Cybersecurity News


Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers

Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers The ‘DTPacker’ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds.
24 January 2022

Hackers hijack smart contracts in cryptocurrency token 'rug pull' exit scams

Misconfiguration provides the perfect opportunity for token-based theft.
24 January 2022

The Internet’s Most Tempting Targets

The Internet’s Most Tempting Targets What attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
21 January 2022

Merck Awarded $1.4B Insurance Payout over NotPetya Attack

Merck Awarded $1.4B Insurance Payout over NotPetya Attack Court rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant's 2017 cyberattack.
21 January 2022

20K WordPress Sites Exposed by Insecure Plugin REST-API

20K WordPress Sites Exposed by Insecure Plugin REST-API The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
21 January 2022

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
21 January 2022

Crime Shop Sells Hacked Logins to Other Crime Shops

Up for the "Most Meta Cybercrime Offering" award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.
21 January 2022

Spyware Blitzes Compromise, Cannibalize ICS Networks

Spyware Blitzes Compromise, Cannibalize ICS Networks The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
21 January 2022

Week in security with Tony Anscombe

ESET research into Donot Team attacks – Common signs that your email has been hacked – Social media dos and don'ts in the workplace

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

21 January 2022

Chinese APT deploys MoonBounce implant in UEFI firmware

The highly targeted attack reveals a new level of sophistication in attacks against UEFI firmware.
21 January 2022

Amazon fake crypto token investment scam steals Bitcoin from victims

Criminals are peddling the idea of a new Amazon cryptocurrency token to swindle victims.
21 January 2022

2FA Bypassed in $34.6M Crypto.com Heist

2FA Bypassed in $34.6M Crypto.com Heist In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds.
20 January 2022

Critical Cisco StarOS Bug Grants Root Access via Debug Mode

Critical Cisco StarOS Bug Grants Root Access via Debug Mode Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
20 January 2022

Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug

Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks’ internal devices.
20 January 2022

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.
20 January 2022

Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data

Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration.
20 January 2022

SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack

SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack R.R. Donnelly, the integrated services company, confirmed a ‘systems intrusion’ that occurred in late December and is still under investigation.
20 January 2022

How to know if your email has been hacked

Think your email may have been hacked? Here are the signs to look for, how account takeover attacks commonly occur, and how to recover your account and avoid falling victim again

The post How to know if your email has been hacked appeared first on WeLiveSecurity

20 January 2022

Multichain token hack losses reach $3 million: report

Multichain messaging seems confusing, at best.
20 January 2022

'Serial' romance fraudster jailed for trying to scam 670 people in the UK

Victims were conned out of thousands of pounds, including one woman who was terminally ill.
20 January 2022