Cybersecurity News


Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts

Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users.
12 January 2022

New York AG Warns 17 Firms of Credential Attacks

New York AG Warns 17 Firms of Credential Attacks Sponsored: Password security is highlighted in attorney general warning to New York state businesses.
12 January 2022

Phishers Rip Off High-Profile EA Gamers

Phishers Rip Off High-Profile EA Gamers Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts.
12 January 2022

Remote Access Trojans spread through Microsoft Azure, AWS cloud service abuse

It seems that one or two Trojans aren't enough for your average cyberattacker.
12 January 2022

Cryptocurrency scams: What to know and how to protect yourself

As you attempt to strike it rich in the digital gold rush, make sure you know how to recognize various schemes that want to part you from your digital coins

The post Cryptocurrency scams: What to know and how to protect yourself appeared first on WeLiveSecurity

12 January 2022

Who is the Network Access Broker ‘Wazawaka?’

In a great many ransomware attacks, the criminals who pillage the victim's network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.
12 January 2022

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is "wormable," meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.
11 January 2022

Here’s REALLY How to Do Zero-Trust Security

Here’s REALLY How to Do Zero-Trust Security It's not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey.
11 January 2022

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score.
11 January 2022

MacOS Bug Could Let Creeps Snoop On You

MacOS Bug Could Let Creeps Snoop On You The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots.
11 January 2022

WordPress Bugs Exploded in 2021, Most Exploitable

WordPress Bugs Exploded in 2021, Most Exploitable Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.
11 January 2022

FIN7 Mailing Malicious USB Sticks to Drop Ransomware

FIN7 Mailing Malicious USB Sticks to Drop Ransomware The FBI warned that attackers are impersonating Health & Human Services and/or Amazon to mail BadUSB-poisoned USB devices to targets in transportation, insurance & defense.
11 January 2022

‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS

‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS The malware establishes initial access on targeted machines, then waits for additional code to execute.
11 January 2022

CES 2022: Wireless power for all

We don’t need no stinkin’ wall power as CES shows off the power and promise of usable long-range wireless charging

The post CES 2022: Wireless power for all appeared first on WeLiveSecurity

11 January 2022

Critical SonicWall NAC Vulnerability Stems from Apache Mods

Critical SonicWall NAC Vulnerability Stems from Apache Mods Researchers offer more detail on the bug, which can allow attackers to completely take over targets.
11 January 2022

KCodes NetUSB kernel remote code execution flaw impacts millions of devices

The vulnerability is present in software licensed to multiple router vendors.
11 January 2022

Millions of Routers Exposed to RCE by USB Kernel Bug

Millions of Routers Exposed to RCE by USB Kernel Bug The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from Netgear, TP-Link, DLink, Western Digital, et al.
11 January 2022

Signed kernel drivers – Unguarded gateway to Windows’ core

ESET researchers look at malware that abuses vulnerabilities in kernel drivers and outline mitigation techniques against this type of exploitation

The post Signed kernel drivers – Unguarded gateway to Windows’ core appeared first on WeLiveSecurity

11 January 2022

URL Parsing Bugs Allow DoS, RCE, Spoofing & More

URL Parsing Bugs Allow DoS, RCE, Spoofing & More Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications.
10 January 2022

Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High

Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found.
10 January 2022