Cybersecurity News
ScarCruft APT Mounts Desktop/Mobile Double-Pronged Spy Attacks
The North Korea-linked group is deploying the Chinotto spyware backdoor against dissidents, journalists and other politically relevant individuals in South Korea.
Unpatched Windows Zero-Day Allows Privileged File Access
A temporary fix has been issued for CVE-2021-24084, which can be exploited using the LPE exploitation approach for the HiveNightmare/SeriousSAM bug.
More than 1,000 arrested in global crackdown on online fraud
The INTERPOL-led operation involved law enforcement from 20 countries and led to the seizure of millions of dollars in illicit gains
The post More than 1,000 arrested in global crackdown on online fraud appeared first on WeLiveSecurity
Shape-Shifting ‘Tardigrade’ Malware Hits Vaccine Makers
Some security researchers say it’s actually Cobalt Strike and not a SmokeLoader variant, but BioBright says in-depth testing shows it’s for real a scary morphic malware that changes its parts and recompiles itself.
The Internet is Held Together With Spit & Baling Wire
Imagine being able to disconnect or redirect Internet traffic destined for some of the world's largest companies -- just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the world's largest Internet backbones.Week in security with Tony Anscombe
How scammers take advantage of supply chain shortages – Tips for safe online shopping this holiday season – Steps to take after receiving a data breach notice
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
‘Amoral 21st-century mercenaries’: problems mount for NSO Group
Israeli spyware firm goes from bad to worse as scathing Apple lawsuit follows US blacklisting
Shalev Hulio, the co-founder of Israel’s NSO Group, was in Washington DC on a mission to try to resuscitate the surveillance company’s battered reputation on Capitol Hill shortly before the news broke that he had probably arrived too late to make a difference.
With little advance warning to its allies in Israel, the Biden administration announced on 3 November that it was putting the spyware maker – one of the most sophisticated cyber-weapons companies in the world – on a US blacklist, citing use of the company’s software by regimes around the world for “transnational repression”.
Continue reading...New Twists on Gift-Card Scams Flourish on Black Friday
Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday.
The triangle of holiday shopping: Scams, social media and supply chain woes
‘Tis the season to avoid getting played by scammers hijacking Twitter accounts and promoting fake offers for PlayStation 5 consoles and other red-hot products
The post The triangle of holiday shopping: Scams, social media and supply chain woes appeared first on WeLiveSecurity
9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery
A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices.
GoDaddy Breach Widens to Include Reseller Subsidiaries
Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen.
Apple’s NSO Group Lawsuit Amps Up Pressure on Pegasus Spyware-Maker
Just weeks after a judge ruled that NSO Group did not have immunity in a suit brought by Facebook subsidiary WhatsApp, Apple is adding significant weight to the company's woes.
Attackers Actively Target Windows Installer Zero-Day
Researcher discovered a “more powerful” variant of an elevation-of-privilege flaw for which Microsoft released a botched patch earlier this month.
Avoiding the shopping blues: How to shop online safely this holiday season
With the holiday shopping bonanza right around the corner, here's how to make sure your online spending spree is hacker-free
The post Avoiding the shopping blues: How to shop online safely this holiday season appeared first on WeLiveSecurity
Attackers Will Flock to Crypto Wallets, Linux in 2022: Podcast
That’s just the start of what cyberattackers will zero in on as they pick up APT techniques to hurl more destructive ransomware & supply-chain attacks, says Fortinet’s Derek Manky.
FBI, CISA urge organizations to be on guard for attacks during holidays
Threat actors have previously timed ransomware and other attacks to coincide with holidays and weekends
The post FBI, CISA urge organizations to be on guard for attacks during holidays appeared first on WeLiveSecurity
How to Defend Against Mobile App Impersonation
Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this.
Common Cloud Misconfigurations Exploited in Minutes, Report
Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes.