Cybersecurity News


KrebsOnSecurity Hit By Huge New IoT Botnet “Meris”

On Thursday evening, KrebsOnSecurity was the subject of a rather massive (and mercifully brief) distributed denial-of-service (DDoS) attack. The assault came from "Meris," the same new "Internet of Things" (IoT) botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.
10 September 2021

Week in security with Tony Anscombe

Cyberespionnage against Kurdish ethnic group, and more! – Week in security with Tony Anscombe

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

10 September 2021

Victims duped out of US$1.8 million by BEC and Romance scam ring

Elderly men and women were the main targets of the romance scams operated by the fraudsters.

The post Victims duped out of US$1.8 million by BEC and Romance scam ring appeared first on WeLiveSecurity

10 September 2021

Yandex Pummeled by Potent Meris DDoS Botnet

Yandex Pummeled by Potent Meris DDoS Botnet Record-breaking distributed denial of service attack targets Russia’s version of Google - Yandex.
10 September 2021

SOVA, Worryingly Sophisticated Android Trojan, Takes Flight

SOVA, Worryingly Sophisticated Android Trojan, Takes Flight The malware appeared in August with an ambitious roadmap (think ransomware, DDoS) that could make it 'the most feature-rich Android malware on the market.'
10 September 2021

5 Steps For Securing Your Remote Work Space

5 Steps For Securing Your Remote Work Space With so many people still working from home, cybercriminals are trying to cash in. Cyberattacks have increased 300% and the risk of losing important data or being compromised is much greater at home. Here are five recommendations for securing your home office.
10 September 2021

Google debuts new Private Compute features in ramp up of Android security

Google will also make the source code public for external audits.
10 September 2021

Stolen Credentials Led to Data Theft at United Nations

Stolen Credentials Led to Data Theft at United Nations Threat actors accessed the organization’s proprietary project management software, Umoja, in April, accessing the network and stealing info that can be used in further attacks.
10 September 2021

US military reservist lands himself prison sentence for operating romance scams

Older women and men were among his targets.
10 September 2021

Nuisance calls could lead to multimillion-pound fines in UK

Nuisance calls could lead to multimillion-pound fines in UK

Ministers considering bringing punishment in line with GDPR, which can issue fine of up to £17.5m

Multimillion-pound fines could be imposed for nuisance or fraudulent calls and texts under a proposed overhaul of the UK’s data rules.

Companies behind nuisance communications can be fined £500,000 by the Information Commissioner’s Office (ICO) but ministers are considering bringing the punishment in line with General Data Protection Regulation (GDPR), which can issue a fine of up to £17.5m or 4% of global turnover.

Continue reading...
10 September 2021

Ukrainian man extradited to the US to face botnet, data theft charges

The suspect has been detained ahead of his trial.
10 September 2021

Thousands of Fortinet VPN Account Credentials Leaked

Thousands of Fortinet VPN Account Credentials Leaked They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit.
09 September 2021

McDonald’s Email Blast Includes Password to Monopoly Game Database

McDonald’s Email Blast Includes Password to Monopoly Game Database Usernames, passwords for database sent in prize redemption emails.
09 September 2021

Howard University suffers cyberattack, suspends online classes in aftermath

The university suffered a ransomware attack, however there is no evidence so far of data being accessed or stolen.

The post Howard University suffers cyberattack, suspends online classes in aftermath appeared first on WeLiveSecurity

09 September 2021

Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’

Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’ John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.
09 September 2021

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.
09 September 2021

SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’

SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’ Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. 
09 September 2021

Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix

Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom.
09 September 2021

BladeHawk Attackers Target Kurds with Android Apps

BladeHawk Attackers Target Kurds with Android Apps Pro-Kurd Facebook profiles deliver '888 RAT' and 'SpyNote' trojans, masked as legitimate apps, to perform mobile espionage.
09 September 2021

Attacker releases credentials for 87,000 FortiGate SSL VPN devices

Access data for FortiGate devices was obtained by exploiting a known, old vulnerability.
09 September 2021