Cybersecurity News
Sandworm uses a new version of ArguePatch to attack targets in Ukraine
ESET researchers spot an updated version of the malware loader used in the Industroyer2 and CaddyWiper attacks
The post Sandworm uses a new version of ArguePatch to attack targets in Ukraine appeared first on WeLiveSecurity
Closing the Gap Between Application Security and Observability
Daniel Kaar, global director application security engineering at Dynatrace, highlights the newfound respect for AppSec-enabled observability in the wake of Log4Shell.
380K Kubernetes API Servers Exposed to Public Internet
More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.
Fake domains offer Windows 11 installers - but deliver malware instead
Be careful what you are downloading - these files deliver the Vidar infostealer.Cyberattacks and misinformation activity against Ukraine continues say security researchers
Malware and fake news continues, says Mandiant.Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.
This Russian botnet does far more than DDoS attacks - and on a massive scale
Operators can track social media trends and tailor their propaganda to suit.The flip side of the coin: Why crypto is catnip for criminals
Cybercriminals continue to mine for opportunities in the crypto space – here's what you should know about coin-mining hacks and crypto theft
The post The flip side of the coin: Why crypto is catnip for criminals appeared first on WeLiveSecurity
Senators Urge FTC to Probe ID.me Over Selfie Data
Some of more tech-savvy Democrats in the U.S. Senate are asking the Federal Trade Commission (FTC) to investigate identity-proofing company ID.me for "deceptive statements" the company and its founder allegedly made over how they handle facial recognition data collected on behalf of the Internal Revenue Service, which until recently required anyone seeking a new IRS account online to provide a live video selfie to ID.me.DOJ Says Doctor is Malware Mastermind
The U.S. Department of Justice indites middle-aged doctor, accusing him of being a malware mastermind.
APTs Overwhelmingly Share Known Vulnerabilities Rather Than Attack O-Days
Research indicates that organizations should make patching existing flaws a priority to mitigate risk of compromise.
April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell
Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.
Fake news – why do people believe it?
In the age of the perpetual news cycle and digital media, the risks that stem from the fake news problem are all too real
The post Fake news – why do people believe it? appeared first on WeLiveSecurity
Wizard Spider hackers hire cold callers to scare ransomware victims into paying up
Researchers believe the group has millions of dollars in assets.When Your Smart ID Card Reader Comes With Malware
Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder's appropriate security level. But many government employees aren't issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here's one example.Sysrv-K Botnet Targets Windows, Linux
Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.
iPhones Vulnerable to Attack Even When Turned Off
Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.
Paving the Way: Inspiring Women in Payments - A Q&A featuring Jennifer Boyd
When Jennifer Boyd started her career in Information Technology many years ago, she was one of only a few women in her department. At that time, like in many other professions, technology was perceived as more of a gender-specific role. In this edition of our blog, Jennifer explains how she pursued the career she loved despite the challenges, and why she believes more women will be encouraged to join the industry as they see other women simply leading by example.
Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors
Microsoft's May Patch Tuesday update is triggering authentication errors.