Cybersecurity News


Polish opposition says government use of spyware is ‘crisis for democracy’

Polish opposition says government use of spyware is ‘crisis for democracy’

Opposition leader Donald Tusk calls for inquiry after watchdog says rivals were targeted by Pegasus spyware

Polish opposition leader Donald Tusk said on Tuesday reports that the government spied on its opponents represented the country’s biggest “crisis for democracy” since the end of communism.

A cybersecurity watchdog last week said the Pegasus spyware had been used to target prominent opposition figures, with Polish media dubbing the scandal a “Polish Watergate”.

Continue reading...
28 December 2021

2021 Wants Another Chance (A Lighter-Side Year in Review)

2021 Wants Another Chance (A Lighter-Side Year in Review) The year wasn't ALL bad news. These sometimes cringe-worthy/sometimes laughable cybersecurity and other technology stories offer schadenfreude and WTF opportunities, and some giggles.
28 December 2021

Global Cyberattacks from Nation-State Actors Posing Greater Threats

Global Cyberattacks from Nation-State Actors Posing Greater Threats Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. 
27 December 2021

The 5 Most-Wanted Threatpost Stories of 2021

The 5 Most-Wanted Threatpost Stories of 2021 A look back at what was hot with readers in this second year of the pandemic.
27 December 2021

2021 in review: The biggest cybersecurity stories of the year

As we close out another year like no other, let's look back at some of the most notable cybersecurity stories that shaped 2021

The post 2021 in review: The biggest cybersecurity stories of the year appeared first on WeLiveSecurity

27 December 2021

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code

4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities.
23 December 2021

Telegram Abused to Steal Crypto-Wallet Credentials

Telegram Abused to Steal Crypto-Wallet Credentials Attackers use the Telegram handle “Smokes Night” to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said.
23 December 2021

‘Spider-Man: No Way Home’ Download Installs Cryptominer

‘Spider-Man: No Way Home’ Download Installs Cryptominer The origin of the Monero cryptominer file has been traced to a Russian torrent website, researchers report.
23 December 2021

PYSA Emerges as Top Ransomware Actor in November

PYSA Emerges as Top Ransomware Actor in November Overtaking the Conti ransomware gang, PYSA finds success with government-sector attacks.
22 December 2021

All in One SEO Plugin Bug Threatens 3M Websites with Takeovers

All in One SEO Plugin Bug Threatens 3M Websites with Takeovers A critical privilege-escalation vulnerability could lead to backdoors for admin access nesting in web servers.
22 December 2021

Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS

Critical Apache HTTPD Server Bugs Could Lead to RCE, DoS Don't freak: It's got nothing to do with Log4Shell, except it may be just as far-reaching as Log4j, given HTTPD's tendency to tiptoe into software projects.
22 December 2021

Four Bugs in Microsoft Teams Left Platform Vulnerable Since March

Four Bugs in Microsoft Teams Left Platform Vulnerable Since March Attackers exploiting bugs in the “link preview” feature in Microsoft Teams could abuse the flaws to spoof links, leak an Android user’s IP address and launch a DoS attack.
22 December 2021

This holiday season, give your children the gift of cybersecurity awareness

Don't leave your kids to their own devices – give them a head start with staying safe online instead

The post This holiday season, give your children the gift of cybersecurity awareness appeared first on WeLiveSecurity

22 December 2021

Time to Ditch Big-Brother Accounts for Network Scanning

Time to Ditch Big-Brother Accounts for Network Scanning Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice.
21 December 2021

Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look

Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
21 December 2021

Half-Billion Compromised Credentials Lurking on Open Cloud Server

Half-Billion Compromised Credentials Lurking on Open Cloud Server A quarter-billion of those passwords were not seen in previous breaches that have been added to Have I Been Pwned.
21 December 2021

Two Active Directory Bugs Lead to Easy Windows Domain Takeover

Two Active Directory Bugs Lead to Easy Windows Domain Takeover Microsoft is urging customers to patch two Active Directory domain controller bugs after a PoC tool was publicly released on Dec. 12.
21 December 2021

FBI: Another Zoho ManageEngine Zero-Day Under Active Attack

FBI: Another Zoho ManageEngine Zero-Day Under Active Attack APT attackers are using a security vulnerability in ManageEngine Desktop Central to take over servers, deliver malware and establish network persistence.
21 December 2021

Conti Ransomware Gang Has Full Log4Shell Attack Chain

Conti Ransomware Gang Has Full Log4Shell Attack Chain Conti has become the first professional-grade, sophisticated ransomware group to weaponize Log4j2, now with a full attack chain.
20 December 2021

Robocalls More Than Doubled in 2021, Cost Victims $30B

Robocalls More Than Doubled in 2021, Cost Victims $30B T-Mobile reported blocking 21 billion scam calls during a record-smashing year for robocalls.
20 December 2021