Cybersecurity News


‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS

‘Fully Undetected’ SysJoker Backdoor Malware Targets Windows, Linux & macOS The malware establishes initial access on targeted machines, then waits for additional code to execute.
11 January 2022

CES 2022: Wireless power for all

We don’t need no stinkin’ wall power as CES shows off the power and promise of usable long-range wireless charging

The post CES 2022: Wireless power for all appeared first on WeLiveSecurity

11 January 2022

Critical SonicWall NAC Vulnerability Stems from Apache Mods

Critical SonicWall NAC Vulnerability Stems from Apache Mods Researchers offer more detail on the bug, which can allow attackers to completely take over targets.
11 January 2022

KCodes NetUSB kernel remote code execution flaw impacts millions of devices

The vulnerability is present in software licensed to multiple router vendors.
11 January 2022

Millions of Routers Exposed to RCE by USB Kernel Bug

Millions of Routers Exposed to RCE by USB Kernel Bug The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from Netgear, TP-Link, DLink, Western Digital, et al.
11 January 2022

Signed kernel drivers – Unguarded gateway to Windows’ core

ESET researchers look at malware that abuses vulnerabilities in kernel drivers and outline mitigation techniques against this type of exploitation

The post Signed kernel drivers – Unguarded gateway to Windows’ core appeared first on WeLiveSecurity

11 January 2022

URL Parsing Bugs Allow DoS, RCE, Spoofing & More

URL Parsing Bugs Allow DoS, RCE, Spoofing & More Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications.
10 January 2022

Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High

Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found.
10 January 2022

CES 2022 – the “anyone can make an electric car” edition

But as we learned in mashing up other technologies, the security devil is in the details

The post CES 2022 – the “anyone can make an electric car” edition appeared first on WeLiveSecurity

10 January 2022

Indian Patchwork hacking group infects itself with remote access Trojan

Researchers pounced on the opportunity the mistake created.
10 January 2022

Abcbot botnet has now been linked to Xanthe cryptojacking group

Researchers believe the focus is moving from cryptocurrency to traditional botnet attacks.
10 January 2022

500M Avira Antivirus Users Introduced to Cryptomining

Many readers were surprised to learn recently that the popular Norton 360 antivirus suite now ships with a program which lets customers make money mining virtual currency. But Norton 360 isn't alone in this dubious endeavor: Avira antivirus -- which has built a base of 500 million users worldwide largely by making the product free -- was recently bought by the same company that owns Norton 360 and is introducing its customers to a service called Avira Crypto.
08 January 2022

EoL Systems Stonewalling Log4j Fixes for Fed Agencies

EoL Systems Stonewalling Log4j Fixes for Fed Agencies End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, federal cyberserurity CTO Matt Keller says.
07 January 2022

Cyberattackers Hit Data of 80K Fertility Patients

Cyberattackers Hit Data of 80K Fertility Patients Fertility Centers of Illinois' security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files.
07 January 2022

3.7M FlexBooker Records Dumped on Hacker Forum

3.7M FlexBooker Records Dumped on Hacker Forum Attackers are trading millions of records from a trio of pre-holiday breaches on an online forum.
07 January 2022

QNAP: Get NAS Devices Off the Internet Now

QNAP: Get NAS Devices Off the Internet Now There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.
07 January 2022

Week in security with Tony Anscombe

CES gives us a glimpse of our connected future – 10 bad cybersecurity habits to break this year – How hackers steal passwords

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

07 January 2022

Log4J-Related RCE Flaw in H2 Database Earns Critical Rating

Log4J-Related RCE Flaw in H2 Database Earns Critical Rating Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.
07 January 2022

CES 2022: Space security – no more flying blind

And no more worrying about your satellite being smashed by a “drunk driver” as new tech promises to predict hazards in orbit

The post CES 2022: Space security – no more flying blind appeared first on WeLiveSecurity

07 January 2022

NoReboot attack fakes iOS phone shutdown to spy on you

The PoC malware can be used to hijack microphone and camera functions.
07 January 2022