Cybersecurity News
Critical Cisco Bug in Small Business Routers to Remain Unpatched
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.
InkySquid State Actor Exploiting Known IE Bugs
The North Korea-linked APT group leverages known Internet Explorer vulns for watering-hole attacks.
Windows EoP Bug Detailed by Google Project Zero
Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention.
COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate
COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors.
Wanted: Disgruntled Employees to Deploy Ransomware
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer's network in exchange for a percentage of any ransom amount paid by the victim company.Postmortem on U.S. Census Hack Exposes Cybersecurity Failures
Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems.
Are you, the customer, the one paying the ransomware demand?
Ransomware payments may have greater implications than you thought – and not just for the company that gave in to the attackers’ demands
The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity
Bogus Cryptomining Apps Infest Google Play
The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads.
T-Mobile: >40 Million Customers’ Data Stolen
Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection.
T-Mobile: Breach Exposed SSN/DOB of 40M+ People
T-Mobile warned Monday that a data breach has exposed the names, date of birth, Social Security number and driver's license/ID information of more than 40 million current, former or prospective customers. The acknowledgment came less than 48 hours after millions of the stolen T-Mobile customer records went up for sale in the cybercrime underground.Health authorities in 40 countries targeted by COVID‑19 vaccine scammers
Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns
The post Health authorities in 40 countries targeted by COVID‑19 vaccine scammers appeared first on WeLiveSecurity
Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks
The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices.
Kerberos Authentication Spoofing: Don’t Bypass the Spec
Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.
Unpatched Fortinet Bug Allows Firewall Takeovers
The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month.
HolesWarm Malware Exploits Unpatched Windows, Linux Servers
The botnet cryptominer has already compromised 1,000-plus clouds since June.
The Overlooked Security Risks of The Cloud
Nate Warfield, CTO of Prevaliion, discusses the top security concerns for those embracing virtual machines, public cloud storage and cloud strategies for remote working.
Back-to-Basics: Secure Remote Access
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on securing remote access.
LockBit 2.0 Ransomware Proliferates Globally
Fresh attacks target companies' employees, promising millions of dollars in exchange for valid account credentials for initial access.
Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop
A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.
Nearly 2 million records from terrorist watchlist exposed online
The secret list was exposed online for three weeks, allowing anyone to access it without any kind of authentication
The post Nearly 2 million records from terrorist watchlist exposed online appeared first on WeLiveSecurity