Cybersecurity News


We can make our phones harder to hack but complete security is a pipe dream | John Naughton

We can make our phones harder to hack but complete security is a pipe dream | John Naughton Even the latest iPhone scare won’t persuade us to choose safety over convenience

Apple caused a stir a few weeks ago when it announced that the forthcoming update of its mobile and laptop operating systems would contain an optional high-security mode that would provide users with an unprecedented level of protection against powerful “spyware” software that surreptitiously obtains control of their devices.

It’s called Lockdown Mode and, according to Apple, “offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware”.

Continue reading...
21 August 2022

Google and Apple both release patches against zero‑day vulnerabilities – Week in security with Tony Anscombe

Zero-day vulnerabilities are super active and Google and Apple are acting to patch these vulnerabilities, some of which seen on-the-wild.

The post Google and Apple both release patches against zero‑day vulnerabilities – Week in security with Tony Anscombe appeared first on WeLiveSecurity

19 August 2022

iPhone Users Urged to Update to Patch 2 Zero-Days

iPhone Users Urged to Update to Patch 2 Zero-Days Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
19 August 2022

PayPal Phishing Scam Uses Invoices Sent Via PayPal

Scammers are using invoices sent through PayPal.com to trick recipients into calling a number to dispute a pending charge. The missives -- which come from Paypal.com and include a link at Paypal.com that displays an invoice for the supposed transaction -- state that the user's account is about to be charged hundreds of dollars. Recipients who call the supplied toll-free number to contest the transaction are soon asked to download software that lets the scammers assume remote control over their computer.
18 August 2022

Google Patches Chrome’s Fifth Zero-Day of the Year

Google Patches Chrome’s Fifth Zero-Day of the Year Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation of untrusted input in Intents,” […]
18 August 2022

A step‑by‑step guide to enjoy LinkedIn safely

LinkedIn privacy settings are just as overwhelming as any other social media settings. There’s a lot of menus, a lot buttons to enable, select, accept or reject. To make sure you have control over your information we bring you a step-by-step guide on how to enjoy LinkedIn safely.

The post A step‑by‑step guide to enjoy LinkedIn safely appeared first on WeLiveSecurity

18 August 2022

APT Lazarus Targets Engineers with macOS Malware

APT Lazarus Targets Engineers with macOS Malware The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
17 August 2022

When Efforts to Contain a Data Breach Backfire

Earlier this month, the administrator of the cybercrime forum Breached received a cease-and-desist letter from a cybersecurity firm. The missive alleged that an auction on the site for data stolen from 10 million customers of Mexico’s second-largest bank was fake news and harming the bank’s reputation. The administrator responded to this empty threat by purchasing the stolen banking data and leaking it on the forum for everyone to download.
16 August 2022

U.K. Water Supplier Hit with Clop Ransomware Attack

U.K. Water Supplier Hit with Clop Ransomware Attack The incident disrupted corporate IT systems at one company while attackers misidentified the victim in a post on its website that leaked stolen data.
16 August 2022

DEF CON – “don’t worry, the elections are safe” edition

Don't worry, elections are safe. Our Security Researcher Cameron Camp provide us highlights from the DEF CON 30 conference.

The post DEF CON – “don’t worry, the elections are safe” edition appeared first on WeLiveSecurity

16 August 2022

Xiaomi Phone Bug Allowed Payment Forgery

Xiaomi Phone Bug Allowed Payment Forgery Mobile transactions could’ve been disabled, created and signed by attackers.
16 August 2022

How a spoofed email passed the SPF check and landed in my inbox

The Sender Policy Framework can’t help prevent spam and phishing if you allow billions of IP addresses to send as your domain

The post How a spoofed email passed the SPF check and landed in my inbox appeared first on WeLiveSecurity

16 August 2022

Black Hat and DEF CON Roundup

Black Hat and DEF CON Roundup ‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
15 August 2022

Black Hat USA 2022: Burnout, a significant issue

The digital skills gap, especially in cybersecurity, is not a new phenomenon. This problematic is now exacerbate by the prevalence of burnout, which was presented at Black Hat USA 2022

The post Black Hat USA 2022: Burnout, a significant issue appeared first on WeLiveSecurity

15 August 2022

Black Hat – Windows isn’t the only mass casualty platform anymore

Windows used to be the big talking point when it came to exploits resulting in mass casualties. Nowadays, talks turned to other massive attack platforms like #cloud and cars

The post Black Hat – Windows isn’t the only mass casualty platform anymore appeared first on WeLiveSecurity

15 August 2022

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.
12 August 2022

The potential consequences of data breach, and romance scams – Week in security with Tony Anscombe

The NHS was victim of a potential cyberattack, which raises the question of the impact of those data breach for the public.

The post The potential consequences of data breach, and romance scams – Week in security with Tony Anscombe appeared first on WeLiveSecurity

12 August 2022

Sounding the Alarm on Emergency Alert System Flaws

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System -- a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system.
12 August 2022

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’ Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.
12 August 2022

Black Hat 2022‑ Cyberdefense in a global threats era

Our Security evangelist's take on this first day of Black Hat 2022, where cyberdefense was on every mind.

The post Black Hat 2022‑ Cyberdefense in a global threats era appeared first on WeLiveSecurity

12 August 2022