Cybersecurity News
WhatsApp Photo Filter Bug Allows Sensitive Info to Be Lifted
Users should be careful whose pics they view and should, of course, update their apps.
Digital State IDs Start Rollouts Despite Privacy Concerns
Eight states are introducing drivers licenses and identification cards available for use on Apple iPhones and Watches, but critics warn about the dangers of eliminating the use of a paper-based system entirely.
Comcast RF Attack Leveraged Remotes for Surveillance
IoT vulnerabilities turn remote into listening device, researchers find, which impacted 18 million Xfinity customers.
15-Year-Old Malware Proxy Network VIP72 Goes Dark
Over the past 15 years, a cybercrime anonymity service known as VIP72 has enabled countless fraudsters to mask their true location online by routing their traffic through millions of malware-infected systems. But roughly two week ago, VIP72's online storefront -- which sold access to more than 30,000 compromised PCs -- simply vanished.Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites
Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned.
LockBit Jumps Its Own Countdown, Publishes Bangkok Air Files
The ransomware gang claims to have pulled off successful attacks against two airlines and one airport with help from its Accenture attack.
BEC Scammers Seek Native English Speakers on Underground
Cybercrooks are posting help-wanted ads on dark web forums, promising to do the technical work of compromising email accounts but looking for native English speakers to carry out the social-engineering part of these lucrative scams.
Feds Warn of Ransomware Attacks Ahead of Labor Day
Threat actors recently have used long holiday weekends -- when many staff are taking time off -- as a prime opportunity to ambush organizations.
This is why the Mozi botnet will linger on
The botnet continues to haunt IoT devices, and likely will for some time to come.Cream Finance platform pilfered for over $34 million in cryptocurrency
The project has promised to cover losses suffered by its users.Scam artists are recruiting English speakers for business email campaigns
Finding fluent speakers is becoming important to criminals conducting business-based attacks.Fortress Home Security Open to Remote Disarmament
A pair of unpatched security vulnerabilities can allow unauthenticated cyberattackers to turn off window, door and motion-sensor monitoring.
Cream Finance DeFi Platform Rooked For $29M
Cream is latest DeFi platform to get fleeced in rash of attacks.
Proxyware Services Open Orgs to Abuse – Report
Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn.
Flaw in the Quebec vaccine passport: analysis
ESET's cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec's vaccine proof apps VaxiCode and VaxiCode Verif.
The post Flaw in the Quebec vaccine passport: analysis appeared first on WeLiveSecurity
Faille dans la preuve vaccinale Québécoise : analyse
Les chercheurs d’ESET expliquent les détails d’une faille découverte dans VaxiCode Vérif, l’application mobile permettant la vérification des preuves vaccinales québécoise
The post Faille dans la preuve vaccinale Québécoise : analyse appeared first on WeLiveSecurity
Back-to-Basics: Think Before You Click
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on thinking before you click.
Don’t use single‑factor authentication, warns CISA
The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods
The post Don’t use single‑factor authentication, warns CISA appeared first on WeLiveSecurity
WooCommerce Pricing Plugin Allows Malicious Code-Injection
The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers.
QNAP Is Latest to Get Dinged by OpenSSL Bugs Fallout
The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL.