Cybersecurity News
‘Elephant Beetle’ Lurks for Months in Networks
The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.
Broward Breach Highlights Healthcare Supply-Chain Problems
More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October.
Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails
A simple-to-exploit bug that allows bad actors to send emails from Uber's official system -- skating past email security -- went unaddressed despite multiple flagging by researchers.
FTC to Go After Companies that Ignore Log4j
Companies that fail to protect secure consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned.
‘Malsmoke’ Exploits Microsoft’s E-Signature Verification
The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.
Purple Fox rootkit discovered in malicious Telegram installers
Slicing up files allows the malware to stay under the radar.Morgan Stanley agrees to $60 million settlement in data breach lawsuit
Customer data was held on legacy equipment that was later sold on without being wiped.Malsmoke hackers abuse Microsoft signature verification in ZLoader cyberattacks
Malware exploits the system to steal credentials and other data.5 ways hackers steal passwords (and how to stop them)
From social engineering to looking over your shoulder, here are some of the most common tricks that bad guys use to steal passwords
The post 5 ways hackers steal passwords (and how to stop them) appeared first on WeLiveSecurity
Microsoft Sees Rampant Log4j Exploit Attempts, Testing
Microsoft says it's only going to get worse: It's seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.
SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More
SEGA's disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.
Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites
The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player.
Purple Fox Rootkit Dropped by Malicious Telegram Installers
Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.
McMenamins Data Breach Affects 12 Years of Employee Info
The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.
Troy Leach Says Farewell to PCI SSC
It is said that change is the only constant in life. And the last 21 months have been a time of unprecedented change in the way we live, work and travel.
These changes have brought with them a wave of changes as many companies and individuals reevaluate their opportunities and family responsibilities in the new way of working.
Portuguese Media Giant Impresa Crippled by Ransomware Attack
The websites of the company and the Expresso newspaper, as well as all of its SIC TV channels remained offline Tuesday after the New Year’s weekend attack.
Instagram and teens: A quick guide for parents to keep their kids safe
How can you help your kids navigate Instagram safely? Here are a few tips to help you protect their privacy on the app.
The post Instagram and teens: A quick guide for parents to keep their kids safe appeared first on WeLiveSecurity
Cyberattack against UK Ministry of Defence training academy revealed
The attack had a "significant" impact on operations last year.Breaking the habit: Top 10 bad cybersecurity habits to shed in 2022
Be alert, be proactive and break these 10 bad habits to improve your cyber-hygiene in 2022
The post Breaking the habit: Top 10 bad cybersecurity habits to shed in 2022 appeared first on WeLiveSecurity
Cyber-attack on UK’s Defence Academy caused ‘significant’ damage
Former senior officer says unsolved hack of MoD training school systems did not succeed but still had costs
A cyber-attack on the UK’s Defence Academy caused “significant” damage, a retired high-ranking officer has revealed.
Air Marshal Edward Stringer, who left the armed forces in August, told Sky News the attack, which was discovered in March 2021, meant the Defence Academy was forced to rebuild its network.
Continue reading...