Cybersecurity News
QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.
07 February 2022
Roaming Mantis Expands Android Backdoor to Europe
The 'smishing' group lives up to its name, expanding globally and adding image exfiltration to the Wroba RAT it uses to infect mobile victims.
07 February 2022
Google Cloud launches agentless cryptojacking malware scanner
The new security feature is designed to hunt down instances of cryptojacking.07 February 2022
How the growing Russian ransomware threat is costing companies dear
With KP Snacks the latest cyber-attack victim, firms must learn to defend themselves against a mounting menace
The January snow lay thick on the Moscow ground, as masked officers of the FSB – Russia’s fearsome security agency – prepared to smash down the doors at one of 25 addresses they would raid that day.
Their target was REvil, a shadowy conclave of hackers that claimed to have stolen more than $100m (£74m) a year through “ransomware” attacks, before suddenly disappearing.
Continue reading...05 February 2022
‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet
The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what's next.
04 February 2022
Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.
04 February 2022
Week in security with Tony Anscombe
What to know before scanning a QR code – Has your phone been hacked? – Watch your back and keep shoulder surfers at bay
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
04 February 2022
Attackers Target Intuit Users by Threatening to Cancel Tax Accounts
The usual tax-season barrage of cybercriminal activity is already underway with a phishing campaign impersonating the popular accounting and tax-filing software.
04 February 2022
Russian APT Primitive Bear attacks Western gov't department in Ukraine through job hunt
The hacking group's latest activities come at a time when tension is boiling between Russia and Ukraine.04 February 2022
Operation EmailThief: Zero-day XSS vulnerability in Zimbra email platform revealed
A zero-day bug in the Zimbra email platform is reportedly under attack.04 February 2022
Think before you scan: How fraudsters can exploit QR codes to steal money
QR codes are all the rage and scammers have taken notice. Look out for dangers lurking behind those little black-and-white squares.
The post Think before you scan: How fraudsters can exploit QR codes to steal money appeared first on WeLiveSecurity
04 February 2022
CISA issues advisory warning of critical vulnerabilities in Airspan Networks Mimosa
The vulnerabilities go all the way up to 10 on the CVSS severity score.04 February 2022
Kronos Still Dragging Itself Back From Ransomware Hell
And customers including Tesla, PepsiCo and NYC transit workers are filing lawsuits over the “real pain in the rear end” of manual inputting, inaccurate wages & more.
03 February 2022
Low-Detection Phishing Kits Increasingly Bypass MFA
A growing class of phishing kits – transparent reverse proxy kits – are being used to get past multi-factor authentication using MiTM tactics.
03 February 2022
Critical Cisco Bugs Open VPN Routers to Cyberattacks
The company's RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating.
03 February 2022
Critical Cisco Bugs Open VPN Routers to Cyberattacks
The company's RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating.
03 February 2022
How Phishers Are Slinking Their Links Into LinkedIn
If you received a link to LinkedIn.com via email, SMS or instant message, would you click it? Spammers, phishers and other ne'er-do-wells are hoping you will, because they've long taken advantage of a marketing feature on the business networking site which lets them create a LinkedIn.com link that bounces your browser to other websites, such as phishing pages that mimic top online brands (but chiefly Linkedin's parent firm Microsoft).03 February 2022
Wormhole Crypto Platform: ‘Funds Are Safe’ After $314M Heist
The popular bridge, which connects Ethereum, Solana blockchain & more, was shelled out by it's-not-saying. Wormhole is trying to negotiate with the attacker.
03 February 2022
PowerPoint Files Abused to Take Over Computers
Attackers are using socially engineered emails with .ppam file attachments that hide malware that can rewrite Windows registry settings on targeted machines.
03 February 2022
3D printed guns, underground markets, bomb manuals: police crackdown continues
Europol has now turned its attention to freely-available bomb guides published online.03 February 2022