Cybersecurity News


Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them

Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them Uptycs Threat Research outline how malicious Linux shell scripts are used to cloak attacks and how defenders can detect and mitigate against them.
29 July 2021

Tackling the insider threat to the new hybrid workplace

Now that organizations are set to evolve a hybrid blend of home and office-based work for most employees, it is more important then ever to address the risks that insider threat can - willingly or unwitingly - pose.

The post Tackling the insider threat to the new hybrid workplace appeared first on WeLiveSecurity

29 July 2021

Most Twitter users haven’t enabled 2FA yet, report reveals

Twitter’s transparency report revealed that users aren’t quick to adopt 2FA and once they do enable it, they choose the least secure option

The post Most Twitter users haven’t enabled 2FA yet, report reveals appeared first on WeLiveSecurity

28 July 2021

8 Security Tools to be Unveiled at Black Hat USA

8 Security Tools to be Unveiled at Black Hat USA Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
28 July 2021

BlackMatter & Haron: Evil Ransomware Newborns or Rebirths

BlackMatter & Haron: Evil Ransomware Newborns or Rebirths They’re either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling.
28 July 2021

Reboot of PunkSpider Tool at DEF CON Stirs Debate

Reboot of PunkSpider Tool at DEF CON Stirs Debate Researchers plan to introduce a revamp of PunkSpider, which helps identify flaws in websites so companies can make their back-end systems more secure, at DEF CON.
28 July 2021

Booking your next holiday? Watch out for these Airbnb scams

With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation.

The post Booking your next holiday? Watch out for these Airbnb scams appeared first on WeLiveSecurity

28 July 2021

Podcast: Why Securing Active Directory Is a Nightmare

Podcast: Why Securing Active Directory Is a Nightmare Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam.
28 July 2021

Enterprise data breach cost reached record high during COVID-19 pandemic

IBM research estimates that the average data breach now costs upward of $4 million.
28 July 2021

No More Ransom Saves Victims Nearly €1 Over 5 Years

No More Ransom Saves Victims Nearly €1 Over 5 Years No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich.
27 July 2021

Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS

The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products.

The post Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS appeared first on WeLiveSecurity

27 July 2021

Zimbra Server Bugs Could Lead to Email Plundering

Zimbra Server Bugs Could Lead to Email Plundering Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email.
27 July 2021

Back-to-Basics: Use Strong Passwords

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on using strong passwords.

27 July 2021

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP.
27 July 2021

Apple Patches Actively Exploited Zero-Day in iOS, MacOS

Apple Patches Actively Exploited Zero-Day in iOS, MacOS Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system.
27 July 2021

Malware developers turn to 'exotic' programming languages to thwart researchers

They are focused on exploiting pain points in code analysis and reverse-engineering.
27 July 2021

Podcast: IoT Piranhas Are Swarming Industrial Controls

Podcast: IoT Piranhas Are Swarming Industrial Controls Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure.
26 July 2021

Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn

Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin.
26 July 2021

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked.
26 July 2021

PlugwalkJoe Does the Perp Walk

One day after last summer's mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph "PlugwalkJoe" O'Connor appeared to have been involved in the incident. When the Justice Department last week announced O'Connor's arrest and indictment, his alleged role in the Twitter compromise was well covered in the media. But most of the coverage so far seem to have overlooked the far more sinister criminal charges in the indictment, which involve an underground scene wherein young men turn to extortion, sextortion, SIM swapping, death threats and physical attacks -- all in a bid to seize control over highly-prized social media accounts.
26 July 2021