Cybersecurity News


Linux Servers at Risk of RCE Due to Critical CWP Bugs

Linux Servers at Risk of RCE Due to Critical CWP Bugs The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
24 January 2022

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.
24 January 2022

Surge in Malicious QR Codes Sparks FBI Alert

Surge in Malicious QR Codes Sparks FBI Alert QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.
24 January 2022

Dark Souls 3 Servers Shut Down Due to Critical RCE Bug

Dark Souls 3 Servers Shut Down Due to Critical RCE Bug The bug can allow attackers to remotely execute code on gamers’ computers. The devs temporarily deactivated PvP servers across multiple affected versions.
24 January 2022

Request for Comments: New Mobile Payments on COTS (MPoC) Standard


From 24 January to 22 February 2022, Mobile Task Force members and PCI-Recognized Laboratories are invited to review and provide feedback on the new Mobile Payments on COTS (MPoC) Standard during a 30-day request for comments (RFC) period.

24 January 2022

Tor Project battles Russian censorship through the courts

An appeal has been filed to challenge a block imposed by Russian authorities.
24 January 2022

Researchers break down WhisperGate wiper malware used in Ukraine website defacement

The wiper is similar to malware previously used in attacks against the country – with added functions.
24 January 2022

How I hacked my friend’s PayPal account

Somebody could easily take control of your PayPal account and steal money from you if you’re not careful – here's how to stay safe from a simple but effective attack

The post How I hacked my friend’s PayPal account appeared first on WeLiveSecurity

24 January 2022

Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers

Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers The ‘DTPacker’ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds.
24 January 2022

Hackers hijack smart contracts in cryptocurrency token 'rug pull' exit scams

Misconfiguration provides the perfect opportunity for token-based theft.
24 January 2022

The Internet’s Most Tempting Targets

The Internet’s Most Tempting Targets What attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets.
21 January 2022

Merck Awarded $1.4B Insurance Payout over NotPetya Attack

Merck Awarded $1.4B Insurance Payout over NotPetya Attack Court rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant's 2017 cyberattack.
21 January 2022

20K WordPress Sites Exposed by Insecure Plugin REST-API

20K WordPress Sites Exposed by Insecure Plugin REST-API The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.
21 January 2022

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges

McAfee Bug Can Be Exploited to Gain Windows SYSTEM Privileges McAfee has patched two high-severity bugs in its Agent component, one of which can allow attackers to achieve arbitrary code execution with SYSTEM privileges.
21 January 2022

Crime Shop Sells Hacked Logins to Other Crime Shops

Up for the "Most Meta Cybercrime Offering" award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites.
21 January 2022

Spyware Blitzes Compromise, Cannibalize ICS Networks

Spyware Blitzes Compromise, Cannibalize ICS Networks The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
21 January 2022

Week in security with Tony Anscombe

ESET research into Donot Team attacks – Common signs that your email has been hacked – Social media dos and don'ts in the workplace

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

21 January 2022

Chinese APT deploys MoonBounce implant in UEFI firmware

The highly targeted attack reveals a new level of sophistication in attacks against UEFI firmware.
21 January 2022

Amazon fake crypto token investment scam steals Bitcoin from victims

Criminals are peddling the idea of a new Amazon cryptocurrency token to swindle victims.
21 January 2022

2FA Bypassed in $34.6M Crypto.com Heist

2FA Bypassed in $34.6M Crypto.com Heist In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds.
20 January 2022