1. Nmap Online
  2. Cybersecurity News

Cybersecurity News

New GootLoader Campaign Targets Accounting, Law Firms

New GootLoader Campaign Targets Accounting, Law Firms GootLoader hijacks WordPress sites to lure professionals to download malicious sample contract templates.
13 January 2022

Adobe Cloud Abused to Steal Office 365, Gmail Credentials

Adobe Cloud Abused to Steal Office 365, Gmail Credentials Threat actors are creating accounts within the Adobe Cloud suite and sending images and PDFs that appear legitimate to target Office 365 and Gmail users, researchers from Avanan discovered.
13 January 2022

Ransomware locks down prison, knocks systems offline

Inmates were confined to their cells as a result of the cyberattack.
13 January 2022

UK jails man for spying on kids, adults with Remote Access Trojans

Malware was used to take explicit photos and videos.
13 January 2022

Making loyalty pay: How to keep your loyalty rewards safe from scammers

Is loyalty fraud on your radar? Here's why your hard-earned reward points and air miles may be easy pickings for cybercriminals.

The post Making loyalty pay: How to keep your loyalty rewards safe from scammers appeared first on WeLiveSecurity

13 January 2022

Fingers point to Lazarus, Cobalt, FIN7 as key hacking groups attacking finance industry

A deep dive into threats against this sector reveals the top threats organizations should keep in mind.
13 January 2022

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft

Widespread, Easily Exploitable Windows RDP Bug Opens Users to Data Theft Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access.
12 January 2022

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign

Amazon, Azure Clouds Host RAT-ty Trio in Infostealing Campaign A cloudy campaign delivers commodity remote-access trojans to steal information and execute code.
12 January 2022

Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts

Stolen TikTok Videos, Bent on Fraud, Invade YouTube Shorts Scammers easily game YouTube Shorts with viral TikTok content, bilking both creators and users.
12 January 2022

New York AG Warns 17 Firms of Credential Attacks

New York AG Warns 17 Firms of Credential Attacks Sponsored: Password security is highlighted in attorney general warning to New York state businesses.
12 January 2022

Phishers Rip Off High-Profile EA Gamers

Phishers Rip Off High-Profile EA Gamers Electronic Arts blamed “human error” after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts.
12 January 2022

Remote Access Trojans spread through Microsoft Azure, AWS cloud service abuse

It seems that one or two Trojans aren't enough for your average cyberattacker.
12 January 2022

Cryptocurrency scams: What to know and how to protect yourself

As you attempt to strike it rich in the digital gold rush, make sure you know how to recognize various schemes that want to part you from your digital coins

The post Cryptocurrency scams: What to know and how to protect yourself appeared first on WeLiveSecurity

12 January 2022

Who is the Network Access Broker ‘Wazawaka?’

In a great many ransomware attacks, the criminals who pillage the victim's network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.
12 January 2022

‘Wormable’ Flaw Leads January 2022 Patch Tuesday

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is "wormable," meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.
11 January 2022

Here’s REALLY How to Do Zero-Trust Security

Here’s REALLY How to Do Zero-Trust Security It's not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey.
11 January 2022

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score.
11 January 2022

MacOS Bug Could Let Creeps Snoop On You

MacOS Bug Could Let Creeps Snoop On You The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab screenshots.
11 January 2022

WordPress Bugs Exploded in 2021, Most Exploitable

WordPress Bugs Exploded in 2021, Most Exploitable Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.
11 January 2022

FIN7 Mailing Malicious USB Sticks to Drop Ransomware

FIN7 Mailing Malicious USB Sticks to Drop Ransomware The FBI warned that attackers are impersonating Health & Human Services and/or Amazon to mail BadUSB-poisoned USB devices to targets in transportation, insurance & defense.
11 January 2022