Cybersecurity News


Week in security with Tony Anscombe

What to know before scanning a QR code – Has your phone been hacked? – Watch your back and keep shoulder surfers at bay

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

04 February 2022

Attackers Target Intuit Users by Threatening to Cancel Tax Accounts

Attackers Target Intuit Users by Threatening to Cancel Tax Accounts The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.
04 February 2022

Russian APT Primitive Bear attacks Western gov't department in Ukraine through job hunt

The hacking group's latest activities come at a time when tension is boiling between Russia and Ukraine.
04 February 2022

Operation EmailThief: Zero-day XSS vulnerability in Zimbra email platform revealed

A zero-day bug in the Zimbra email platform is reportedly under attack.
04 February 2022

Think before you scan: How fraudsters can exploit QR codes to steal money

QR codes are all the rage and scammers have taken notice. Look out for dangers lurking behind those little black-and-white squares.

The post Think before you scan: How fraudsters can exploit QR codes to steal money appeared first on WeLiveSecurity

04 February 2022

CISA issues advisory warning of critical vulnerabilities in Airspan Networks Mimosa

The vulnerabilities go all the way up to 10 on the CVSS severity score.
04 February 2022

Kronos Still Dragging Itself Back From Ransomware Hell

Kronos Still Dragging Itself Back From Ransomware Hell And customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the “real pain in the rear end” of manual inputting, inaccurate wages & more.
03 February 2022

Low-Detection Phishing Kits Increasingly Bypass MFA

Low-Detection Phishing Kits Increasingly Bypass MFA A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics.
03 February 2022

Critical Cisco Bugs Open VPN Routers to Cyberattacks

Critical Cisco Bugs Open VPN Routers to Cyberattacks The company's RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating.
03 February 2022

Critical Cisco Bugs Open VPN Routers to Cyberattacks

Critical Cisco Bugs Open VPN Routers to Cyberattacks The company's RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating.
03 February 2022

How Phishers Are Slinking Their Links Into LinkedIn

If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne'er-do-wells are hoping you will, because they've long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin's parent firm Microsoft).
03 February 2022

Wormhole Crypto Platform: ‘Funds Are Safe’ After $314M Heist

Wormhole Crypto Platform: ‘Funds Are Safe’ After $314M Heist The popular bridge, which connects Ethereum, Solana blockchain & more, was shelled out by it's-not-saying. Wormhole is trying to negotiate with the attacker.
03 February 2022

PowerPoint Files Abused to Take Over Computers

PowerPoint Files Abused to Take Over Computers Attackers are using socially engineered emails with .ppam file attachments that hide malware that can rewrite Windows registry settings on targeted machines.
03 February 2022

3D printed guns, underground markets, bomb manuals: police crackdown continues

Europol has now turned its attention to freely-available bomb guides published online.
03 February 2022

KP Snacks Left with Crumbs After Ransomware Attack

KP Snacks Left with Crumbs After Ransomware Attack The Conti gang strikes again, disrupting the nom-merchant's supply chain and threatening empty supermarket shelves lasting for weeks.
02 February 2022

Supply-Chain Security Is Not a Problem…It’s a Predicament

Supply-Chain Security Is Not a Problem…It’s a Predicament Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them.
02 February 2022

Thousands of Malicious npm Packages Threaten Web Apps

Thousands of Malicious npm Packages Threaten Web Apps Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors.
02 February 2022

Charming Kitten Sharpens Its Claws with PowerShell Backdoor

Charming Kitten Sharpens Its Claws with PowerShell Backdoor The notorious Iranian APT is fortifying its arsenal with new malicious tools and evasion tactics and may even be behind the Memento ransomware.
02 February 2022

Meet CoinStomp: new cryptojacking malware targets Asian cloud service providers

Shell scripts are being used to exploit cloud instances.
02 February 2022

Arid Viper hackers strike Palestine with political lures - and Trojans

The threat group is suspected of being located in Gaza.
02 February 2022