Cybersecurity News


Malicious Joker App Scores Half-Million Downloads on Google Play

Malicious Joker App Scores Half-Million Downloads on Google Play Joker malware was found lurking in the Color Message app, ready to fleece unsuspecting users with premium SMS charges.
17 December 2021

Week in security with Tony Anscombe

Why the vulnerability in Log4j poses a grave threat – What businesses should know about Log4Shell – ESET wraps up a series of deep-dives into Latin American banking trojans

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

17 December 2021

Brand-New Log4Shell Attack Vector Threatens Local Hosts

Brand-New Log4Shell Attack Vector Threatens Local Hosts The discovery, which affects services running as localhost that aren't exposed to any network or the internet, vastly widens the scope of attack possibilities.
17 December 2021

Security firm Blumira discovers major new Log4j attack vector

A basic Javascript WebSocket connection can trigger a local Log4j remote code attack via a drive-by compromise. Wonderful. Truly wonderful.
17 December 2021

Convergence Ahoy: Get Ready for Cloud-Based Ransomware

Convergence Ahoy: Get Ready for Cloud-Based Ransomware Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments.
17 December 2021

Conti Gang Suspected of Ransomware Attack on McMenamins

Conti Gang Suspected of Ransomware Attack on McMenamins The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions.
17 December 2021

‘Tropic Trooper’ Reemerges to Target Transportation Outfits

‘Tropic Trooper’ Reemerges to Target Transportation Outfits Analysts warn that the attack group, now known as 'Earth Centaur,' is honing its attacks to go after transportation and government agencies.
16 December 2021

‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems

‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.
16 December 2021

NY Man Pleads Guilty in $20 Million SIM Swap Theft

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent "SIM swaps," scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities.
16 December 2021

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.
16 December 2021

Suspected Iranian hackers target airline with new backdoor

The attack was performed by abusing the Slack workspace application.
16 December 2021

Victims awarded $18 million in GirlsDoPorn online video case, boss on the run

The sex trafficking case impacts hundreds of victims, including young women seeking modeling work.
16 December 2021

Relentless Log4j Attacks Include State Actors, Possible Worm

Relentless Log4j Attacks Include State Actors, Possible Worm More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.
15 December 2021

Malicious Exchange Server Module Hoovers Up Outlook Credentials

Malicious Exchange Server Module Hoovers Up Outlook Credentials "Owowa" stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.
15 December 2021

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP Kicks Log4Shell Vulnerability Out of 20 Apps SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.
15 December 2021

What every business leader needs to know about Log4Shell

Hundreds of thousands of attempts to exploit the vulnerability are under way

The post What every business leader needs to know about Log4Shell appeared first on WeLiveSecurity

15 December 2021

Meta targets user information, database scraping in bug bounty expansion

Meta's Facebook came under fire for a scraping incident earlier this year.
15 December 2021

Ransomware in 2022: We're all screwed

Security experts tell us what to expect in the cybercriminal landscape as we head into the new year. It's not good.
15 December 2021

Payment Security: A Perspective from Europe

 

In the eighteen months plus since the outbreak of the COVID-19 global pandemic many businesses have had to reinvent themselves and adapt not only how they manage their business, but more importantly how they accept payments. Europe like most of the rest of the world saw a major switch to remote transactions and the world of e-commerce. On top of these significant changes, many organizations have also had to confront the practical and security challenges of employees first having to, and then wanting to, work from home.

15 December 2021

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

Apache’s Fix for Log4Shell Can Lead to DoS Attacks Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
15 December 2021