1. Nmap Online
  2. Cybersecurity News

Cybersecurity News

Lazarus APT Uses Windows Update to Spew Malware

Lazarus APT Uses Windows Update to Spew Malware The group once again dangled fake job opportunities at engineers in a spear-phishing campaign that used Windows Update as a living-off-the-land technique and GitHub as a C2.
28 January 2022

Zerodium Spikes Payout for Zero-Click Outlook Zero-Days

Zerodium Spikes Payout for Zero-Click Outlook Zero-Days The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.
28 January 2022

Week in security with Tony Anscombe

ESET Research uncovers DazzleSpy malware attacks targeting macOS users – Trading personal data for free online services – PayPal hacking made easy

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

28 January 2022

Conti, DeadBolt Target Delta, QNAP

Conti, DeadBolt Target Delta, QNAP QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been crippled.
28 January 2022

Shlayer and Bundlore MacOS Malware Strains – How Uptycs EDR Detection Can Help

Shlayer and Bundlore MacOS Malware Strains – How Uptycs EDR Detection Can Help MacOS malware Shlayer and Bundlore may have variations, but the behavior of their attacks have not changed – attacking older macOS versions and poorly-protected websites.
28 January 2022

Who Wrote the ALPHV/BlackCat Ransomware Strain?

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. "BlackCat"), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we'll explore some of the clues left behind by the developer who was reputedly hired to code the ransomware variant.
28 January 2022

Silkworm security? Researchers create new authentication method using silk fibers

Academics say the material could be used to create unclonable physical components suitable for supporting digital security.
28 January 2022

Google Play app dropped Vultur banking Trojan on Android handsets

The app was installed thousands of times before it was removed.
28 January 2022

2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play

2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line.
27 January 2022

BotenaGo Botnet Code Leaked to GitHub

BotenaGo Botnet Code Leaked to GitHub The malware had already put millions of routers and IoT devices at risk, and now any noob can have at it.
27 January 2022

PCI SSC in Brazil: New Regional Engagement Board for 2022

PCI SSC in Brazil: New Regional Engagement Board for 2022

 

PCI SSC has announced a newly expanded Brazil Regional Engagement Board (REB). Here we talk with PCI SSC Associate Director, LA Region for Brazil, Carlos Caetano, about the value of the board, its role and agenda for 2022.

27 January 2022

Shipment-Delivery Scams a Fav Way to Spread Malware

Shipment-Delivery Scams a Fav Way to Spread Malware Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.
27 January 2022

How to Secure Your SaaS Stack with a SaaS Security Posture Management Solution

How to Secure Your SaaS Stack with a SaaS Security Posture Management Solution SaaS Security Posture Management (SSPM) named a must have solution by Gartner. Adaptive Shields SSPM solution allows security teams full visibility and control.
27 January 2022

EyeMed agrees $600,000 settlement over 2020 data breach

The data of roughly 2.1 million individuals was exposed.
27 January 2022

DeepDotWeb operator sentenced to eight years behind bars

The platform provided links to Dark Web marketplaces.
27 January 2022

Beyond the tick box: What to consider before agreeing to a privacy policy

The trade-off between using a free service and giving up our personal data becomes much less palatable when we think about the wider ramifications of the collection and use of our personal data

The post Beyond the tick box: What to consider before agreeing to a privacy policy appeared first on WeLiveSecurity

27 January 2022

Konni remote access Trojan receives 'significant' upgrades

Researchers say the security community should keep a close eye on this malware strain.
27 January 2022

TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade

TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade The malware has added an anti-debugging tool that crashes browser tabs when researchers use code beautifying for analysis.
26 January 2022

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.
26 January 2022

‘Dark Herring’ Billing Malware Swims onto 105M Android Devices

‘Dark Herring’ Billing Malware Swims onto 105M Android Devices The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.
26 January 2022