Cybersecurity News


The Rise of One-Time Password Interception Bots

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.
29 September 2021

Akamai acquires cybersecurity firm Guardicore for $600 million

Guardicore's zero-trust solutions brought it to the attention of the CDN.
29 September 2021

Google launches new reward program for Tsunami Security Scanner

The program offers up to $3,133 in financial rewards.
29 September 2021

Telegram bots are trying to steal your one-time passwords

The tokens can be used to shred second-stage account verification.
29 September 2021

How to Prevent Account Takeovers in 2021

How to Prevent Account Takeovers in 2021 Dave Stewart, Approov CEO, lays out six best practices for orgs to avoid costly account takeovers.
28 September 2021

Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts

Gamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts The BloodyStealer trojan helps cyberattackers go after in-game goods and credits.
28 September 2021

SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever

SAS 2021: FinSpy Surveillance Kit Re-Emerges Stronger Than Ever A 'nearly impossible to analyze' version of the malware sports a bootkit and 'steal-everything' capabilities.
28 September 2021

Apple Airtag Bug Enables ‘Good Samaritan’ Attack

The new $30 Airtag tracking device from Apple has a feature that allows anyone who finds one of these tiny location beacons to scan it with a mobile phone and discover its owner's phone number if the Airtag has been set to lost mode. But according to new research, this same feature can be abused to redirect the Good Samaritan to an iCloud phishing page -- or to any other malicious website.
28 September 2021

Paving the Way: Inspiring Women in Payments - A Podcast Featuring Agnes Ng

 

Sometimes, being a woman brings in a more human touch when navigating through challenging security issues. This sensitivity to customer concerns is exactly what has helped Agnes Ng achieve success as a female entrepreneur in the Singapore payment industry. In this edition of our podcast, Agnes explains that despite a lack of women taking technology courses as part of their education in Singapore, she believes that more doors will be opened to women in technology as part of the government’s initiative to stay ahead as a global city.

28 September 2021

FinSpy surveillance malware is now spreading through UEFI bootkits

The spyware had previously been associated with malicious installers and MBR bootkits.
28 September 2021

Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw The unredacted RCE exploit allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service.
28 September 2021

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence.
28 September 2021

Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

Credential Spear-Phishing Uses Spoofed Zix Encrypted Email The spoofed email has targeted close to 75K inboxes, slipping past spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and more.
28 September 2021

Scalper bots are now targeting graphics card vendors

Concert tickets are no longer the most coveted items on a reseller's list.
28 September 2021

5 Steps to Securing Your Network Perimeter

5 Steps to Securing Your Network Perimeter Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress.
27 September 2021

Women, Minorities Are Hacked More Than Others

Women, Minorities Are Hacked More Than Others Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.
27 September 2021

EU: Russia Behind ‘Ghostwriter’ Campaign Targeting Germany

EU: Russia Behind ‘Ghostwriter’ Campaign Targeting Germany It's not the first time that the disinformation/spearphishing campaign, which originally smeared NATO, has been linked to Russia.
27 September 2021

Google releases emergency fix to plug zero‑day hole in Chrome

The emergency release comes a mere three days after Google’s previous update that plugged another 19 security loopholes

The post Google releases emergency fix to plug zero‑day hole in Chrome appeared first on WeLiveSecurity

27 September 2021

3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale

3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn.  
27 September 2021

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
24 September 2021