Cybersecurity News


BazarBackdoor now abuses Windows 10 apps feature in 'call me back' attack

AppInstaller.exe has been twisted in a new form of phishing attack.
11 November 2021

BazarBackdoor now abuses Windows 10 app feature in 'call me back' attack

AppInstaller.exe has been twisted in a new form of phishing attack.
11 November 2021

NSO Group’s CEO-designate quits after US blacklists spyware firm

NSO Group’s CEO-designate quits after US blacklists spyware firm

Move reported by Israeli media comes after Biden administration said firm acted contrary to US security interests

The chief executive officer-designate of NSO Group has resigned citing the Israeli spyware company’s blacklisting by the US Department of Commerce last week, Israeli media said on Thursday.

NSO Group declined to comment.

Continue reading...
11 November 2021

When the alarms go off: 10 key steps to take after a data breach

It’s often said that data breaches are no longer a matter of ‘if’, but ‘when’ – here’s what your organization should do, and avoid doing, in the case of a security breach

The post When the alarms go off: 10 key steps to take after a data breach appeared first on WeLiveSecurity

11 November 2021

EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms

New research highlights hundreds of companies that are at risk of cyberattacks.
11 November 2021

North Korean hackers target the South's think tanks through blog posts

Responsibility for new attacks has been laid at the feet of the Kimsuky threat group.
10 November 2021

SMS About Bank Fraud as a Pretext for Voice Phishing

Most of us have probably heard the term "smishing" -- which is a portmanteau for traditional phishing scams sent through SMS text messages. Smishing messages usually include a link to a site that spoofs a popular bank and tries to siphon personal information. But increasingly, phishers are turning to a hybrid form of smishing -- blasting out linkless text messages about suspicious bank transfers as a pretext for immediately calling and scamming anyone who responds via text.
10 November 2021

Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access

Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.
10 November 2021

Google scores big win as court blocks iPhone tracking lawsuit

The tech giant wins an appeal against a claim that it unlawfully collected personal data of millions of iPhone users

The post Google scores big win as court blocks iPhone tracking lawsuit appeared first on WeLiveSecurity

10 November 2021

Massive Zero Day Hole Found in Palo Alto Security Appliances

Massive Zero Day Hole Found in Palo Alto Security Appliances Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.
10 November 2021

New Android Spyware Poses Pegasus-Like Threat

New Android Spyware Poses Pegasus-Like Threat PhoneSpy already has stolen data and tracked the activity of targets in South Korea, disguising itself as legitimate lifestyle apps.
10 November 2021

A stalker's wishlist: PhoneSpy malware destroys Android privacy

A new surveillance campaign has revealed widespread infection on Android devices.
10 November 2021

Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs

Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs Experts urged users to prioritize patches for Microsoft Exchange and Excel, those favorite platforms so frequently targeted by cybercriminals and nation-state actors.
09 November 2021

Microsoft Patch Tuesday, November 2021 Edition

Microsoft Corp. today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Two of the patches address vulnerabilities that are already being used in active attacks online, and four of the flaws were disclosed publicly before today -- potentially giving adversaries a head start in figuring out how to exploit them.
09 November 2021

Not Punny: Angling Direct Breach Cripples Retailer for Days  

Not Punny: Angling Direct Breach Cripples Retailer for Days   A U.K. fishing retailer’s site has been hijacked and redirected to Pornhub.
09 November 2021

Robinhood data breach affects 7 million people

An attacker gained access to some of Robinhood's customer support systems and stole the personal data of around a third of the app's userbase

The post Robinhood data breach affects 7 million people appeared first on WeLiveSecurity

09 November 2021

Robinhood data breach affects 7 million people

An attacker gained access to some of Robinhood's customer support systems and stole the personal data of around a third of the app's userbase

The post Robinhood data breach affects 7 million people appeared first on WeLiveSecurity

09 November 2021

Paving the Way: Inspiring Women in Payments - A Q&A Featuring Amandeep Kaur

 

Amandeep Kaur was given a life-changing opportunity to leave her small village and move to the United Kingdom to stay with her aunt and uncle and study Information Security and Computer Forensics at a university of her choice. She followed her passion and, as a result, was able to start a new career in cybersecurity. But, for many women, opportunities like these are hard to find. In this edition of our blog, Amandeep explains that a lack of female role models in the industry, as well as a false stereotype that technology is “too hard” for women, can create negative perceptions that discourage women from this type of career.

09 November 2021

12 New Flaws Used in Ransomware Attacks in Q3

12 New Flaws Used in Ransomware Attacks in Q3 The Q3 2021 report revealed a 4.5% increase in CVEs associated with ransomware and a 3.4% increase in ransomware families compared with Q2 2021.
09 November 2021

The New Frontier of Enterprise Risk: Nth Parties

The New Frontier of Enterprise Risk: Nth Parties The average number of vulnerabilities discovered in a Cyberpion scan of external Fortune 500 networks (such as cloud systems) was 296, many critical (with the top of the scale weighing in at a staggering 7,500).
09 November 2021