Cybersecurity News


New Framework Aims to Describe & Address Complex Social Engineering Attacks

As attackers use more synthetic media in social engineering campaigns, a new framework is built to describe threats and provide countermeasures.
09 July 2021

Microsoft Office Users Warned on New Malware-Protection Bypass

Microsoft Office Users Warned on New Malware-Protection Bypass Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it.
09 July 2021

Cisco BPA, WSA Bugs Allow Remote Cyberattacks

Cisco BPA, WSA Bugs Allow Remote Cyberattacks The high-severity security vulnerabilities allow elevation of privileges, leading to data theft and more.
09 July 2021

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry The ElectroRAT Trojan attacker's success highlights the increasingly sophisticated nature of threats to cryptocurrency exchanges, wallets, brokerages, investing, and other services.
09 July 2021

It's in the Game (but It Shouldn't Be)

Five ways that game developers (and others) can avoid falling victim to an attack like the one that hit EA.
09 July 2021

Cartoon Caption Winner: Sight Unseen

Cartoon Caption Winner: Sight Unseen And the winner of Dark Reading's June contest is ...
09 July 2021

Week in security with Tony Anscombe

The Kaseya VST supply-chain attack impacts hundreds of companies – ESET discovers a new version of Bandook malware – How the ransomware business model works

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

09 July 2021

Lazarus Targets Job-Seeking Engineers with Malicious Documents

Lazarus Targets Job-Seeking Engineers with Malicious Documents Notorious North Korean APT impersonates Airbus, General Motors and Rheinmetall to lure potential victims into downloading malware.
09 July 2021

Scam artists exploit Kaseya security woes to deploy malware

The company is being impersonated in the fallout of a recent ransomware attack.
09 July 2021

Texas resident jailed for role in $2.2 million romance, business email scams

The Nigerian national will spend over seven years behind bars.
09 July 2021

Morgan Stanley Discloses Data Breach

Attackers were able to compromise customers' personal data by targeting the Accellion FTA server of a third-party vendor.
08 July 2021

Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign

Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign A global effort to steal information from energy companies is using sophisticated social engineering to deliver Agent Tesla and other RATs.
08 July 2021

New WildPressure Malware Capable of Targeting Windows and MacOS

The Trojan sends information back to the attackers' servers about the programming language of a target device.
08 July 2021

Coursera Flunks API Security Test in Researchers’ Exam

Coursera Flunks API Security Test in Researchers’ Exam The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data.
08 July 2021

How Fake Accounts and Sneaker-Bots Took Over the Internet

How Fake Accounts and Sneaker-Bots Took Over the Internet Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis.
08 July 2021

Microsoft issues patch to fix PrintNightmare zero‑day bug

The out-of-band update fixes a remote code execution flaw affecting the Windows Print Spooler service

The post Microsoft issues patch to fix PrintNightmare zero‑day bug appeared first on WeLiveSecurity

08 July 2021

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya's customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.
08 July 2021

Kaseya Hacked via Authentication Bypass

The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar -- but good authentication practices are also imperative.
08 July 2021

The NSA's 'New' Mission: Get More Public With the Private Sector

The National Security Agency's gradual emergence from the shadows was "inevitable" in cybersecurity, says Vinnie Liu, co-founder and CEO of offensive security firm Bishop Fox and a former NSA analyst. Now the agency has to figure out how to best work with the private sector, especially organizations outside the well-resourced and seasoned Fortune 100.
08 July 2021

Ransomware as a service: Negotiators are now in high demand

RaaS groups are hiring negotiators whose primary role is to force victims to pay up.
08 July 2021