Cybersecurity News


Wslink: Unique and undocumented malicious loader that runs as a server

There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor

The post Wslink: Unique and undocumented malicious loader that runs as a server appeared first on WeLiveSecurity

27 October 2021

Wslink: Unique and undocumented malicious loader that runs as a server

There are no code, functionality or operational similarities to suggest that this is a tool from a known threat actor

The post Wslink: Unique and undocumented malicious loader that runs as a server appeared first on WeLiveSecurity

27 October 2021

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike

SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.
26 October 2021

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure

Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.
26 October 2021

Lazarus Attackers Turn to the IT Supply Chain

Lazarus Attackers Turn to the IT Supply Chain Kaspersky researchers saw The North Korean state APT use a new variant of the BlindingCan RAT to breach a Latvian IT vendor and then a South Korean think tank.
26 October 2021

Why the Next-Generation of Application Security Is Needed

Why the Next-Generation of Application Security Is Needed New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here.
26 October 2021

FBI Raids Chinese Point-of-Sale Giant PAX Technology

U.S. federal investigators today raided the U.S. offices of PAX Technology, a Chinese provider of point-of-sale devices used by millions of businesses and retailers globally. KrebsOnSecurity has learned the raid is tied to reports that PAX's systems may have been involved in cyberattacks on U.S. and E.U. organizations.
26 October 2021

Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware

Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware Fake Craigslist emails that abuse Microsoft OneDrive warn users that their ads contain ‘inappropriate content.”
26 October 2021

Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users

Mozilla Firefox Blocks Malicious Add-Ons Installed by 455K Users The misbehaving Firefox add-ons were misusing an API that controls how Firefox connects to the internet.
26 October 2021

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads

Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads UltimaSMS leverages at least 151 apps that have been downloaded collectively more than 10 million times, to extort money through a fake premium SMS subscription service.
26 October 2021

Nearly all US execs have experienced a cybersecurity threat, but some say there's still no plan

A new survey suggests the disruption, share price drops, and theft are common consequences of attacks.
26 October 2021

Putting cybersecurity first: Why secure‑by‑design must be the norm

Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom

The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity

26 October 2021

Putting cybersecurity first: Why secure‑by‑design must be the norm

Organizations that aim to pull ahead of the competition need to develop a strong security culture from top to bottom

The post Putting cybersecurity first: Why secure‑by‑design must be the norm appeared first on WeLiveSecurity

26 October 2021

Schools put the brakes on facial recognition scheme for kids buying lunch

UK regulators swooped in before the program gained full momentum.
26 October 2021

Mozilla Firefox cracks down on malicious add-ons used by 455,000 users

The troublesome add-ons misused an API that controlled how Firefox connected to the internet.
26 October 2021

Defending Assets You Don’t Know About Against Cyberattacks

Defending Assets You Don’t Know About Against Cyberattacks No security defense is perfect, and shadow IT means no company can inventory every single asset that it has. David “moose” Wolpoff, CTO at Randori, discusses strategies for core asset protection given this reality.
25 October 2021

Groove Calls for Cyberattacks on US as REvil Payback

Groove Calls for Cyberattacks on US as REvil Payback The bold move signals a looming clash between Russian ransomware groups and the U.S.
25 October 2021

BQE Web Suite Billing App Rigged to Inflict Ransomware

BQE Web Suite Billing App Rigged to Inflict Ransomware An SQL-injection bug in the BQE Web Suite billing app has not only leaked sensitive information, it’s also let malicious actors execute code and deploy ransomware.
25 October 2021

BillQuick Billing App Rigged to Inflict Ransomware

BillQuick Billing App Rigged to Inflict Ransomware A SQL injection bug in the BillQuick billing app has not only leaked sensitive information, it’s also let malicious actors remotely execute code and deploy ransomware.
25 October 2021

Conti Ransom Gang Starts Selling Access to Victims

The Conti ransomware affiliate program appears to have altered its business plan recently. Organizations infected with Conti's malware who refuse to negotiate a ransom payment are added to Conti's victim shaming blog, where confidential files stolen from victims may be published or sold. But sometime over the past 48 hours, the cybercriminal syndicate updated its victim shaming blog to indicate that it is now selling access to many of the organizations it has hacked.
25 October 2021