Cybersecurity News


Rickroll Grad Prank Exposes Exterity IPTV Bug

Rickroll Grad Prank Exposes Exterity IPTV Bug IPTV and IP video security is increasingly under scrutiny, even by high school kids.
14 October 2021

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones.
14 October 2021

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the "hackers" and anyone who aided the publication in its "attempt to embarrass the state and sell headlines for their news outlet."
14 October 2021

CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features

CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active.
14 October 2021

Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once

Podcast: 67% of Orgs Have Been Hit by Ransomware at Least Once Fortinet’s Derek Manky discusses a recent global survey showing that two-thirds of organizations suffered at least one ransomware attack, while half were hit multiple times.
14 October 2021

Employee offboarding: Why companies must close a crucial gap in their security strategy

There are various ways a departing employee could put your organization at risk of a data breach. How do you offboard employees the right way and ensure your data remains safe?

The post Employee offboarding: Why companies must close a crucial gap in their security strategy appeared first on WeLiveSecurity

14 October 2021

FreakOut Botnet Turns DVRs Into Monero Cryptominers

FreakOut Botnet Turns DVRs Into Monero Cryptominers The new Necro Python exploit targets Visual Tool DVRs used in surveillance systems.
13 October 2021

Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers

Brizy WordPress Plugin Exploit Chains Allow Full Site Takeovers A stored XSS and arbitrary file-upload bug can be paired with an authorization bypass to wreak havoc.
13 October 2021

Cybersecurity Month: Defense Against Phishing Attacks


As an  Official Champion of National Cyber Security Awareness Month (NCSAM), the Council will be sharing educational resources on payment security best practices on the PCI Perspectives blog, and through our Twitter (@PCISSC) and LinkedIn pages. The Council will align these resources with the four weekly themes outlined by the National Cyber Security Alliance:

13 October 2021

How Coinbase Phishers Steal One-Time Passwords

A recent phishing campaign targeting Coinbase users shows thieves are getting cleverer about phishing one-time passwords (OTPs) needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email addresses that are already associated with active accounts.
13 October 2021

Mandating a Zero-Trust Approach for Software Supply Chains

Mandating a Zero-Trust Approach for Software Supply Chains Sounil Yu, CISO at JupiterOne, discusses software bills of materials (SBOMs) and the need for a shift in thinking about securing software supply chains.
13 October 2021

OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances

OpenSea ‘Free Gift’ NFTs Drain Cryptowallet Balances Cybercriminals exploited bugs in the world's largest digital-goods marketplace to create malicious artwork offered as a perk to unsuspecting users.
13 October 2021

International cryptocurrency scam ring targets European dating app users

You might lose your money as well as your heart.
13 October 2021

Apple: Forcing app sideloading would turn iPhones into virus-prone 'pocket PCs'

Apple says that sideloading would undermine the "privacy and security protections" of iPhones.
13 October 2021

30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware

30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware The previously unknown SnapMC group exploits unpatched VPNs and webserver apps to breach systems and carry out quick-hit extortion in less time than it takes to order a pizza.
13 October 2021

Bugs allowing malicious NFT uploads uncovered in OpenSea marketplace

Malicious NFTs could have become an attack vector for hackers trying to steal digital wallet funds.
13 October 2021

Don’t get phished! How to be the one that got away

If it looks like a duck, swims like a duck, and quacks like a duck, then it's probably a duck. Now, how do you apply the duck test to defense against phishing?

The post Don’t get phished! How to be the one that got away appeared first on WeLiveSecurity

13 October 2021

Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign

Microsoft Kills Bug Being Exploited in MysterySnail Espionage Campaign Microsoft's October 2021 Patch Tuesday included security fixes for 74 vulnerabilities, one of which is a zero-day being used to deliver the MysterySnail RAT to Windows servers.
12 October 2021

Patch Tuesday, October 2021 Edition

Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited in active attacks. This month's Patch Tuesday also includes security fixes for the newly released Windows 11 operating system.
12 October 2021

Windows Zero-Day Actively Exploited in Widespread Espionage Campaign

Windows Zero-Day Actively Exploited in Widespread Espionage Campaign The cyberattacks, linked to a Chinese-speaking APT, deliver the new MysterySnail RAT malware to Windows servers.
12 October 2021