Cybersecurity News


‘Tis the Season for the Wayward Package Phish

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here's a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.
04 November 2021

Google squashes Android zero‑day bug exploited in targeted attacks

Beyond the vulnerability in the Android kernel, the monthly round of security patches plugs another 38 security loopholes

The post Google squashes Android zero‑day bug exploited in targeted attacks appeared first on WeLiveSecurity

04 November 2021

Google squashes Android zero‑day bug exploited in targeted attacks

Beyond the vulnerability in the Android kernel, the monthly round of security patches plugs another 38 security loopholes

The post Google squashes Android zero‑day bug exploited in targeted attacks appeared first on WeLiveSecurity

04 November 2021

Free Discord Nitro Offer Used to Steal Steam Credentials

Free Discord Nitro Offer Used to Steal Steam Credentials A fake Steam pop-up prompts users to ‘link’ Discord account for free Nitro subs.
04 November 2021

Critical Linux Kernel Bug Allows Remote Takeover

Critical Linux Kernel Bug Allows Remote Takeover The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.
04 November 2021

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victims’ machines to steal credentials and personal info.
04 November 2021

US indicts UK resident 'PlugwalkJoe' for cryptocurrency theft

The UK national is accused of stealing $784,000 in cryptocurrency.
04 November 2021

Remote code execution flaw patched in Linux Kernel TIPC module

The bug was spotted within a year of introduction to the codebase.
04 November 2021

Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign

Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members.
03 November 2021

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new "Tortilla" threat actor.
03 November 2021

Predicting the Next OWASP API Security Top 10

Predicting the Next OWASP API Security Top 10 API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.
03 November 2021

Israeli spyware company NSO Group placed on US blacklist

Israeli spyware company NSO Group placed on US blacklist

Decision against company at heart of Pegasus project reflects deep concern about impact of spyware on US national security interests

NSO Group has been placed on a US blacklist by the Biden administration after it determined the Israeli spyware maker has acted “contrary to the foreign policy and national security interests of the US”.

The finding by the commerce department represents a blow to the Israeli company and reveals a deep undercurrent of concern by the US about the impact of spyware on national security interests.

Continue reading...
03 November 2021

Win one for privacy – Swiss providers don’t have to talk

Security and privacy get a leg up in Proton’s legal challenge against data retention and disclosure obligations

The post Win one for privacy – Swiss providers don’t have to talk appeared first on WeLiveSecurity

03 November 2021

Win one for privacy – Swiss providers don’t have to talk

Security and privacy get a leg up in Proton’s legal challenge against data retention and disclosure obligations

The post Win one for privacy – Swiss providers don’t have to talk appeared first on WeLiveSecurity

03 November 2021

Almost half of rootkits are used for cyberattacks against government organizations

Research institutes are also in the firing line.
03 November 2021

Report: BlackMatter Ransomware Gang Goes Dark, Again

Report: BlackMatter Ransomware Gang Goes Dark, Again The former DarkSide cybercriminal group will shut down due to increased pressure from authorities, who may have nabbed a key team member.
03 November 2021

Medical school exposes personal data of thousands of students

ID cards, academic records, and more were open and accessible on the internet.
03 November 2021

What’s it like to work as a malware researcher? 10 questions answered

Three ESET malware researchers describe what their job involves and what it takes to embark on a successful career in this field

The post What’s it like to work as a malware researcher? 10 questions answered appeared first on WeLiveSecurity

03 November 2021

What’s it like to work as a malware researcher? 10 questions answered

Three ESET malware researchers describe what their job involves and what it takes to embark on a successful career in this field

The post What’s it like to work as a malware researcher? 10 questions answered appeared first on WeLiveSecurity

03 November 2021

Arrests were made, but the Mekotio Trojan lives on

Law enforcement cut off tails, but not the head of the cybercriminal operation.
03 November 2021