Cybersecurity News
The new PPI? Claims firms turn their fire on data breaches
People are being told they are entitled to compensation as more companies move into the industry
Claims companies and law firms looking for the next bonanza in payouts are targeting people who have been the victim of a data breach, with some telling those affected they could be entitled to thousands of pounds in compensation.
A Google search for the term “data breach claim” results in a long list of firms – the vast majority of them no-win, no-fee solicitors – and there are more moving into this space all the time. Meanwhile, adverts for firms are increasingly appearing in Instagram feeds.
Continue reading...11 December 2021
Next-Gen Maldocs & How to Solve the Human Vulnerability
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.
10 December 2021
‘Appalling’ Riot Games Job Fraud Takes Aim at Wallets
Scammers are using fake job listings to empty the wallets of young, hopeful victims looking to break into the gaming industry.
10 December 2021
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”
10 December 2021
Sprawling Active Attack Aims to Take Over 1.6M WordPress Sites
Cyberattackers are targeting security vulnerabilities in four plugins plus Epsilon themes, to assign themselves administrative accounts.
10 December 2021
Week in security with Tony Anscombe
How 'shoulder surfers' could hack into your Snapchat – Staying safe from gift card fraud – What is a buffer overflow vulnerability?
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
10 December 2021
‘Karakurt’ Extortion Threat Emerges, But Says No to Ransomware
The threat group, first identified in June, focuses solely on data exfiltration and subsequent extortion, and has already targeted 40 victims since September.
10 December 2021
Canadian Ransomware Arrest Is a Meaningful Flex, Experts Say
U.S. and Canada charge Ottawa man for ransomware attacks, signaling that North America is no cybercriminal haven.
09 December 2021
Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity
E-commerce's proverbial Who-ville is under siege, with a rise in bots bent on ruining gift cards and snapping up coveted gifts for outrageously priced resale.
09 December 2021
How MikroTik Routers Became a Cybercriminal Target
The powerful devices leveraged by the Meris botnet have weaknesses that make them easy to exploit, yet complex for organizations to track and secure, researchers said.
09 December 2021
SnapHack: Watch out for those who can hack into anyone’s Snapchat!
Oh snap! This is how easy it may be for somebody to hijack your Snapchat account – all they need to do is peer over your shoulder.
The post SnapHack: Watch out for those who can hack into anyone’s Snapchat! appeared first on WeLiveSecurity
09 December 2021
Canada Charges Its “Most Prolific Cybercriminal”
A 31-year-old Canadian man has been arrested and charged with fraud in connection with numerous ransomware attacks against businesses, government agencies and private citizens throughout Canada and the United States. Canadian authorities describe him as "the most prolific cybercriminal we've identified in Canada," but so far they've released few other details about the investigation or the defendant. Helpfully, an email address and nickname apparently connected to the accused offer some additional clues.08 December 2021
Malicious npm Code Packages Built for Hijacking Discord Servers
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.
08 December 2021
Moobot Botnet Chews Up Hikvision Surveillance Systems
Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned.
08 December 2021
Not with a Bang but a Whisper: The Shift to Stealthy C2
DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike's arsenal.
08 December 2021
Critical SonicWall VPN Bugs Allow Complete Appliance Takeover
Unauthenticated, remote attackers can achieve root-level RCE on SMA 100-series appliances.
08 December 2021
AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK
Researchers have found a number of high-security vulnerabilities in a library created by network virtualization firm Eltima, that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, among others: all apps that enable remote desktop access by using the Eltima software […]
08 December 2021
Emotet’s Behavior & Spread Are Omens of Ransomware Attacks
The botnet, which resurfaced last month on the back of TrickBot, can now directly install Cobalt Strike on infected devices, giving threat actors direct access to targets.
08 December 2021
Windows 10 Drive-By RCE Triggered by Default URI Handler
There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.
07 December 2021
Windows 10 Drive-By RCE Triggered by Default URI Handler
There's an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed.
07 December 2021