Cybersecurity News


Cyberattacks against the aviation industry linked to Nigerian threat actor

The investigation began after a Microsoft tweet concerning AsyncRAT.
17 September 2021

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel's conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.
16 September 2021

CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug

CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.
16 September 2021

Airline Credential-Theft Takes Off in Widening Campaign

Airline Credential-Theft Takes Off in Widening Campaign A spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom.
16 September 2021

Information Supplement: Implementing ISO Format 4 PIN Blocks


The Implementing ISO Format 4 PIN Blocks Information Supplement provides guidance to help PIN acquiring entities with the planning, migration, and testing of the implementation of ISO Format 4 PIN blocks in conformance with the requirements in the PCI PIN Standard. This document contains information that may be useful in migrating to the Advanced Encryption Standard (AES).

16 September 2021

Financial Cybercrime: Following Cryptocurrency via Public Ledgers

Financial Cybercrime: Following Cryptocurrency via Public Ledgers John Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack.
16 September 2021

REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out

REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13.
16 September 2021

New Go malware Capoae targets WordPress installs, Linux systems

Capoae highlights the increase of cyberattacks designed to deploy cryptocurrency-mining payloads.
16 September 2021

DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast

DDoS Attacks: A Flourishing Business for Cybercrooks – Podcast Imperva’s Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,
16 September 2021

HP Omen Hub Exposes Millions of Gamers to Cyberattack

HP Omen Hub Exposes Millions of Gamers to Cyberattack A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.
16 September 2021

Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk

Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said.
16 September 2021

Customer Care Giant TTEC Hit By Ransomware?

TTEC, [NASDAQ: TTEC], a company used by some of the world's largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident that appears to be the result of a ransomware attack, KrebsOnSecurity has learned.
15 September 2021

No Patch for High-Severity Bug in Legacy IBM System X Servers

No Patch for High-Severity Bug in Legacy IBM System X Servers Two of IBM's aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw.
15 September 2021

Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws

The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML.

The post Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws appeared first on WeLiveSecurity

15 September 2021

Attackers Impersonate DoT in Two-Day Phishing Scam

Attackers Impersonate DoT in Two-Day Phishing Scam Threat actors dangled the lure of receiving funds from the $1 trillion infrastructure bill and created new domains mimicking the real federal site.
15 September 2021

Cybercriminals recreate Cobalt Strike in Linux

The new malware strain has gone unnoticed by detection tools.
15 September 2021

Two-thirds of cloud attacks could be stopped by checking configurations, research finds

IBM says that over half of cloud security breaches are caused by issues simple to rectify.
15 September 2021

Meris botnet assaults KrebsOnSecurity

The botnet appears to be made up of compromised routers.
15 September 2021

Adobe Snuffs Critical Bugs in Acrobat, Experience Manager

Adobe Snuffs Critical Bugs in Acrobat, Experience Manager Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.
14 September 2021

Microsoft Patch Tuesday, September 2021 Edition

Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that's reportedly been abused to install spyware on iOS products, and Google's got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.
14 September 2021