UK Cops Collar 7 Suspected Lapsus$ Gang MembersLondon Police can't say if they nabbed the 17-year-old suspected mastermind & multimillionaire – but researchers say they’ve been tracking an Oxford teen since mid-2021.
Microsoft Azure Developers Awash in PII-Stealing npm PackagesA large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.
Just-Released Dark Souls Game, Elden Ring, Includes Killer BugA patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’
PCI DSS v4.0: A Preview of the Standard and Transition Training
Alicia Malone: Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, senior manager of public relations for the PCI Security Standards Council. Today we'll be talking about the much-anticipated release of version 4.0 of our PCI Data Security Standard, or DSS. In addition to the timeline and some key highlights, we'll be discussing what you need to know to prepare for PCI DSS version 4.0 transition training. My guests for this episode are Kandyce Young, standards development manager at PCI SSC, and Tom White, training content manager at PCI SSC. Welcome to both of you!
HubSpot Data Breach Ripples Through Crytocurrency Industry~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.
Is a nation‑state digital deterrent scenario so far‑fetched?
Why has the conflict in Ukraine not caused the much anticipated global cyber-meltdown?
The post Is a nation‑state digital deterrent scenario so far‑fetched? appeared first on WeLiveSecurity
Chinese APT Combines Fresh Hodur RAT with Complex Anti-DetectionMustang Panda's already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant.
Microsoft Help Files Disguise Vidar MalwareAttackers are hiding interesting malware in a boring place, hoping victims won’t bother to look.
Top 3 Attack Trends in API Security – PodcastBots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.
Tax-Season Scammers Spoof Fintechs, Including Stash, PublicThreat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.
Vidar spyware is now hidden in Microsoft help filesThe malware is being spread through an interesting phishing tactic.
Crypto malware in patched wallets targeting Android and iOS devices
ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets
The post Crypto malware in patched wallets targeting Android and iOS devices appeared first on WeLiveSecurity
Mustang Panda hacking group takes advantage of Ukraine crisis in new attacksJust as criminals seized on the pandemic, this group is trying to capitalize on Russia's invasion of Ukraine.
Malicious npm packages target Azure developers to steal personal dataTyposquatting and automatic tools are the weapons of choice.
A Closer Look at the LAPSUS$ Data Extortion GroupMicrosoft and identity management platform Okta both disclosed this week breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish the information unless a ransom demand is paid. Here's a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.
Okta names Sitel in Lapsus$ security incident impacting up to 366 customersThe analogy "walking away from your computer at a coffee shop" has been used to describe the incident.
DeadBolt Ransomware Resurfaces to Hit QNAP AgainA new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January.
Microsoft: Lapsus$ Used Employee Account to Steal Source CodeThe data-extortion gang got at Microsoft's Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack.
This is how much the average Conti hacking group member earns a monthWhile ransom payments can reach millions of dollars, it isn't as much as you'd think.
Mustang Panda’s Hodur: Old tricks, new Korplug variant
ESET researchers have discovered Hodur, a previously undocumented Korplug variant spread by Mustang Panda, that uses phishing lures referencing current events in Europe, including the invasion of Ukraine
The post Mustang Panda’s Hodur: Old tricks, new Korplug variant appeared first on WeLiveSecurity