Cybersecurity News


Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox

Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.
26 January 2022

Linux Bug in All Major Distros: ‘An Attacker’s Dream Come True’

Linux Bug in All Major Distros: ‘An Attacker’s Dream Come True’ The 12-year-old flaw in the sudo-like polkit’s pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days.
26 January 2022

Threat Actors Blanket Androids with Flubot, Teabot Campaigns

Threat Actors Blanket Androids with Flubot, Teabot Campaigns Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.
26 January 2022

Every breath you take, every move you make: Do fitness trackers pose privacy risks?

Should you beware of wearables? Here’s what you should know about the potential security and privacy risks of your smartwatch or fitness tracker.

The post Every breath you take, every move you make: Do fitness trackers pose privacy risks? appeared first on WeLiveSecurity

26 January 2022

DazzleSpy: Pro-democracy org hijacked to become macOS spyware distributor

A Safari exploit was being served through a watering hole attack.
26 January 2022

Trickbot will now try to crash researcher PCs to stop reverse engineering attempts

The Trojan has been refreshed with a new set of anti-analysis capabilities.
26 January 2022

UK government security center, i100 publish NMAP scripts for vulnerability scanning

The SME project aims to streamline the detection and remediation of specific bugs.
26 January 2022

Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet

Cyberattacks on Squid Game Minecraft Tourney Take Down Andorra’s Internet Some of the bursts of traffic reached up to 10Gbps, reports noted, overwhelming the country's only ISP, and crippling Andorran Squidcraft gamers along with the rest of the population.
25 January 2022

Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin

Ozzy Osbourne NFTs Used to Bite Off Chunk of Crypto Coin A discarded Discord vanity URL for CryptoBatz was hijacked by cybercriminals to drain cryptocurrency wallets.
25 January 2022

Segway Hit by Magecart Attack Hiding in a Favicon

Segway Hit by Magecart Attack Hiding in a Favicon Visitors who shopped on the company's eCommerce website in January will likely find their payment-card data heisted, researchers warned.
25 January 2022

Scary Fraud Ensues When ID Theft & Usury Collide

What's worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One reader's nightmare experience spotlights what can happen when ID thieves and hackers start targeting online payday lenders.
25 January 2022

New MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks

New MacOS Malware ‘DazzleSpy’ Used in Watering-Hole Attacks A pro-democracy Hong Kong site was used to launch watering-hole attacks that planted a powerful macOS backdoor that researchers dubbed DazzleSpy.
25 January 2022

AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover

AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users.
25 January 2022

BRATA Android Trojan Updated with ‘Kill Switch’ that Wipes Devices

BRATA Android Trojan Updated with ‘Kill Switch’ that Wipes Devices Researchers identify three new versions of the banking trojan that include various new features, including GPS tracking and novel obfuscation techniques.
25 January 2022

Staff negligence is now a major reason for insider security incidents

Negligence and malicious insider activities are common security challenges in the enterprise today.
25 January 2022

Watering hole deploys new macOS malware, DazzleSpy, in Asia

Hong Kong pro-democracy radio station website compromised to serve a Safari exploit that installed cyberespionage malware on site visitors’ Macs

The post Watering hole deploys new macOS malware, DazzleSpy, in Asia appeared first on WeLiveSecurity

25 January 2022

Mirai splinter botnets dominate IoT attack scene

One of the most well-known botnets ever to exist continues to plague PCs and connected devices.
25 January 2022

Linux Servers at Risk of RCE Due to Critical CWP Bugs

Linux Servers at Risk of RCE Due to Critical CWP Bugs The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
24 January 2022

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data.
24 January 2022

Surge in Malicious QR Codes Sparks FBI Alert

Surge in Malicious QR Codes Sparks FBI Alert QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.
24 January 2022