FBI systems compromised to send out fake attack alerts
Hackers break into the Bureau’s email systems to send out at least 100,000 emails warning recipients of imminent cyberattacks
The post FBI systems compromised to send out fake attack alerts appeared first on WeLiveSecurity
FBI Says Its System Was Exploited to Email Fake Cyberattack AlertThe alert was mumbo jumbo, but it was indeed sent from the bureau's email system, from the agency’s own internet address.
Hoax Email Blast Abused Poor Coding in FBI WebsiteThe Federal Bureau of Investigation (FBI) confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sent by abusing insecure code in an FBI online portal designed to share information with state and local law enforcement authorities.
Threat from Organized Cybercrime Syndicates Is RisingEuropol reports that criminal groups are undermining the EU’s economy and its society, offering everything from murder-for-hire to kidnapping, torture and mutilation.
Costco Confirms: A Data Skimmer’s Been Ripping Off CustomersBig-box behemoth retailer Costco is offering victims 12 months of credit monitoring, a $1 million insurance reimbursement policy and ID theft recovery services.
Top 10 Cybersecurity Best Practices to Combat RansomwareImmutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile.
Windows 10 Privilege-Escalation Zero-Day Gets an Unofficial FixResearchers warn that CVE-2021-34484 can be exploited with a patch bypass for a bug originally addressed in August by Microsoft.
Mac Zero Day Targets Apple Devices in Hong KongGoogle researchers have detailed a widespread watering-hole attack that installed a backdoor on Apple devices that visited Hong Kong-based media and pro-democracy sites.
Week in security with Tony Anscombe
Steps to take right after a data breach – What to consider before going passwordless – 7 million people hit by Robinhood data breach
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Millions of Routers, IoT Devices at Risk from New Open-Source MalwareBotenaGo, written in Google’s Golang programming language, can exploit more than 30 different vulnerabilities.
Invest in These 3 Key Security Technologies to Fight RansomwareRansomware volumes are up 1000%. Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs , discusses secure email, network segmentation and sandboxing for defense.
Back-to-Back PlayStation 5 Hacks Hit on the Same DayCyberattackers stole PS5 root keys and exploited the kernel, revealing rampant insecurity in gaming devices.
Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for CashA Russian-language threat group is available for hire, to steal data on journalists, political leaders, activists and from organizations in every sector.
No 10 accused of failing to act against states accused of NSO spyware abuses
Group of 10 MPs and peers say Boris Johnson’s government has prioritised trade over national security
Boris Johnson’s government has been accused by MPs of prioritising trade agreements over national security in its handling of surveillance abuses on British soil by governments using spyware made by the Israeli company NSO Group.
A letter to the British prime minister signed by 10 MPs and peers has called on the government to end its cybersecurity programmes with countries that are known to have used NSO spyware to target dissidents, journalists and lawyers, among others, and to impose sanctions on NSO, “if they are at all serious about our national security”.Continue reading...
Congress Mulls Ban on Big Ransom PayoutsA bill introduced this week would regulate ransomware response by the country's critical financial sector.
Google debuts ClusterFuzzLite security tool for CI, CD workflowsThe fuzzing solution is set to bolster software supply chain security.
Tiny Font Size Fools Email Filters in BEC PhishingThe One Font BEC campaign targets Microsoft 365 users and uses sophisticated obfuscation tactics to slip past security protections to harvest credentials.
BazarBackdoor now abuses Windows 10 apps feature in 'call me back' attackAppInstaller.exe has been twisted in a new form of phishing attack.
BazarBackdoor now abuses Windows 10 app feature in 'call me back' attackAppInstaller.exe has been twisted in a new form of phishing attack.
NSO Group’s CEO-designate quits after US blacklists spyware firm
Move reported by Israeli media comes after Biden administration said firm acted contrary to US security interests
The chief executive officer-designate of NSO Group has resigned citing the Israeli spyware company’s blacklisting by the US Department of Commerce last week, Israeli media said on Thursday.
NSO Group declined to comment.Continue reading...