Cybersecurity News


Week in security with Tony Anscombe

How 'shoulder surfers' could hack into your Snapchat – Staying safe from gift card fraud – What is a buffer overflow vulnerability?

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

10 December 2021

‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware

‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.
10 December 2021

Canadian Ransomware Arrest Is a Meaningful Flex, Experts Say

Canadian Ransomware Arrest Is a Meaningful Flex, Experts Say U.S. and Canada charge Ottawa man for ransomware attacks, signaling that North America is no cybercriminal haven.
09 December 2021

Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity

Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity E-commerce's proverbial Who-ville is under siege, with a rise in bots bent on ruining gift cards and snapping up coveted gifts for outrageously priced resale.
09 December 2021

How MikroTik Routers Became a Cybercriminal Target

How MikroTik Routers Became a Cybercriminal Target The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said.
09 December 2021

SnapHack: Watch out for those who can hack into anyone’s Snapchat!

Oh snap! This is how easy it may be for somebody to hijack your Snapchat account – all they need to do is peer over your shoulder.

The post SnapHack: Watch out for those who can hack into anyone’s Snapchat! appeared first on WeLiveSecurity

09 December 2021

Canada Charges Its “Most Prolific Cybercriminal”

A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Canadian authorities describe him as "the most prolific cybercriminal we've identified in Canada," but so far they've released few other details about the investigation or the defendant. Helpfully, an email address and nickname apparently connected to the accused offer some additional clues.
08 December 2021

Malicious npm Code Packages Built for Hijacking Discord Servers

Malicious npm Code Packages Built for Hijacking Discord Servers The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.
08 December 2021

Moobot Botnet Chews Up Hikvision Surveillance Systems

Moobot Botnet Chews Up Hikvision Surveillance Systems Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned.
08 December 2021

Not with a Bang but a Whisper: The Shift to Stealthy C2

Not with a Bang but a Whisper: The Shift to Stealthy C2 DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike's arsenal.
08 December 2021

Critical SonicWall VPN Bugs Allow Complete Appliance Takeover

Critical SonicWall VPN Bugs Allow Complete Appliance Takeover Unauthenticated, remote attackers can achieve root-level RCE on SMA 100-series appliances.
08 December 2021

AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK

AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK Researchers have found a number of high-security vulnerabilities in a library created by network virtualization firm Eltima, that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, among others: all apps that enable remote desktop access by using the Eltima software […]
08 December 2021

Emotet’s Behavior & Spread Are Omens of Ransomware Attacks

Emotet’s Behavior & Spread Are Omens of Ransomware Attacks The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.
08 December 2021

Windows 10 Drive-By RCE Triggered by Default URI Handler

Windows 10 Drive-By RCE Triggered by Default URI Handler There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.
07 December 2021

Windows 10 Drive-By RCE Triggered by Default URI Handler

Windows 10 Drive-By RCE Triggered by Default URI Handler There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.
07 December 2021

When Scammers Get Scammed, They Take It to Cybercrime Court

When Scammers Get Scammed, They Take It to Cybercrime Court Underground arbitration system settles disputes between cybercriminals.
07 December 2021

Paving the way: Inspiring Women in Payments - A Q&A featuring Jessica Smith

 

With inspiration from her family of engineers, Jessica Smith was raised to approach problem-solving with curiosity, critical thinking, and creativity. These skillsets have helped her to pivot in a career path that started in photography, developed into finance and auditing, and now focuses on information security standards and compliance for the payments industry. In this edition of our blog, Jessica explains that working for a company that encourages the exploration of new skills and cross-training, including harnessing the power of mentorship programs, can make all the difference in one’s success.

07 December 2021

Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators

Google Takes Down Glupteba Botnet; Files Lawsuit Against Operators The malware's unique blockchain-enabled backup C2 scheme makes it difficult to eliminate completely.
07 December 2021

SolarWinds Attackers Spotted Using New Tactics, Malware

SolarWinds Attackers Spotted Using New Tactics, Malware One year after the disruptive supply-chain attacks, researchers have observed two new clusters of activity from the Russia-based actors that signal a significant threat may be brewing.
07 December 2021

5 common gift card scams and how to spot them

It often pays to look a gift horse in the mouth – recognizing these types of gift card fraud will go a long way toward helping you stay safe from this growing threat not just this holiday season

The post 5 common gift card scams and how to spot them appeared first on WeLiveSecurity

07 December 2021