Cybersecurity News


Security firm Blumira discovers major new Log4j attack vector

A basic Javascript WebSocket connection can trigger a local Log4j remote code attack via a drive-by compromise. Wonderful. Truly wonderful.
17 December 2021

Convergence Ahoy: Get Ready for Cloud-Based Ransomware

Convergence Ahoy: Get Ready for Cloud-Based Ransomware Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments.
17 December 2021

Conti Gang Suspected of Ransomware Attack on McMenamins

Conti Gang Suspected of Ransomware Attack on McMenamins The incident occurred last weekend at the popular chain of restaurants, hotels and breweries, which is still facing disruptions.
17 December 2021

‘Tropic Trooper’ Reemerges to Target Transportation Outfits

‘Tropic Trooper’ Reemerges to Target Transportation Outfits Analysts warn that the attack group, now known as 'Earth Centaur,' is honing its attacks to go after transportation and government agencies.
16 December 2021

‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems

‘PseudoManuscrypt’ Mass Spyware Campaign Targets 35K Systems It’s similar to Lazarus’s Manuscrypt malware, but the new spyware is splattering itself onto government organizations and ICS in a non-Lazarus-like, untargeted wave of attacks.
16 December 2021

NY Man Pleads Guilty in $20 Million SIM Swap Theft

A 24-year-old New York man who bragged about helping to steal more than $20 million worth of cryptocurrency from a technology executive has pleaded guilty to conspiracy to commit wire fraud. Nicholas Truglia was part of a group alleged to have stolen more than $100 million from cryptocurrency investors using fraudulent "SIM swaps," scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identities.
16 December 2021

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware

‘DarkWatchman’ RAT Shows Evolution in Fileless Malware The new tool manipulates Windows Registry in unique ways to evade security detections and is likely being used by ransomware groups for initial network access.
16 December 2021

Suspected Iranian hackers target airline with new backdoor

The attack was performed by abusing the Slack workspace application.
16 December 2021

Victims awarded $18 million in GirlsDoPorn online video case, boss on the run

The sex trafficking case impacts hundreds of victims, including young women seeking modeling work.
16 December 2021

Relentless Log4j Attacks Include State Actors, Possible Worm

Relentless Log4j Attacks Include State Actors, Possible Worm More than 1.8 million attacks, against half of all corporate networks, have already launched to exploit Log4Shell.
15 December 2021

Malicious Exchange Server Module Hoovers Up Outlook Credentials

Malicious Exchange Server Module Hoovers Up Outlook Credentials "Owowa" stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made.
15 December 2021

SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP Kicks Log4Shell Vulnerability Out of 20 Apps SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality.
15 December 2021

What every business leader needs to know about Log4Shell

Hundreds of thousands of attempts to exploit the vulnerability are under way

The post What every business leader needs to know about Log4Shell appeared first on WeLiveSecurity

15 December 2021

Meta targets user information, database scraping in bug bounty expansion

Meta's Facebook came under fire for a scraping incident earlier this year.
15 December 2021

Ransomware in 2022: We're all screwed

Security experts tell us what to expect in the cybercriminal landscape as we head into the new year. It's not good.
15 December 2021

Payment Security: A Perspective from Europe

 

In the eighteen months plus since the outbreak of the COVID-19 global pandemic many businesses have had to reinvent themselves and adapt not only how they manage their business, but more importantly how they accept payments. Europe like most of the rest of the world saw a major switch to remote transactions and the world of e-commerce. On top of these significant changes, many organizations have also had to confront the practical and security challenges of employees first having to, and then wanting to, work from home.

15 December 2021

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

Apache’s Fix for Log4Shell Can Lead to DoS Attacks Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
15 December 2021

The dirty dozen of Latin America: From Amavaldo to Zumanek

The grand finale of our series dedicated to demystifying Latin American banking trojans

The post The dirty dozen of Latin America: From Amavaldo to Zumanek appeared first on WeLiveSecurity

15 December 2021

In 2022, Expect More Supply Chain Pain and Changing Security Roles

In 2022, Expect More Supply Chain Pain and Changing Security Roles If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was felt in two significant ways: through the supply chain disruptions caused by COVID-19, and through the many security breaches that we saw in our key […]
14 December 2021

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit

Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug.
14 December 2021