Cybersecurity News


2FA Bypassed in $34.6M Crypto.com Heist

2FA Bypassed in $34.6M Crypto.com Heist In a display of 2FA's fallibility, unauthorized transactions approved without users' authentication bled 483 accounts of funds.
20 January 2022

Critical Cisco StarOS Bug Grants Root Access via Debug Mode

Critical Cisco StarOS Bug Grants Root Access via Debug Mode Cisco issued a critical fix for a flaw in its Cisco RCM for Cisco StarOS Software that could give attackers RCE on the application with root-level privileges.
20 January 2022

Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug

Microsoft Sees Log4j Attacks Exploiting SolarWinds Serv-U Bug SolarWinds has fixed a Serv-U bug that threat actors were exploiting to unleash Log4j attacks on networks’ internal devices.
20 January 2022

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs

Pervasive Apple Safari Bug Exposes Web-Browsing Data, Google IDs The information-disclosure issue, affecting Macs, iPhones and iPads, allows a snooping website to find out information about other tabs a user might have open.
20 January 2022

Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data

Red Cross Begs Attackers Not to Leak 515K People’s Stolen Data A cyberattack forced the Red Cross to shut down IT systems running the Restoring Family Links system, which reunites families fractured by war, disaster or migration.
20 January 2022

SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack

SEC Filing Reveals Fortune 500 Firm Targeted in Ransomware Attack R.R. Donnelly, the integrated services company, confirmed a ‘systems intrusion’ that occurred in late December and is still under investigation.
20 January 2022

How to know if your email has been hacked

Think your email may have been hacked? Here are the signs to look for, how account takeover attacks commonly occur, and how to recover your account and avoid falling victim again

The post How to know if your email has been hacked appeared first on WeLiveSecurity

20 January 2022

Multichain token hack losses reach $3 million: report

Multichain messaging seems confusing, at best.
20 January 2022

'Serial' romance fraudster jailed for trying to scam 670 people in the UK

Victims were conned out of thousands of pounds, including one woman who was terminally ill.
20 January 2022

Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say

Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia’s wider effort to undermine Ukraine’s sovereignty, according to analysts.
19 January 2022

Box 2FA Bypass Opens User Accounts to Attack

Box 2FA Bypass Opens User Accounts to Attack A security bug in the file-sharing cloud app could have allowed attackers using stolen credentials to skate by one-time SMS code verification requirements.
19 January 2022

IRS Will Soon Require Selfies for Online Access

If you created an online account to manage your tax records with the U.S. Internal Revenue Service (IRS), those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification service that requires applicants to submit copies of bills and identity documents, as well as a live video feed of their faces via a mobile device.
19 January 2022

Deloitte launches new SaaS cyber threat detection and response platform

AWS, CrowdStrike, Exabeam, and Google Cloud Chronicle are operationalizing the new platform.
19 January 2022

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks

Beijing Olympics App Flaws Allow Man-in-the-Middle Attacks Attackers can access audio and files uploaded to the MY2022 mobile app required for use by all winter games attendees – including personal health details.
19 January 2022

Zoom vulnerabilities impact clients, MMR servers

Vulnerabilities in the videoconferencing software have been analyzed by Google researchers.
19 January 2022

Cloned Dept. of Labor Site Hawks Fake Government Contracts

Cloned Dept. of Labor Site Hawks Fake Government Contracts A well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucrative government projects -- but harvests credentials instead.
19 January 2022

Donot Team APT will strike gov't, military targets for years - until they succeed

The group has been described as "remarkably persistent" in cyberattacks.
19 January 2022

Will 2022 Be the Year of the Software Bill of Materials?

Will 2022 Be the Year of the Software Bill of Materials? Praise be & pass the recipe for the software soup: There's too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable.
18 January 2022

The Log4j Vulnerability Puts Pressure on the Security World

The Log4j Vulnerability Puts Pressure on the Security World It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking.
18 January 2022

Cybercriminals Actively Target VMware vSphere with Cryptominers

Cybercriminals Actively Target VMware vSphere with Cryptominers VMware's container-based application development environment has become attractive to cyberattackers.
18 January 2022