, senior manager of public relations for the PCI Security Standards Council. Today we'll be talking about the much-anticipated release of version 4.0 of our PCI Data Security Standard, or DSS. In addition to the timeline and some key highlights, we'll be discussing what you need to know to prepare for PCI DSS version 4.0 transition training. My guests for this episode are Kandyce Young, standards development manager at PCI SSC, and Tom White, training content manager at PCI SSC. Welcome to both of you!

24 March 2022

HubSpot Data Breach Ripples Through Crytocurrency Industry

HubSpot Data Breach Ripples Through Crytocurrency Industry ~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.
24 March 2022

Is a nation‑state digital deterrent scenario so far‑fetched?

Why has the conflict in Ukraine not caused the much anticipated global cyber-meltdown?

The post Is a nation‑state digital deterrent scenario so far‑fetched? appeared first on WeLiveSecurity

24 March 2022

Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection

Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection Mustang Panda's already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant.
24 March 2022

Microsoft Help Files Disguise Vidar Malware

Microsoft Help Files Disguise Vidar Malware Attackers are hiding interesting malware in a boring place, hoping victims won’t bother to look.
24 March 2022

Top 3 Attack Trends in API Security – Podcast

Top 3 Attack Trends in API Security – Podcast Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.
24 March 2022

Tax-Season Scammers Spoof Fintechs, Including Stash, Public

Tax-Season Scammers Spoof Fintechs, Including Stash, Public Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.
24 March 2022

Vidar spyware is now hidden in Microsoft help files

The malware is being spread through an interesting phishing tactic.
24 March 2022