Cybersecurity News


Norton 360 Now Comes With a Cryptominer

Norton 360, one of the most popular antivirus products on the market today, has installed a cryptocurrency mining program on its customers' computers. Norton's parent firm says the cloud-based service that activates the program and enables customers to profit from the scheme -- in which the company keeps 15 percent of any currencies mined -- is "opt-in," meaning users have to agree to enable it. But many Norton users complain the mining program is difficult to remove, and reactions from longtime customers have ranged from unease and disbelief to, "Dude, where's my crypto?"
06 January 2022

CES 2022: More sensors than people

A sea of sensors will soon influence almost everything in your world

The post CES 2022: More sensors than people appeared first on WeLiveSecurity

06 January 2022

Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover

Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch.
06 January 2022

Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying

Apple iPhone Malware Tactic Causes Fake Shutdowns to Enable Spying The 'NoReboot' technique is the ultimate in persistence for iPhone malware, preventing reboots and enabling remote attackers to do anything on the device while remaining completely unseen.
06 January 2022

Attackers Exploit Flaw in Google Docs’ Comments Feature

Attackers Exploit Flaw in Google Docs’ Comments Feature A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said.
06 January 2022

1.1M Compromised Accounts Found at 17 Major Companies

1.1M Compromised Accounts Found at 17 Major Companies The accounts fell victim to credential-stuffing attacks, according to the New York State AG.
05 January 2022

‘Elephant Beetle’ Lurks for Months in Networks

‘Elephant Beetle’ Lurks for Months in Networks The group blends into an environment before loading up trivial, thickly stacked, fraudulent financial transactions too tiny to be noticed but adding up to millions of dollars.
05 January 2022

Broward Breach Highlights Healthcare Supply-Chain Problems

Broward Breach Highlights Healthcare Supply-Chain Problems More than 1.3 million patient records were stolen in the just-disclosed breach, which occurred back in October.
05 January 2022

Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails

Uber Bug, Ignored for Years, Casts Doubt on Official Uber Emails A simple-to-exploit bug that allows bad actors to send emails from Uber's official system -- skating past email security -- went unaddressed despite multiple flagging by researchers.
05 January 2022

FTC to Go After Companies that Ignore Log4j

FTC to Go After Companies that Ignore Log4j Companies that fail to protect secure consumer data from Log4J attacks are at risk of facing Equifax-esque legal action and fines, the FTC warned.
05 January 2022

‘Malsmoke’ Exploits Microsoft’s E-Signature Verification

‘Malsmoke’ Exploits Microsoft’s E-Signature Verification The info-stealing campaign using ZLoader malware – previously used to deliver Ryuk and Conti ransomware – already has claimed more than 2,000 victims across 111 countries.
05 January 2022

Purple Fox rootkit discovered in malicious Telegram installers

Slicing up files allows the malware to stay under the radar.
05 January 2022

Morgan Stanley agrees to $60 million settlement in data breach lawsuit

Customer data was held on legacy equipment that was later sold on without being wiped.
05 January 2022

Malsmoke hackers abuse Microsoft signature verification in ZLoader cyberattacks

Malware exploits the system to steal credentials and other data.
05 January 2022

5 ways hackers steal passwords (and how to stop them)

From social engineering to looking over your shoulder, here are some of the most common tricks that bad guys use to steal passwords

The post 5 ways hackers steal passwords (and how to stop them) appeared first on WeLiveSecurity

05 January 2022

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

Microsoft Sees Rampant Log4j Exploit Attempts, Testing Microsoft says it's only going to get worse: It's seen state-sponsored and cyber-criminal attackers probing systems for the Log4Shell flaw through the end of December.
04 January 2022

SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More

SEGA’s Sloppy Security Confession: Exposed AWS S3 Bucket Offers Up Steam API Access & More SEGA's disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.
04 January 2022

Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites

Data Skimmer Hits 100+ Sotheby’s Real-Estate Websites The campaign was an opportunistic supply-chain attack abusing a weaponized cloud video player.
04 January 2022

Purple Fox Rootkit Dropped by Malicious Telegram Installers

Purple Fox Rootkit Dropped by Malicious Telegram Installers Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.
04 January 2022

McMenamins Data Breach Affects 12 Years of Employee Info

McMenamins Data Breach Affects 12 Years of Employee Info The Pacific Northwest hospitality stalwart is also still operationally crippled by a Dec. 12 ransomware attack.
04 January 2022