Cybersecurity News


80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.
01 December 2021

Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments

Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.
01 December 2021

Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users

Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.
01 December 2021

Jumping the air gap: 15 years of nation‑state effort

ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs

The post Jumping the air gap: 15 years of nation‑state effort appeared first on WeLiveSecurity

01 December 2021

How Decryption of Network Traffic Can Improve Security

How Decryption of Network Traffic Can Improve Security Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.
30 November 2021

Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks

Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks The insurer won’t pay for 'acts of cyber-war' or nation-state retaliation attacks.   
30 November 2021

Finland Faces Blizzard of FluBot-Spreading Text Messages

Finland Faces Blizzard of FluBot-Spreading Text Messages Millions of texts leading to the Flubot spyware/banking trojan are targeting everyone who uses Androids in the country, in an "exceptional" attack.
30 November 2021

Panasonic’s Data Breach Leaves Open Questions

Panasonic’s Data Breach Leaves Open Questions Cyberattackers had unfettered access to the technology giant's file server for four months.
30 November 2021

Paving the way: Inspiring Women in Payments - A podcast featuring Coalfire


In this edition of our podcast, the PCI Security Standards Council is pleased to host a panel discussion featuring four women from Coalfire, a leading provider of IT advisory services for security in a variety of industries, including payments.

30 November 2021

Yanluowang Ransomware Tied to Thieflock Threat Actor

Yanluowang Ransomware Tied to Thieflock Threat Actor Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research.
30 November 2021

Printing Shellz: Critical bugs impacting 150 HP printer models patched

"Cross-site printing attacks" feature in the research.
30 November 2021

Anti-virus firm McAfee seems to be sending junk emails

Anti-virus firm McAfee seems to be sending junk emails

I received a flood of renewal demands and unsubscribing doesn’t work

I cancelled my McAfee anti-virus subscription earlier this year when I discovered it had been double charging me. It refunded only the current year and led me on a wild goose chase to recover the previous two years’ money; I eventually gave up.

Now that my subscription period has ended, it is bombarding me with renewal demand emails several times a day. This weekend I received 15.

Continue reading...
30 November 2021

IKEA Hit by Email Reply-Chain Cyberattack

IKEA Hit by Email Reply-Chain Cyberattack IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads.
29 November 2021

Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months

Researchers Flag 300K Banking Trojan Infections from Google Play in 4 Months Attackers are honing Google Play dropper campaigns, overcoming app store restrictions.
29 November 2021

ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks

ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea.
29 November 2021

Unpatched Windows Zero-Day Allows Privileged File Access

Unpatched Windows Zero-Day Allows Privileged File Access A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.
29 November 2021

More than 1,000 arrested in global crackdown on online fraud

The INTERPOL-led operation involved law enforcement from 20 countries and led to the seizure of millions of dollars in illicit gains

The post More than 1,000 arrested in global crackdown on online fraud appeared first on WeLiveSecurity

29 November 2021

Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers

Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself.
29 November 2021

The Internet is Held Together With Spit & Baling Wire

Imagine being able to disconnect or redirect Internet traffic destined for some of the world's largest companies -- just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the world's largest Internet backbones.
26 November 2021

Week in security with Tony Anscombe

How scammers take advantage of supply chain shortages – Tips for safe online shopping this holiday season – Steps to take after receiving a data breach notice

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

26 November 2021