Cybersecurity News
GoDaddy’s Latest Breach Affects 1.2M Customers
The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.
22 November 2021
Arrest in ‘Ransom Your Employer’ Email Scheme
In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer's network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme -- a young man who said he was trying to save up money to help fund a new social network.22 November 2021
Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches
Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season.
22 November 2021
Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws
Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.
22 November 2021
Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
CloudLinux' security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
22 November 2021
Over a million WordPress sites breached
WordPress site owners hosted by GoDaddy woke this morning to find that their sites had been cracked open.22 November 2021
What to do if you receive a data breach notice
Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed
The post What to do if you receive a data breach notice appeared first on WeLiveSecurity
22 November 2021
The ‘Zelle Fraud’ Scam: How it Works, How to Fight Back
One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim's funds via Zelle, a "peer-to-peer" (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target's bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.19 November 2021
Iranians Charged in Cyberattacks Against U.S. 2020 Election
The State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.
19 November 2021
6M Sky Routers Left Exposed to Attack for Nearly 1.5 Years
Pen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
19 November 2021
Week in security with Tony Anscombe
ESET discovers watering hole attacks in the Middle East – Getting your life back on track after identity theft – How foreign influence operations have evolved
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
19 November 2021
CYBERWARCON – Foreign influence operations grow up
Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks.
The post CYBERWARCON – Foreign influence operations grow up appeared first on WeLiveSecurity
19 November 2021
California Pizza Kitchen Serves Up Employee SSNs in Data Breach
A hefty slice of data – that of 100K+ current and former employees – was spilled in an “external system breach,” the pizza chain said.
19 November 2021
Ransomware Phishing Emails Sneak Through SEGs
The MICROP ransomware spreads via Google Drive and locally stored passwords.
18 November 2021
3 Top Tools for Defending Against Phishing Attacks
Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.
18 November 2021
FBI: FatPipe VPN Zero-Day Exploited by APT for 6 Months
The bureau's flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets' networks.
18 November 2021
US Government declassifies data to foster would‑be defenders
US Government declassifies cybersecurity subjects they want you to learn about, and is hoping to pay you to learn them
The post US Government declassifies data to foster would‑be defenders appeared first on WeLiveSecurity
18 November 2021
Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials
Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific ‘ephemeral’ aspect of the project-management tool to link to SharePoint phishing pages.
18 November 2021
How to Choose the Right DDoS Protection Solution
Pankaj Gupta, Senior Director at Citrix, outlines how distributed denial of service attacks have become increasingly sophisticated, bigger and economically motivated.
18 November 2021
Cloud security firm Lacework secures $1.3 billion in new funding round
New investors including Liberty Global have joined the fray.18 November 2021