Cybersecurity News


Week in security with Tony Anscombe

What's it like working as a malware researcher? – ProtonMail and the battle for email privacy – Man charged with hacking, trying to extort US sports leagues

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

05 November 2021

Feds Offer $10 Million Bounty for DarkSide Info

Feds Offer $10 Million Bounty for DarkSide Info The U.S. State Department ups the ante in its hunt for the ransomware perpetrators by offering a sizeable cash sum for locating and arresting leaders of the cybercriminal group.
05 November 2021

SSL certificate research highlights pitfalls for company data, competition

Analysis reveals hidden risks for organizations that do not monitor their certificate usage.
05 November 2021

US Blacklists Pegasus Spyware Maker

US Blacklists Pegasus Spyware Maker NSO Group plans to fight the trade ban, saying it's "dismayed" and clinging to the mantra that its tools actually help to prevent terrorism and crime.
04 November 2021

3 Guideposts for Building a Better Incident-Response Plan

3 Guideposts for Building a Better Incident-Response Plan Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.
04 November 2021

‘Tis the Season for the Wayward Package Phish

The holiday shopping season always means big business for phishers, who tend to find increased success this time of year with a time-honored lure about a wayward package that needs redelivery. Here's a look at a fairly elaborate SMS-based phishing scam that spoofs FedEx in a bid to extract personal and financial information from unwary recipients.
04 November 2021

Google squashes Android zero‑day bug exploited in targeted attacks

Beyond the vulnerability in the Android kernel, the monthly round of security patches plugs another 38 security loopholes

The post Google squashes Android zero‑day bug exploited in targeted attacks appeared first on WeLiveSecurity

04 November 2021

Google squashes Android zero‑day bug exploited in targeted attacks

Beyond the vulnerability in the Android kernel, the monthly round of security patches plugs another 38 security loopholes

The post Google squashes Android zero‑day bug exploited in targeted attacks appeared first on WeLiveSecurity

04 November 2021

Free Discord Nitro Offer Used to Steal Steam Credentials

Free Discord Nitro Offer Used to Steal Steam Credentials A fake Steam pop-up prompts users to ‘link’ Discord account for free Nitro subs.
04 November 2021

Critical Linux Kernel Bug Allows Remote Takeover

Critical Linux Kernel Bug Allows Remote Takeover The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.
04 November 2021

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar

Magecart Credit Card Skimmer Avoids VMs to Fly Under the Radar The Magecart threat actor uses a browser script to evade detection by researchers and sandboxes so it targets only victims’ machines to steal credentials and personal info.
04 November 2021

US indicts UK resident 'PlugwalkJoe' for cryptocurrency theft

The UK national is accused of stealing $784,000 in cryptocurrency.
04 November 2021

Remote code execution flaw patched in Linux Kernel TIPC module

The bug was spotted within a year of introduction to the codebase.
04 November 2021

Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign

Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign The banker, aka Metamorfo, is roaring back after Spanish police arrested more than a dozen gang members.
03 November 2021

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks The Microsoft Exchange ProxyShell vulnerabilities are being exploited yet again for ransomware, this time with Babuk from the new "Tortilla" threat actor.
03 November 2021

Predicting the Next OWASP API Security Top 10

Predicting the Next OWASP API Security Top 10 API security risk has dramatically evolved in the last two years. Jason Kent, Hacker-in-Residence at Cequence Security, discusses the top API security concerns today and how to address them.
03 November 2021

Israeli spyware company NSO Group placed on US blacklist

Israeli spyware company NSO Group placed on US blacklist

Decision against company at heart of Pegasus project reflects deep concern about impact of spyware on US national security interests

NSO Group has been placed on a US blacklist by the Biden administration after it determined the Israeli spyware maker has acted “contrary to the foreign policy and national security interests of the US”.

The finding by the commerce department represents a blow to the Israeli company and reveals a deep undercurrent of concern by the US about the impact of spyware on national security interests.

Continue reading...
03 November 2021

Win one for privacy – Swiss providers don’t have to talk

Security and privacy get a leg up in Proton’s legal challenge against data retention and disclosure obligations

The post Win one for privacy – Swiss providers don’t have to talk appeared first on WeLiveSecurity

03 November 2021

Win one for privacy – Swiss providers don’t have to talk

Security and privacy get a leg up in Proton’s legal challenge against data retention and disclosure obligations

The post Win one for privacy – Swiss providers don’t have to talk appeared first on WeLiveSecurity

03 November 2021

Almost half of rootkits are used for cyberattacks against government organizations

Research institutes are also in the firing line.
03 November 2021