Cybersecurity News

Zerodium Spikes Payout for Zero-Click Outlook Zero-Days

The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.

28 January 2022

Week in security with Tony Anscombe

ESET Research uncovers DazzleSpy malware attacks targeting macOS users – Trading personal data for free online services – PayPal hacking made easy

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

28 January 2022

Conti, DeadBolt Target Delta, QNAP

QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been crippled.

28 January 2022

Shlayer and Bundlore MacOS Malware Strains – How Uptycs EDR Detection Can Help

MacOS malware Shlayer and Bundlore may have variations, but the behavior of their attacks have not changed – attacking older macOS versions and poorly-protected websites.

28 January 2022

Who Wrote the ALPHV/BlackCat Ransomware Strain?

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. "BlackCat"), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we'll explore some of the clues left behind by the developer who was reputedly hired to code the ransomware variant.

28 January 2022

Silkworm security? Researchers create new authentication method using silk fibers

Academics say the material could be used to create unclonable physical components suitable for supporting digital security.

28 January 2022

Google Play app dropped Vultur banking Trojan on Android handsets

The app was installed thousands of times before it was removed.

28 January 2022

2FA App Loaded with Banking Trojan Infests 10K Victims via Google Play

The Vultur trojan steals bank credentials but asks for permissions to do far more damage down the line.

27 January 2022

BotenaGo Botnet Code Leaked to GitHub

The malware had already put millions of routers and IoT devices at risk, and now any noob can have at it.

27 January 2022

PCI SSC in Brazil: New Regional Engagement Board for 2022

PCI SSC has announced a newly expanded Brazil Regional Engagement Board (REB). Here we talk with PCI SSC Associate Director, LA Region for Brazil, Carlos Caetano, about the value of the board, its role and agenda for 2022.

27 January 2022

Shipment-Delivery Scams a Fav Way to Spread Malware

Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.

27 January 2022

How to Secure Your SaaS Stack with a SaaS Security Posture Management Solution

SaaS Security Posture Management (SSPM) named a must have solution by Gartner. Adaptive Shields SSPM solution allows security teams full visibility and control.

27 January 2022

EyeMed agrees $600,000 settlement over 2020 data breach

The data of roughly 2.1 million individuals was exposed.

27 January 2022

DeepDotWeb operator sentenced to eight years behind bars

The platform provided links to Dark Web marketplaces.

27 January 2022

Beyond the tick box: What to consider before agreeing to a privacy policy

The trade-off between using a free service and giving up our personal data becomes much less palatable when we think about the wider ramifications of the collection and use of our personal data

The post Beyond the tick box: What to consider before agreeing to a privacy policy appeared first on WeLiveSecurity

27 January 2022