Cybersecurity News


Over a million WordPress sites breached

WordPress site owners hosted by GoDaddy woke this morning to find that their sites had been cracked open.
22 November 2021

What to do if you receive a data breach notice

Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed

The post What to do if you receive a data breach notice appeared first on WeLiveSecurity

22 November 2021

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim's funds via Zelle, a "peer-to-peer" (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target's bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.
19 November 2021

Iranians Charged in Cyberattacks Against U.S. 2020 Election

Iranians Charged in Cyberattacks Against U.S. 2020 Election The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.
19 November 2021

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
19 November 2021

Week in security with Tony Anscombe

ESET discovers watering hole attacks in the Middle East – Getting your life back on track after identity theft – How foreign influence operations have evolved

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

19 November 2021

CYBERWARCON – Foreign influence operations grow up

Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks.

The post CYBERWARCON – Foreign influence operations grow up appeared first on WeLiveSecurity

19 November 2021

California Pizza Kitchen Serves Up Employee SSNs in Data Breach

California Pizza Kitchen Serves Up Employee SSNs in Data Breach A hefty slice of data – that of 100K+ current and former employees – was spilled in an “external system breach,” the pizza chain said. 
19 November 2021

Ransomware Phishing Emails Sneak Through SEGs

Ransomware Phishing Emails Sneak Through SEGs The MICROP ransomware spreads via Google Drive and locally stored passwords.
18 November 2021

3 Top Tools for Defending Against Phishing Attacks

3 Top Tools for Defending Against Phishing Attacks Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.
18 November 2021

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months The bureau's flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets' networks.
18 November 2021

US Government declassifies data to foster would‑be defenders

US Government declassifies cybersecurity subjects they want you to learn about, and is hoping to pay you to learn them

The post US Government declassifies data to foster would‑be defenders appeared first on WeLiveSecurity

18 November 2021

Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials

Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific ‘ephemeral’ aspect of the project-management tool to link to SharePoint phishing pages.
18 November 2021

How to Choose the Right DDoS Protection Solution

How to Choose the Right DDoS Protection Solution Pankaj Gupta, Senior Director at Citrix, outlines how distributed denial of service attacks have become increasingly sophisticated, bigger and economically motivated.
18 November 2021

Cloud security firm Lacework secures $1.3 billion in new funding round

New investors including Liberty Global have joined the fray.
18 November 2021

‘My bank account was in a shambles’: The ordeal of an identity theft victim

A victim of identity theft tells us how criminals used his identity to commit fraud and what it took to put his life back in order

The post ‘My bank account was in a shambles’: The ordeal of an identity theft victim appeared first on WeLiveSecurity

18 November 2021

Tech CEO Pleads to Wire Fraud in IP Address Scheme

The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.
17 November 2021

Fake Ransomware Infection Hits WordPress Sites

Fake Ransomware Infection Hits WordPress Sites WordPress sites have been splashed with ransomware warnings that are as real as dime-store cobwebs made out of spun polyester.
17 November 2021

Netflix Bait: Phishers Target Streamers with Fake Service Signups

Netflix Bait: Phishers Target Streamers with Fake Service Signups Lures dressed up to look like movie and TV streaming offers are swiping payment data.
17 November 2021

Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns

Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns Meanwhile, a Microsoft analysis that followed six Iranian threat actor groups for over a year found them increasingly sophisticated, adapting and thriving.
17 November 2021