GoDaddy’s Latest Breach Affects 1.2M CustomersThe kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.
Arrest in ‘Ransom Your Employer’ Email SchemeIn August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer's network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme -- a young man who said he was trying to save up money to help fund a new social network.
Online Merchants: Prevent Fraudsters from Becoming Holiday GrinchesBlack Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season.
Attackers Hijack Email Threads Using ProxyLogon/ProxyShell FlawsExploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters.
Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, TakeoverCloudLinux' security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
Over a million WordPress sites breachedWordPress site owners hosted by GoDaddy woke this morning to find that their sites had been cracked open.
What to do if you receive a data breach notice
Receiving a breach notification doesn’t mean you’re doomed – here’s what you should consider doing in the hours and days after learning that your personal data has been exposed
The post What to do if you receive a data breach notice appeared first on WeLiveSecurity
The ‘Zelle Fraud’ Scam: How it Works, How to Fight BackOne of the more common ways cybercriminals cash out access to bank accounts involves draining the victim's funds via Zelle, a "peer-to-peer" (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family. Naturally, a great deal of phishing schemes that precede these bank account takeovers begin with a spoofed text message from the target's bank warning about a suspicious Zelle transfer. What follows is a deep dive into how this increasingly clever Zelle fraud scam typically works, and what victims can do about it.
Iranians Charged in Cyberattacks Against U.S. 2020 ElectionThe State Department has offered a $10M reward for tips on the two Iran-based threat actors accused of voter intimidation and disinformation.
6M Sky Routers Left Exposed to Attack for Nearly 1.5 YearsPen Test Partners didn't disclose the vulnerability after 90 days because it knew ISPs were struggling with a pandemic-increased network load as work from home became the new norm.
Week in security with Tony Anscombe
ESET discovers watering hole attacks in the Middle East – Getting your life back on track after identity theft – How foreign influence operations have evolved
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
CYBERWARCON – Foreign influence operations grow up
Not long ago, disinformation campaigns were rather unsophisticated. These days, however, threat actors put serious time and effort into crafting their attacks.
The post CYBERWARCON – Foreign influence operations grow up appeared first on WeLiveSecurity
California Pizza Kitchen Serves Up Employee SSNs in Data BreachA hefty slice of data – that of 100K+ current and former employees – was spilled in an “external system breach,” the pizza chain said.
Ransomware Phishing Emails Sneak Through SEGsThe MICROP ransomware spreads via Google Drive and locally stored passwords.
3 Top Tools for Defending Against Phishing AttacksPhishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.
FBI: FatPipe VPN Zero-Day Exploited by APT for 6 MonthsThe bureau's flash alert said an APT has been exploiting the flaw to compromise FatPipe router clustering and load balancer products to breach targets' networks.
US Government declassifies data to foster would‑be defenders
US Government declassifies cybersecurity subjects they want you to learn about, and is hoping to pay you to learn them
The post US Government declassifies data to foster would‑be defenders appeared first on WeLiveSecurity