Cybersecurity News
Convergence Ahoy: Get Ready for Cloud-Based Ransomware
Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments.
17 December 2021
Conti Gang Suspected of Ransomware Attack on McMenamins
The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions.
17 December 2021
‘Tropic Trooper’ Reemerges to Target Transportation Outfits
Analysts warn that the attack group, now known as 'Earth Centaur,' is honing its attacks to go after transportation and government agencies.
16 December 2021
‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems
It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.
16 December 2021
NY Man Pleads Guilty in $20 Million SIM Swap Theft
A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent "SIM swaps," scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities.16 December 2021
‘DarkWatchman’ RAT Shows Evolution in Fileless Malware
The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.
16 December 2021
Suspected Iranian hackers target airline with new backdoor
The attack was performed by abusing the Slack workspace application.16 December 2021
Victims awarded $18 million in GirlsDoPorn online video case, boss on the run
The sex trafficking case impacts hundreds of victims, including young women seeking modeling work.16 December 2021
Relentless Log4j Attacks Include State Actors, Possible Worm
More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.
15 December 2021
Malicious Exchange Server Module Hoovers Up Outlook Credentials
"Owowa" stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.
15 December 2021
SAP Kicks Log4Shell Vulnerability Out of 20 Apps
SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.
15 December 2021
What every business leader needs to know about Log4Shell
Hundreds of thousands of attempts to exploit the vulnerability are under way
The post What every business leader needs to know about Log4Shell appeared first on WeLiveSecurity
15 December 2021
Meta targets user information, database scraping in bug bounty expansion
Meta's Facebook came under fire for a scraping incident earlier this year.15 December 2021
Ransomware in 2022: We're all screwed
Security experts tell us what to expect in the cybercriminal landscape as we head into the new year. It's not good.15 December 2021
Payment Security: A Perspective from Europe
In the eighteen months plus since the outbreak of the COVID-19 global pandemic many businesses have had to reinvent themselves and adapt not only how they manage their business, but more importantly how they accept payments. Europe like most of the rest of the world saw a major switch to remote transactions and the world of e-commerce. On top of these significant changes, many organizations have also had to confront the practical and security challenges of employees first having to, and then wanting to, work from home.
15 December 2021
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
15 December 2021
The dirty dozen of Latin America: From Amavaldo to Zumanek
The grand finale of our series dedicated to demystifying Latin American banking trojans
The post The dirty dozen of Latin America: From Amavaldo to Zumanek appeared first on WeLiveSecurity
15 December 2021
In 2022, Expect More Supply Chain Pain and Changing Security Roles
If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was felt in two significant ways: through the supply chain disruptions caused by COVID-19, and through the many security breaches that we saw in our key […]
14 December 2021
Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit
It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug.
14 December 2021
Microsoft Patch Tuesday, December 2021 Edition
Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month's Patch Tuesday is being overshadowed by the "Log4Shell" 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.14 December 2021