Cybersecurity News


How to Defend Against Mobile App Impersonation

How to Defend Against Mobile App Impersonation Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this.
23 November 2021

Common Cloud Misconfigurations Exploited in Minutes, Report

Common Cloud Misconfigurations Exploited in Minutes, Report Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes.
23 November 2021

Suspect arrested in 'ransom your employer' criminal scheme

The man at the heart of the 'business' allegedly wanted cash to fund a new social network project.
23 November 2021

Code execution bug patched in Imunify360 Linux server security suite

The vulnerability could be used to hijack web servers.
23 November 2021

GoDaddy’s Latest Breach Affects 1.2M Customers

GoDaddy’s Latest Breach Affects 1.2M Customers The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.
22 November 2021

Arrest in ‘Ransom Your Employer’ Email Scheme

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer's network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme -- a young man who said he was trying to save up money to help fund a new social network.
22 November 2021

Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches

Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season.
22 November 2021

Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws

Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.
22 November 2021

Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover

Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover CloudLinux' security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
22 November 2021

Over a million WordPress sites breached

WordPress site owners hosted by GoDaddy woke this morning to find that their sites had been cracked open.
22 November 2021

What to do if you receive a data breach notice

Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed

The post What to do if you receive a data breach notice appeared first on WeLiveSecurity

22 November 2021

The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back

One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim's funds via Zelle, a "peer-to-peer" (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target's bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.
19 November 2021

Iranians Charged in Cyberattacks Against U.S. 2020 Election

Iranians Charged in Cyberattacks Against U.S. 2020 Election The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.
19 November 2021

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years

6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
19 November 2021

Week in security with Tony Anscombe

ESET discovers watering hole attacks in the Middle East – Getting your life back on track after identity theft – How foreign influence operations have evolved

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

19 November 2021

CYBERWARCON – Foreign influence operations grow up

Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks.

The post CYBERWARCON – Foreign influence operations grow up appeared first on WeLiveSecurity

19 November 2021

California Pizza Kitchen Serves Up Employee SSNs in Data Breach

California Pizza Kitchen Serves Up Employee SSNs in Data Breach A hefty slice of data – that of 100K+ current and former employees – was spilled in an “external system breach,” the pizza chain said. 
19 November 2021

Ransomware Phishing Emails Sneak Through SEGs

Ransomware Phishing Emails Sneak Through SEGs The MICROP ransomware spreads via Google Drive and locally stored passwords.
18 November 2021

3 Top Tools for Defending Against Phishing Attacks

3 Top Tools for Defending Against Phishing Attacks Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.
18 November 2021

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months

FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months The bureau's flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets' networks.
18 November 2021