Cybersecurity News


New Crypto-Stealer ‘Panda’ Spread via Discord

New Crypto-Stealer ‘Panda’ Spread via Discord PandaStealer is delivered in rigged Excel files masquerading as business quotes, bent on stealing victims' cryptocurrency and other info.
05 May 2021

Anti-Spam WordPress Plugin Could Expose Website User Data

Anti-Spam WordPress Plugin Could Expose Website User Data 'Spam protection, AntiSpam, FireWall by CleanTalk' is installed on more than 100,000 sites -- and could offer up sensitive info to attackers that aren't even logged in.
05 May 2021

Gap Between Security and Networking Teams May Hinder Tech Projects

Professionals in each field describe a poor working relationship between the two teams
05 May 2021

DoD Lets Researchers Target All Publicly Accessible Info Systems

The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
05 May 2021

Wanted: The (Elusive) Cybersecurity 'All-Star'

Wanted: The (Elusive) Cybersecurity 'All-Star' Separate workforce studies by (ISC) 2 and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
05 May 2021

Debating Law Enforcement's Role in the Fight Against Cybercrime

Debating Law Enforcement's Role in the Fight Against Cybercrime The FBI's action to remove Web shells from compromised Microsoft Exchange Servers sparks a broader discussion about officials' response to cyberattacks.
05 May 2021

Raft of Exim Security Holes Allow Linux Mail Server Takeovers

Raft of Exim Security Holes Allow Linux Mail Server Takeovers Remote code execution, privilege escalation to root and lateral movement through a victim's environment are all on offer for the unpatched or unaware.
05 May 2021

Peloton’s Leaky API Spilled Riders’ Private Data

Peloton’s Leaky API Spilled Riders’ Private Data On top of the privacy spill, Peloton is also recalling all treadmills after the equipment was linked to 70 injuries and the death of one child.
05 May 2021

DDoS attack knocks Belgian government websites offline

The attack overwhelmed the systems of a Belgian ISP, leading to widespread service outages and disruptions

The post DDoS attack knocks Belgian government websites offline appeared first on WeLiveSecurity

05 May 2021

Will 2021 Mark the End of World Password Day?

We might be leaving the world of mandatory asterisks and interrobangs behind for good.
05 May 2021

Feds Shut Down Fake COVID-19 Vaccine Phishing Website

Feds Shut Down Fake COVID-19 Vaccine Phishing Website ‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes.
05 May 2021

Malicious Office 365 Apps Are the Ultimate Insiders

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization's own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user's emails and files, both of which are then plundered to launch malware and phishing scams against others.
05 May 2021

Banking Trojan evolves from distribution through porn to phishing schemes

While starting out in Brazil, the malware may now also be present in Europe.
05 May 2021

Ousaban: Private photo collection hidden in a CABinet

Another in our occasional series demystifying Latin American banking trojans

The post Ousaban: Private photo collection hidden in a CABinet appeared first on WeLiveSecurity

05 May 2021

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency

The malware hones in on cryptocurrency funds as well as VPN credentials.
05 May 2021

Newer Generic Top-Level Domains a Security 'Nuisance'

Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use, new report says.
04 May 2021

Apple Issues Patches for Webkit Security Flaws

The vulnerabilities may already be under active attack, Apple says in an advisory.
04 May 2021

Global Phishing Attacks Spawn Three New Malware Strains

Global Phishing Attacks Spawn Three New Malware Strains The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked.
04 May 2021

Planning Our Passwordless Future

Planning Our Passwordless Future All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. (Part one of a two-part series.)
04 May 2021

Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack

Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.
04 May 2021