Cybersecurity News


Bug in macOS Finder allows remote code execution

While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented

The post Bug in macOS Finder allows remote code execution appeared first on WeLiveSecurity

23 September 2021

FamousSparrow APT Wings in to Spy on Hotels, Governments

FamousSparrow APT Wings in to Spy on Hotels, Governments A custom "SparrowDoor" backdoor has allowed the attackers to collect data from targets around the globe.
23 September 2021

Lawsuits, Indictments Revive Trump-Alfa Bank Story

In October 2016, media outlets reported that data collected by some of the world's most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia's largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as well as a series of lawsuits and investigations that culminated last week with the indictment of the same former federal cybercrime prosecutor who brought the data to the attention of the FBI five years ago.
23 September 2021

Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police

Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.
23 September 2021

Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products

Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid.
23 September 2021

Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API

Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API Domain names are often brands' most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection.
23 September 2021

Large-Scale Phishing-as-a-Service Operation Exposed

Large-Scale Phishing-as-a-Service Operation Exposed Discovery of BulletProofLink—which provides phishing kits, email templates, hosting and other tools—sheds light on how wannabe cybercriminals can get into the business.
23 September 2021

New advanced hacking group targets governments, engineers worldwide

The APT was one of many groups that took part in the Microsoft Exchange Server hacks.
23 September 2021

FamousSparrow: A suspicious hotel guest

Yet another APT group that exploited the ProxyLogon vulnerability in March 2021

The post FamousSparrow: A suspicious hotel guest appeared first on WeLiveSecurity

23 September 2021

Crystal Valley Farm Coop Hit with Ransomware

Crystal Valley Farm Coop Hit with Ransomware It's the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure.
22 September 2021

Netgear SOHO Security Bug Allows RCE, Corporate Attacks

Netgear SOHO Security Bug Allows RCE, Corporate Attacks The issue lies in a parental-control function that's always enabled by default, even if users don't configure for child security.
22 September 2021

UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data

The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.
22 September 2021

Unpatched Apple Zero-Day in macOS Finder Allows Code Execution

Unpatched Apple Zero-Day in macOS Finder Allows Code Execution All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.
22 September 2021

How REvil May Have Ripped Off Its Own Affiliates

How REvil May Have Ripped Off Its Own Affiliates A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments.
22 September 2021

VMware Warns of Ransomware-Friendly Bug in vCenter Server

VMware Warns of Ransomware-Friendly Bug in vCenter Server VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs.
22 September 2021

TikTok, GitHub, Facebook Join Open-Source Bug Bounty

TikTok, GitHub, Facebook Join Open-Source Bug Bounty The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain.
22 September 2021

Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts

Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts The action is the first of its kind in the U.S., as the government increases efforts to get a handle on cybercrime.
22 September 2021

This cryptocurrency miner is exploiting the new Confluence remote code execution bug

It didn't take long for CVE-2021-26084 to be added to exploit kits.
22 September 2021

Microsoft Autodiscover abused to collect web requests, credentials

Researchers were able to exploit a protocol design feature on a vast scale.
22 September 2021

Plugging the holes: How to prevent corporate data leaks in the cloud

Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration conundrums.

The post Plugging the holes: How to prevent corporate data leaks in the cloud appeared first on WeLiveSecurity

22 September 2021