Cybersecurity News


FinSpy surveillance malware is now spreading through UEFI bootkits

The spyware had previously been associated with malicious installers and MBR bootkits.
28 September 2021

Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw The unredacted RCE exploit allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service.
28 September 2021

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor Microsoft is warning that the Nobelium APT is compromising single-sign-on servers to install a post-exploitation backdoor that steals data and maintains network persistence.
28 September 2021

Credential Spear-Phishing Uses Spoofed Zix Encrypted Email

Credential Spear-Phishing Uses Spoofed Zix Encrypted Email The spoofed email has targeted close to 75K inboxes, slipping past spam and security controls across Office 365, Google Workspace, Exchange, Cisco ESA and more.
28 September 2021

Scalper bots are now targeting graphics card vendors

Concert tickets are no longer the most coveted items on a reseller's list.
28 September 2021

5 Steps to Securing Your Network Perimeter

5 Steps to Securing Your Network Perimeter Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress.
27 September 2021

Women, Minorities Are Hacked More Than Others

Women, Minorities Are Hacked More Than Others Income level, education and being part of a disadvantaged population all contribute to cybercrime outcomes, a survey suggests.
27 September 2021

EU: Russia Behind ‘Ghostwriter’ Campaign Targeting Germany

EU: Russia Behind ‘Ghostwriter’ Campaign Targeting Germany It's not the first time that the disinformation/spearphishing campaign, which originally smeared NATO, has been linked to Russia.
27 September 2021

Google releases emergency fix to plug zero‑day hole in Chrome

The emergency release comes a mere three days after Google’s previous update that plugged another 19 security loopholes

The post Google releases emergency fix to plug zero‑day hole in Chrome appeared first on WeLiveSecurity

27 September 2021

3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale

3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale Combined cache of data likely to fuel rash of account takeover, smishing attacks, experts warn.  
27 September 2021

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords

Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
24 September 2021

New Guidelines on Remote Assessments


Today, the Council has published “PCI SSC Remote Assessment Guidelines and Procedures”. These Guidelines define the principles and procedures for the appropriate use of remote assessments for PCI SSC standards when an onsite assessment is not possible. Here we interview Emma Sutcliffe, SVP Standards Officer on how the industry can use these guidelines to support secure remote assessment practices.

24 September 2021

TangleBot Malware Reaches Deep into Android Device Functions

TangleBot Malware Reaches Deep into Android Device Functions The mobile baddie grants itself access to almost everything, enabling spying, data-harvesting, stalking and fraud attacks, among others.
24 September 2021

Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN

Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN Unauthenticated cyberattackers can also wreak havoc on networking device configurations.
24 September 2021

Week in security with Tony Anscombe

ESET unmasks FamousSparrow APT group – Stopping cloud data leaks – European cybercrime ring busted

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

24 September 2021

Apple Patches 3 More Zero-Days Under Active Attack

Apple Patches 3 More Zero-Days Under Active Attack One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.
24 September 2021

FBI arrests 75-year-old for allegedly placing pipe bombs outside phone, carrier stores

The suspect was reportedly upset over handsets being used to spread "immoral content."
24 September 2021

REvil Affiliates Confirm: Leadership Were Cheating Dirtbags

REvil Affiliates Confirm: Leadership Were Cheating Dirtbags After news of REvil's rip-off-the-affiliates backdoor & double chats, affiliates fumed, reiterating prior claims against the gang in "Hackers Court."
23 September 2021

5 Tips for Achieving Better Cybersecurity Risk Management

5 Tips for Achieving Better Cybersecurity Risk Management Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively.
23 September 2021

100M IoT Devices Exposed By Zero-Day Bug

100M IoT Devices Exposed By Zero-Day Bug A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.
23 September 2021