Cybersecurity News


Week in security with Tony Anscombe

ESET researchers analyze malware frameworks targeting air-gapped networks – ESET Research launches a podcast – INTERPOL cracks down on online fraud

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

03 December 2021

Scammers exploit Omicron fears in new COVID‑19 phishing campaign

Fraudsters take advantage of the emergence of the new variant to dupe unsuspecting victims out of their sensitive data

The post Scammers exploit Omicron fears in new COVID‑19 phishing campaign appeared first on WeLiveSecurity

03 December 2021

Threat Group Takes Aim Again at Cloud Platform Provider Zoho

Threat Group Takes Aim Again at Cloud Platform Provider Zoho Attackers that previously targeted the cloud platform provider have shifted their focus to additional products in the company’s portfolio.
03 December 2021

‘Double-Extortion’ Ransomware Damage Skyrockets 935%

‘Double-Extortion’ Ransomware Damage Skyrockets 935% Startling triple-digit growth is fueled by easy criminal access to corporate networks and RaaS tools, an analysis found.
02 December 2021

Planned Parenthood Breach Opens Patients to Follow-On Attacks

Planned Parenthood Breach Opens Patients to Follow-On Attacks Cyberattackers made off with addresses, insurance information, dates of birth, and most worryingly, clinical information, such as diagnosis, procedures, and/or prescription information.
02 December 2021

AT&T Takes Steps to Mitigate Botnet Found Inside Its Network 

AT&T Takes Steps to Mitigate Botnet Found Inside Its Network  AT&T is battling a modular malware called EwDoor on 5,700 VoIP servers, but it could have a larger wildcard certificate problem.
02 December 2021

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

In January 2021, technology vendor Ubiquiti Inc. [NYSE:UI] disclosed that a breach at a third party cloud provider had exposed customer account credentials. In March, a Ubiquiti employee warned that the company had drastically understated the scope of the incident, and that the third-party cloud provider claim was a fabrication. On Wednesday, a former Ubiquiti developer was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower.
02 December 2021

Cabinet Office fined £500,000 over New Year honours list data breach

Cabinet Office fined £500,000 over New Year honours list data breach

Regulator says safety of hundreds of individuals was jeopardised after their addresses were posted online

The Cabinet Office has been fined £500,000 by the UK’s data watchdog after the postal addresses of the 2020 New Year honours recipients were disclosed online.

The Information Commissioner’s Office (ICO) found officials failed to put in place “appropriate technical and organisational measures” to prevent the unauthorised disclosure of personal information in breach of data protection law.

Continue reading...
02 December 2021

Launching ESET Research Podcast: A peek behind the scenes of ESET discoveries

Press play for the first episode as host Aryeh Goretsky is joined by Zuzana Hromcová to discuss native IIS malware

The post Launching ESET Research Podcast: A peek behind the scenes of ESET discoveries appeared first on WeLiveSecurity

02 December 2021

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.
01 December 2021

Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments

Stealthy ‘WIRTE’ Gang Targets Middle Eastern Governments Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.
01 December 2021

Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users

Widespread ‘Smishing’ Campaign Defrauds Iranian Android Users Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.
01 December 2021

Jumping the air gap: 15 years of nation‑state effort

ESET researchers studied all the malicious frameworks ever reported publicly that have been used to attack air-gapped networks and are releasing a side-by-side comparison of their most important TTPs

The post Jumping the air gap: 15 years of nation‑state effort appeared first on WeLiveSecurity

01 December 2021

How Decryption of Network Traffic Can Improve Security

How Decryption of Network Traffic Can Improve Security Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.
30 November 2021

Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks

Lloyd’s Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks The insurer won’t pay for 'acts of cyber-war' or nation-state retaliation attacks.   
30 November 2021

Finland Faces Blizzard of FluBot-Spreading Text Messages

Finland Faces Blizzard of FluBot-Spreading Text Messages Millions of texts leading to the Flubot spyware/banking trojan are targeting everyone who uses Androids in the country, in an "exceptional" attack.
30 November 2021

Panasonic’s Data Breach Leaves Open Questions

Panasonic’s Data Breach Leaves Open Questions Cyberattackers had unfettered access to the technology giant's file server for four months.
30 November 2021

Paving the way: Inspiring Women in Payments - A podcast featuring Coalfire


In this edition of our podcast, the PCI Security Standards Council is pleased to host a panel discussion featuring four women from Coalfire, a leading provider of IT advisory services for security in a variety of industries, including payments.

30 November 2021

Yanluowang Ransomware Tied to Thieflock Threat Actor

Yanluowang Ransomware Tied to Thieflock Threat Actor Links between the tactics and tools demonstrated in attacks suggest a former affiliate has switched loyalties, according to new research.
30 November 2021

Printing Shellz: Critical bugs impacting 150 HP printer models patched

"Cross-site printing attacks" feature in the research.
30 November 2021