Cybersecurity News


TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade

TrickBot Crashes Security Researchers’ Browsers in Latest Upgrade The malware has added an anti-debugging tool that crashes browser tabs when researchers use code beautifying for analysis.
26 January 2022

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild

Apple Fixes 2 Zero-Day Security Bugs, One Exploited in the Wild iOS 15.3 & iPadOS 15.3 fix the Safari browser flaw that could have spilled users’ browsing data, plus a zero day IOMobileFrameBuffer bug exploited in the wild.
26 January 2022

‘Dark Herring’ Billing Malware Swims onto 105M Android Devices

‘Dark Herring’ Billing Malware Swims onto 105M Android Devices The mobile malware heisted hundreds of millions of dollars from unsuspecting users, thanks to 470 different well-crafted malicious app in Google Play.
26 January 2022

New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense

New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense Need a blueprint for architecting a formidable cyber-defense? Kerry Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown.
26 January 2022

Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox

Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.
26 January 2022

Linux Bug in All Major Distros: ‘An Attacker’s Dream Come True’

Linux Bug in All Major Distros: ‘An Attacker’s Dream Come True’ The 12-year-old flaw in the sudo-like polkit’s pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days.
26 January 2022

Threat Actors Blanket Androids with Flubot, Teabot Campaigns

Threat Actors Blanket Androids with Flubot, Teabot Campaigns Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.
26 January 2022

Every breath you take, every move you make: Do fitness trackers pose privacy risks?

Should you beware of wearables? Here’s what you should know about the potential security and privacy risks of your smartwatch or fitness tracker.

The post Every breath you take, every move you make: Do fitness trackers pose privacy risks? appeared first on WeLiveSecurity

26 January 2022

DazzleSpy: Pro-democracy org hijacked to become macOS spyware distributor

A Safari exploit was being served through a watering hole attack.
26 January 2022

Trickbot will now try to crash researcher PCs to stop reverse engineering attempts

The Trojan has been refreshed with a new set of anti-analysis capabilities.
26 January 2022

UK government security center, i100 publish NMAP scripts for vulnerability scanning

The SME project aims to streamline the detection and remediation of specific bugs.
26 January 2022

Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet

Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country's only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.
25 January 2022

Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin

Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.
25 January 2022

Segway Hit by Magecart Attack Hiding in a Favicon

Segway Hit by Magecart Attack Hiding in a Favicon Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned.
25 January 2022

Scary Fraud Ensues When ID Theft & Usury Collide

What's worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One reader's nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders.
25 January 2022

New MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks

New MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy.
25 January 2022

AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover

AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users.
25 January 2022

BRATA Android Trojan Updated with ‘Kill Switch’ that Wipes Devices

BRATA Android Trojan Updated with ‘Kill Switch’ that Wipes Devices Researchers identify three new versions of the banking trojan that include various new features, including GPS tracking and novel obfuscation techniques.
25 January 2022

Staff negligence is now a major reason for insider security incidents

Negligence and malicious insider activities are common security challenges in the enterprise today.
25 January 2022

Watering hole deploys new macOS malware, DazzleSpy, in Asia

Hong Kong pro-democracy radio station website compromised to serve a Safari exploit that installed cyberespionage malware on site visitors’ Macs

The post Watering hole deploys new macOS malware, DazzleSpy, in Asia appeared first on WeLiveSecurity

25 January 2022