Cybersecurity News


Twitter accounts linked to cyberattacks against security researchers suspended

North Korean hackers are luring professionals with "zero-day vulnerability hype."
19 October 2021

TA505 Gang Is Back With Newly Polished FlawedGrace RAT

TA505 Gang Is Back With Newly Polished FlawedGrace RAT TA505 – cybercrime trailblazers with ever-evolving TTPs – have returned to mass-volume email attacks, flashing retooled malware and exotic scripting languages.
19 October 2021

Time to Build Accountability Back into Cybersecurity

Time to Build Accountability Back into Cybersecurity Chris Hass, director of information security and research at Automox, discusses how to assign security responsibility, punishment for poor cyber-hygiene and IDing 'security champions' to help small businesses.
18 October 2021

Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0?

Podcast: Could the Zoho Flaw Trigger SolarWinds 2.0? Companies are worried that the highly privileged password app could let attackers deep inside an enterprise’s footprint, says Redscan’s George Glass.
18 October 2021

Sinclair Confirms Ransomware Attack That Disrupted TV Stations

Sinclair Confirms Ransomware Attack That Disrupted TV Stations A major cyberattack resulted in data being stolen, too, but Sinclair's not sure which information is now in the hands of the crooks.
18 October 2021

TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings

TikTok Serves Up Fresh Gamer Targets via Fake Among Us, Steam Offerings The tween-friendly video app is being used to serve up malvertising, disguised as free Steam game accounts or Among Us game hacks.
18 October 2021

Request for Comments: PCI 3DS SDK and 3DS Core Security Standards


From 18 October to 17 November 2021, eligible PCI SSC stakeholders are invited to review and provide feedback on the currently published PCI 3DS SDK Security Standard and the PCI 3DS Core Security Standard during a 30-day request for comments (RFC) period. The full list of stakeholders eligible to participate can be found on the PCI SSC RFC webpage.

18 October 2021

Twitter Suspends Accounts Used to Snare Security Researchers

Twitter Suspends Accounts Used to Snare Security Researchers The accounts were used to catfish security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea.
18 October 2021

BlackByte ransomware decryptor released

The "odd" malware avoids systems based on Russian and ex-USSR languages.
18 October 2021

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates The group – which also created BazarLoader and the Conti ransomware – has juiced its distribution tactics to threaten enterprises more than ever.
15 October 2021

Missouri Vows to Prosecute ‘Hacker’ Who Disclosed Data Leak

Missouri Vows to Prosecute ‘Hacker’ Who Disclosed Data Leak Missouri Gov. Mike Parson launched a criminal investigation of a reporter who flagged a state website that exposed 100K+ Social-Security numbers for teachers and other state employees.
15 October 2021

Critical infrastructure security dubbed 'abysmal' by researchers

Researchers find that lax ICS security is putting critical services at risk of exploitation.
15 October 2021

Week in security with Tony Anscombe

Phishing and how to avoid taking the bait – Offboarding employees securely – Why old malware refuses to die

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

15 October 2021

Week in security with Tony Anscombe

Phishing and how to avoid taking the bait – Offboarding employees securely – Why old malware refuses to die

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

15 October 2021

Virus Bulletin: Old malware never dies – it just gets more targeted

Putting a precision payload on top of more generic malware makes perfect sense for malware operators

The post Virus Bulletin: Old malware never dies – it just gets more targeted appeared first on WeLiveSecurity

15 October 2021

Virus Bulletin: Old malware never dies – it just gets more targeted

Putting a precision payload on top of more generic malware makes perfect sense for malware operators

The post Virus Bulletin: Old malware never dies – it just gets more targeted appeared first on WeLiveSecurity

15 October 2021

Rickroll Grad Prank Exposes Exterity IPTV Bug

Rickroll Grad Prank Exposes Exterity IPTV Bug IPTV and IP video security is increasingly under scrutiny, even by high school kids.
14 October 2021

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack

Verizon’s Visible Wireless Carrier Confirms Credential-Stuffing Attack Visible says yes, user accounts were hijacked, but it denied a breach. As of today, users are still posting tales of forcibly changed passwords and getting stuck with bills for pricey new iPhones.
14 October 2021

Missouri Governor Vows to Prosecute St. Louis Post-Dispatch for Reporting Security Vulnerability

On Wednesday, the St. Louis Post-Dispatch ran a story about how its staff discovered and reported a security vulnerability in a Missouri state education website that exposed the Social Security numbers of 100,000 elementary and secondary teachers. In a press conference this morning, Missouri Gov. Mike Parson (R) said fixing the flaw could cost the state $50 million, and vowed his administration would seek to prosecute and investigate the "hackers" and anyone who aided the publication in its "attempt to embarrass the state and sell headlines for their news outlet."
14 October 2021

CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features

CryptoRom Scam Rakes in $1.4M by Exploiting Apple Enterprise Features The campaign, which uses the Apple Developer Program and Enterprise Signatures to get past Apple's app review process, remains active.
14 October 2021