Cybersecurity News


ESET Research Podcast: Ransomware trashed data, Android threats soared in T3 2022

And that’s just the tip of the iceberg when it comes to the trends that defined the cyberthreat landscape in the final four months of 2022.

The post ESET Research Podcast: Ransomware trashed data, Android threats soared in T3 2022 appeared first on WeLiveSecurity

28 February 2023

Labor plan to beef up government’s cyber powers faces Senate block

Labor plan to beef up government’s cyber powers faces Senate block

A paper expanding on greater ability to intervene during hacks – especially on private companies – causes alarm among Coalition and Greens

Labor could face Senate difficulties if it tries to dramatically expand the government’s powers to directly intervene in companies’ IT systems during cyber-attacks.

Under existing laws – which were controversial when introduced by the former Coalition government – the Australian Signals Directorate has the ability to “step in” as a “last resort” in some emergency situations, but only for critical infrastructure assets.

Continue reading...
27 February 2023

When Low-Tech Hacks Cause High-Impact Breaches

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy's admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.  But it's worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.
26 February 2023

Who’s Behind the Botnet-Based Service BHProxies?

A security firm has discovered that a five-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.
24 February 2023

Rishi Sunak faces calls to ban TikTok use by government officials

Rishi Sunak faces calls to ban TikTok use by government officials

PM under pressure to follow EU and US in taking step over fears Chinese-owned app poses cybersecurity risk

Rishi Sunak has been urged to ban government officials from using TikTok in line with moves by the EU and US, amid growing cybersecurity fears over China.

Officials in Europe and the US have been told to limit the use of the Chinese-owned social video app over concerns that data can be accessed by Beijing.

Continue reading...
24 February 2023

One year on, how is the war playing out in cyberspace? – Week in security with Tony Anscombe

With the conflict in Ukraine passing the one-year mark, have its cyber-war elements turned out as expected?

The post One year on, how is the war playing out in cyberspace? – Week in security with Tony Anscombe appeared first on WeLiveSecurity

24 February 2023

A year of wiper attacks in Ukraine

ESET Research has compiled a timeline of cyberattacks that used wiper malware and have occurred since Russia’s invasion of Ukraine in 2022

The post A year of wiper attacks in Ukraine appeared first on WeLiveSecurity

24 February 2023

European Commission bans staff from using TikTok on work devices

European Commission bans staff from using TikTok on work devices

Employees given until 15 March to comply amid concerns over app’s Chinese ownership

The EU’s executive body has banned its thousands of staff from using TikTok, as governments and officials become increasingly concerned over the company’s data practices and Chinese ownership.

The European Commission sent an email to employees ordering them to delete the app from all work phones and devices, and any personally owned ones that use the commission’s apps and email. Employees have until 15 March to comply.

Continue reading...
23 February 2023

WinorDLL64: A backdoor from the vast Lazarus arsenal?

The targeted region, and overlap in behavior and code, suggest the tool is used by the infamous North Korea-aligned APT group

The post WinorDLL64: A backdoor from the vast Lazarus arsenal? appeared first on WeLiveSecurity

23 February 2023

Writing like a boss with ChatGPT and how to get better at spotting phishing scams

It’s never been easier to write a convincing message that can trick you into handing over your money or personal data

The post Writing like a boss with ChatGPT and how to get better at spotting phishing scams appeared first on WeLiveSecurity

22 February 2023

New Video Series: Questions with the Council

 

In this new video series, Emma Sutcliffe, SVP Standards, answers the payment industry’s questions about PCI DSS v4.0. Questions include:

21 February 2023

ESET SMB Digital Security Sentiment Report: The damaging effects of a breach

SMBs need to not only reduce their odds of being hit by an attack, but also implement processes that they can follow if their defenses are breached

The post ESET SMB Digital Security Sentiment Report: The damaging effects of a breach appeared first on WeLiveSecurity

21 February 2023

Will ChatGPT start writing killer malware?

AI-pocalypse soon? As stunning as ChatGPT’s output can be, should we also expect the chatbot to spit out sophisticated malware?

The post Will ChatGPT start writing killer malware? appeared first on WeLiveSecurity

20 February 2023

New Protections for Food Benefits Stolen by Skimmers

Millions of Americans receiving food assistance benefits just earned a new right that they can't yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes.
17 February 2023

Search ads abused to spread malware – Week in security with Tony Anscombe

Threat actors used search engine ads to impersonate makers of popular software and direct internet users to malicious websites

The post Search ads abused to spread malware – Week in security with Tony Anscombe appeared first on WeLiveSecurity

17 February 2023

Security amidst a global frost

No longer relegated to a side-show, tech is embedded into virtually every new piece of gear entering the battlefield

The post Security amidst a global frost appeared first on WeLiveSecurity

16 February 2023

These aren’t the apps you’re looking for: fake installers targeting Southeast and East Asia

ESET researchers have identified a campaign using trojanized installers to deliver the FatalRAT malware, distributed via malicious websites linked in ads that appear in Google search results

The post These aren’t the apps you’re looking for: fake installers targeting Southeast and East Asia appeared first on WeLiveSecurity

16 February 2023

Medibank class action launched after massive hack put private information of millions on dark web

Medibank class action launched after massive hack put private information of millions on dark web

Law firm Baker McKenzie says company failed to protect privacy of customers in Australia and overseas

The law firm Baker McKenzie has launched a class action lawsuit against Medibank over the health insurer’s massive cyber attack last year that resulted in the personal details of up to 10 million customers being posted on the dark web.

In what became the largest breach of its kind to date in Australia, the hack on Medibank resulted in the personal details of 9.7 million current and former customers, including 5.1 million Medibank customers, 2.8 million ahm customers and 1.8 million international customers, being leaked.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...
15 February 2023

10 signs that scammers have you in their sights

Don’t be their next victim – here’s a handy round-up of some the most common signs that should set your alarm bells ringing

The post 10 signs that scammers have you in their sights appeared first on WeLiveSecurity

15 February 2023

Microsoft Patch Tuesday, February 2023 Edition

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. This year's special Valentine's Day Patch Tuesday includes fixes for a whopping three different "zero-day" vulnerabilities that are already being used in active attacks.
14 February 2023