Cybersecurity News
Over a million WordPress sites breached
WordPress site owners hosted by GoDaddy woke this morning to find that their sites had been cracked open.What to do if you receive a data breach notice
Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed
The post What to do if you receive a data breach notice appeared first on WeLiveSecurity
The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back
One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim's funds via Zelle, a "peer-to-peer" (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target's bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.Iranians Charged in Cyberattacks Against U.S. 2020 Election
The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.
6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years
Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
Week in security with Tony Anscombe
ESET discovers watering hole attacks in the Middle East – Getting your life back on track after identity theft – How foreign influence operations have evolved
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
CYBERWARCON – Foreign influence operations grow up
Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks.
The post CYBERWARCON – Foreign influence operations grow up appeared first on WeLiveSecurity
California Pizza Kitchen Serves Up Employee SSNs in Data Breach
A hefty slice of data – that of 100K+ current and former employees – was spilled in an “external system breach,” the pizza chain said.
Ransomware Phishing Emails Sneak Through SEGs
The MICROP ransomware spreads via Google Drive and locally stored passwords.
3 Top Tools for Defending Against Phishing Attacks
Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.
FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months
The bureau's flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets' networks.
US Government declassifies data to foster would‑be defenders
US Government declassifies cybersecurity subjects they want you to learn about, and is hoping to pay you to learn them
The post US Government declassifies data to foster would‑be defenders appeared first on WeLiveSecurity
Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials
Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific ‘ephemeral’ aspect of the project-management tool to link to SharePoint phishing pages.
How to Choose the Right DDoS Protection Solution
Pankaj Gupta, Senior Director at Citrix, outlines how distributed denial of service attacks have become increasingly sophisticated, bigger and economically motivated.
Cloud security firm Lacework secures $1.3 billion in new funding round
New investors including Liberty Global have joined the fray.‘My bank account was in a shambles’: The ordeal of an identity theft victim
A victim of identity theft tells us how criminals used his identity to commit fraud and what it took to put his life back in order
The post ‘My bank account was in a shambles’: The ordeal of an identity theft victim appeared first on WeLiveSecurity
Tech CEO Pleads to Wire Fraud in IP Address Scheme
The CEO of a South Carolina technology firm has pleaded guilty to 20 counts of wire fraud in connection with an elaborate network of phony companies set up to obtain more than 735,000 Internet Protocol (IP) addresses from the nonprofit organization that leases the digital real estate to entities in North America.Fake Ransomware Infection Hits WordPress Sites
WordPress sites have been splashed with ransomware warnings that are as real as dime-store cobwebs made out of spun polyester.
Netflix Bait: Phishers Target Streamers with Fake Service Signups
Lures dressed up to look like movie and TV streaming offers are swiping payment data.
Exchange, Fortinet Flaws Being Exploited by Iranian APT, CISA Warns
Meanwhile, a Microsoft analysis that followed six Iranian threat actor groups for over a year found them increasingly sophisticated, adapting and thriving.