Cybersecurity News
Week in security with Tony Anscombe
What's it like working as a malware researcher? – ProtonMail and the battle for email privacy – Man charged with hacking, trying to extort US sports leagues
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Feds Offer $10 Million Bounty for DarkSide Info
The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group.
SSL certificate research highlights pitfalls for company data, competition
Analysis reveals hidden risks for organizations that do not monitor their certificate usage.US Blacklists Pegasus Spyware Maker
NSO Group plans to fight the trade ban, saying it's "dismayed" and clinging to the mantra that its tools actually help to prevent terrorism and crime.
3 Guideposts for Building a Better Incident-Response Plan
Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.
‘Tis the Season for the Wayward Package Phish
The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here's a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.Google squashes Android zero‑day bug exploited in targeted attacks
Beyond the vulnerability in the Android kernel, the monthly round of security patches plugs another 38 security loopholes
The post Google squashes Android zero‑day bug exploited in targeted attacks appeared first on WeLiveSecurity
Google squashes Android zero‑day bug exploited in targeted attacks
Beyond the vulnerability in the Android kernel, the monthly round of security patches plugs another 38 security loopholes
The post Google squashes Android zero‑day bug exploited in targeted attacks appeared first on WeLiveSecurity
Free Discord Nitro Offer Used to Steal Steam Credentials
A fake Steam pop-up prompts users to ‘link’ Discord account for free Nitro subs.
Critical Linux Kernel Bug Allows Remote Takeover
The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.
Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar
The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victims’ machines to steal credentials and personal info.
US indicts UK resident 'PlugwalkJoe' for cryptocurrency theft
The UK national is accused of stealing $784,000 in cryptocurrency.Remote code execution flaw patched in Linux Kernel TIPC module
The bug was spotted within a year of introduction to the codebase.Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign
The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members.
‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks
The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new "Tortilla" threat actor.
Predicting the Next OWASP API Security Top 10
API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.
Israeli spyware company NSO Group placed on US blacklist
Decision against company at heart of Pegasus project reflects deep concern about impact of spyware on US national security interests
NSO Group has been placed on a US blacklist by the Biden administration after it determined the Israeli spyware maker has acted “contrary to the foreign policy and national security interests of the US”.
The finding by the commerce department represents a blow to the Israeli company and reveals a deep undercurrent of concern by the US about the impact of spyware on national security interests.
Continue reading...Win one for privacy – Swiss providers don’t have to talk
Security and privacy get a leg up in Proton’s legal challenge against data retention and disclosure obligations
The post Win one for privacy – Swiss providers don’t have to talk appeared first on WeLiveSecurity
Win one for privacy – Swiss providers don’t have to talk
Security and privacy get a leg up in Proton’s legal challenge against data retention and disclosure obligations
The post Win one for privacy – Swiss providers don’t have to talk appeared first on WeLiveSecurity