Cybersecurity News


WordPress Plugin Bug Lets Subscribers Wipe Sites

WordPress Plugin Bug Lets Subscribers Wipe Sites The flaw, found in the Hashthemes Demo Importer plugin, allows any authenticated user to exsanguinate a vulnerable WordPress site, deleting nearly all database content and uploaded media.
27 October 2021

Ransomware Attacks Are Evolving. Your Security Strategy Should, Too

Ransomware Attacks Are Evolving. Your Security Strategy Should, Too Defending against ransomware will take a move to zero-trust, argues Daniel Spicer, CSO, Ivanti.
27 October 2021

Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam

Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam The kid was busted after abusing Google Ads to lure users to his fake gift card site. 
27 October 2021

Adobe’s Surprise Security Bulletin Dominated by Critical Patches

Adobe’s Surprise Security Bulletin Dominated by Critical Patches Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. The most severe can lead to information disclosure.
27 October 2021

War-Driving Technique Allows Wi-Fi Password-Cracking at Scale

War-Driving Technique Allows Wi-Fi Password-Cracking at Scale A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood.
27 October 2021

Apple Patches Critical iOS Bugs; One Under Attack

Apple Patches Critical iOS Bugs; One Under Attack Researchers found that one critical flaw in question is exploitable from the browser, allowing watering-hole attacks.
27 October 2021

Dark HunTOR: 150 arrested, $31 million seized in major dark web bust

The police sting spanned three continents and involved crackdowns in nine countries

The post Dark HunTOR: 150 arrested, $31 million seized in major dark web bust appeared first on WeLiveSecurity

27 October 2021

Dark HunTOR: 150 arrested, $31 million seized in major dark web bust

The police sting spanned three continents and involved crackdowns in nine countries

The post Dark HunTOR: 150 arrested, $31 million seized in major dark web bust appeared first on WeLiveSecurity

27 October 2021

Weeks early: Adobe dumps massive security patch update

The security update targets 14 products.
27 October 2021

Cyberattack Cripples Iranian Fuel Distribution Network

Cyberattack Cripples Iranian Fuel Distribution Network The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens.
27 October 2021

Cyber Attack Cripples Iranian Fuel Distribution Network

Cyber Attack Cripples Iranian Fuel Distribution Network The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens.
27 October 2021

Meet Balikbayan Foxes: a threat group impersonating the Philippine gov't

The gang is also taking advantage of COVID-19 to propagate Trojan malware.
27 October 2021

Wslink: Unique and undocumented malicious loader that runs as a server

There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor

The post Wslink: Unique and undocumented malicious loader that runs as a server appeared first on WeLiveSecurity

27 October 2021

Wslink: Unique and undocumented malicious loader that runs as a server

There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor

The post Wslink: Unique and undocumented malicious loader that runs as a server appeared first on WeLiveSecurity

27 October 2021

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.
26 October 2021

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.
26 October 2021

Lazarus Attackers Turn to the IT Supply Chain

Lazarus Attackers Turn to the IT Supply Chain Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.
26 October 2021

Why the Next-Generation of Application Security Is Needed

Why the Next-Generation of Application Security Is Needed New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.
26 October 2021

FBI Raids Chinese Point-of-Sale Giant PAX Technology

U.S. federal investigators today raided the U.S. offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U.S. and E.U. organizations.
26 October 2021

Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware

Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.”
26 October 2021