Cybersecurity News
REvil Affiliates Arrested; DOJ Seizes $6.1M in Ransom
The U.S. is seeking the extradition of a Ukrainian man, Yaroslav Vasinskyi, whom they suspect is behind the Kaseya supply-chain attacks and other REvil attacks.
DDoS Attacks Shatter Records in Q3, Report Finds
Q3 DDoS attacks topped thousands daily, with more growth expected.
Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs
Researchers have uncovered a large, tangled web of infrastructure being used to enable a wide variety of cyberattacks.
Zoho Password Manager Flaw Torched by Godzilla Webshell
A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology, defense, healthcare, energy and education), deploying the Godzilla webshell and […]
Hacking of activists is latest in long line of cyber-attacks on Palestinians
Analysis: while identity of hackers is not known in this case, Palestinians have long been spied on by Israeli military
The disclosure that Palestinian human rights defenders were reportedly hacked using NSO’s Pegasus spyware will come as little surprise to two groups of people: Palestinians themselves and the Israeli military and intelligence cyber operatives who have long spied on Palestinians.
While it is not known who was responsible for the hacking in this instance, what is very well documented is the role of the Israeli military’s 8200 cyberwarfare unit – known in Hebrew as the Yehida Shmoneh-Matayim – in the widespread spying on Palestinian society.
Continue reading...Be On Alert This Holiday Season
In this blog we explore the challenges around security of payment data during the hectic holiday season and provide tips and best practices to help retailers better secure their payment data.
Passwordless authentication: Is your company ready to move beyond passwords?
Are the days numbered for ‘123456’? As Microsoft further nudges the world away from passwords, here’s what your organization should consider before going password-free.
The post Passwordless authentication: Is your company ready to move beyond passwords? appeared first on WeLiveSecurity
Passwordless authentication: Is your company ready to move beyond passwords?
Are the days numbered for ‘123456’? As Microsoft further nudges the world away from passwords, here’s what your organization should consider before going password-free.
The post Passwordless authentication: Is your company ready to move beyond passwords? appeared first on WeLiveSecurity
Cybersecurity firms provide threat intel for Clop ransomware group arrests
The crackdown was codenamed Operation Cyclone.Native Tribal Casinos Taking Millions in Ransomware Losses
An FBI notification is warning of an uptick in attacks against tribal casinos.
BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs, toys, etc. – to DoS & code execution.
Beyond the Basics: Tips for Building Advanced Ransomware Resiliency
Joseph Carson, chief security scientist and advisory CISO at ThycoticCentrify, offers advice on least privilege, automation, application control and more.
Google Ads for Faux Cryptowallets Net Scammers At Least $500K
Malicious Phantom, MetaMask cryptowallets are on the prowl to drain victim funds.
Proofpoint Phish Harvests Microsoft O365, Google Logins
A savvy campaign impersonating the cybersecurity company skated past Microsoft email security.
Week in security with Tony Anscombe
What's it like working as a malware researcher? – ProtonMail and the battle for email privacy – Man charged with hacking, trying to extort US sports leagues
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Week in security with Tony Anscombe
What's it like working as a malware researcher? – ProtonMail and the battle for email privacy – Man charged with hacking, trying to extort US sports leagues
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Feds Offer $10 Million Bounty for DarkSide Info
The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group.
SSL certificate research highlights pitfalls for company data, competition
Analysis reveals hidden risks for organizations that do not monitor their certificate usage.US Blacklists Pegasus Spyware Maker
NSO Group plans to fight the trade ban, saying it's "dismayed" and clinging to the mantra that its tools actually help to prevent terrorism and crime.
3 Guideposts for Building a Better Incident-Response Plan
Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.