Cybersecurity News


Questions linger after IRS’s about‑face on facial recognition

Why would a tax agency contractor’s privacy policy mention collecting information about my Facebook friends?

The post Questions linger after IRS’s about‑face on facial recognition appeared first on WeLiveSecurity

15 February 2022

BlackByte Tackles the SF 49ers & US Critical Infrastructure

BlackByte Tackles the SF 49ers & US Critical Infrastructure Hours before the Superbowl and two days after the FBI warned about the ransomware gang, BlackByte leaked what are purportedly the NFL team's files.
14 February 2022

Wazawaka Goes Waka Waka

In January, KrebsOnSecurity examined clues left behind by "Wazawaka," the hacker handle chosen by a major ransomware criminal in the Russian-speaking cybercrime scene. Wazawaka has since "lost his mind" according to his erstwhile colleagues, creating a Twitter account to drop exploit code for a widely-used virtual private networking (VPN) appliance, and publishing bizarre selfie videos taunting security researchers and journalists. In last month's story, we explored clues that led from Wazawaka's multitude of monikers, email addresses, and passwords to a 30-something father in Abakan, Russia named Mikhail Pavlovich Matveev. This post concerns itself with the other half of Wazawaka's identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became "Orange," the founder of the ransomware-focused Dark Web forum known as "RAMP."
14 February 2022

‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware

‘Cities: Skylines’ Gaming Modder Banned Over Hidden Malware 35K+ players were exposed to an auto-updater that planted a trojan that choked performance for fellow modders and Colossal Order employees.
14 February 2022

Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack

Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems.
14 February 2022

From the back office to the till: Cybersecurity challenges facing global retailers

How well retailers can manage the surge in cyberthreats may be crucial for their prospects in a post‑pandemic world

The post From the back office to the till: Cybersecurity challenges facing global retailers appeared first on WeLiveSecurity

14 February 2022

Patch now: Adobe releases emergency fix for exploited Commerce,  Magento zero-day

Adobe says the vulnerability is being used in attacks targeting Adobe Commerce users.
14 February 2022

Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa

Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.
11 February 2022

Cybercrooks Frame Targets by Planting Fabricated Digital Evidence

Cybercrooks Frame Targets by Planting Fabricated Digital Evidence The ‘ModifiedElephant’ threat actors are technically unimpressive, but they’ve evaded detection for a decade, hacking human rights advocates' systems with dusty old keyloggers and off-the-shelf RATs.
11 February 2022

Week in security with Tony Anscombe

New ESET Threat Report is out – How dark web services are moving to common apps and services – Leave romance scammers high and dry

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

11 February 2022

Apple Patches Actively Exploited WebKit Zero Day

Apple Patches Actively Exploited WebKit Zero Day A memory issue affects myriad iPhone, iPad and MacOS devices and allows attackers to execute arbitrary code after processing malicious web content.
11 February 2022

These cybercriminals plant criminal evidence on human rights defender, lawyer devices

There's more than one way to silence civil rights activists, it seems.
11 February 2022

When love hurts: Watch out for romance scams this Valentine’s Day

Don’t be the next victim – spot the signs of a faux romance in time and send that scammer ‘packing’

The post When love hurts: Watch out for romance scams this Valentine’s Day appeared first on WeLiveSecurity

11 February 2022

Spanish police arrest suspects in SIM-swapping ring

Fraudsters used photocopies and stolen data to obtain duplicate SIM cards.
11 February 2022

$1.3 billion lost to romance scams in the past five years: FTC

Romance scams are reaching record-highs, regulators warn.
11 February 2022

Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares

Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer.
10 February 2022

Sharp SIM-Swapping Spike Causes $68M in Losses

Sharp SIM-Swapping Spike Causes $68M in Losses The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts.
10 February 2022

SAP Patches Severe ‘ICMAD’ Bugs

SAP Patches Severe ‘ICMAD’ Bugs SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more.
10 February 2022

SAP to Give Threat Briefing on Uber-Severe ‘ICMAD’ Bugs

SAP to Give Threat Briefing on Uber-Severe ‘ICMAD’ Bugs SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more.
10 February 2022

The Threat of Ransomware Attacks

 

How the spike in ransomware attacks presents an urgent threat to the payment security community. On the blog, we cover basic questions with Lisa Plaggemier, Executive Director National Cybersecurity Alliance and PCI SSC Executive Director Lance Johnson about this growing threat to businesses across the U.S. and around the world and how to better protect yourself from this dangerous attack.

10 February 2022