Cybersecurity News
Bug in macOS Finder allows remote code execution
While Apple did issue a patch for the vulnerability, it seems that the fix can be easily circumvented
The post Bug in macOS Finder allows remote code execution appeared first on WeLiveSecurity
23 September 2021
FamousSparrow APT Wings in to Spy on Hotels, Governments
A custom "SparrowDoor" backdoor has allowed the attackers to collect data from targets around the globe.23 September 2021
Lawsuits, Indictments Revive Trump-Alfa Bank Story
In October 2016, media outlets reported that data collected by some of the world's most renowned cybersecurity experts had identified frequent and unexplained communications between an email server used by the Trump Organization and Alfa Bank, one of Russia's largest financial institutions. Those publications set off speculation about a possible secret back-channel of communications, as well as a series of lawsuits and investigations that culminated last week with the indictment of the same former federal cybercrime prosecutor who brought the data to the attention of the FBI five years ago.23 September 2021
Google Report Spotlights Uptick in Controversial ‘Geofence Warrants’ by Police
Digital privacy rights defenders contend that geofencing warrants grab data on everyone near a crime, without cause.23 September 2021
Acronis Offers up to $5,000 to Users Who Spot Bugs in Its Cyber Protection Products
Once available only to the cybersecurity community, Acronis has opened its bug-hunting program to the public and aims to double the total bounties paid.23 September 2021
Domain Brand Monitor: The First Brand Protection Layer by WhoisXML API
Domain names are often brands' most valuable and impersonated assets. Learn how Brand Monitor by WhoisXML API supports brand protection.23 September 2021
Large-Scale Phishing-as-a-Service Operation Exposed
Discovery of BulletProofLink—which provides phishing kits, email templates, hosting and other tools—sheds light on how wannabe cybercriminals can get into the business.23 September 2021
New advanced hacking group targets governments, engineers worldwide
The APT was one of many groups that took part in the Microsoft Exchange Server hacks.23 September 2021
FamousSparrow: A suspicious hotel guest
Yet another APT group that exploited the ProxyLogon vulnerability in March 2021
The post FamousSparrow: A suspicious hotel guest appeared first on WeLiveSecurity
23 September 2021
Crystal Valley Farm Coop Hit with Ransomware
It's the second agricultural business to be seized this week and portends a bitter harvest with yet another nasty jab at critical infrastructure.22 September 2021
Netgear SOHO Security Bug Allows RCE, Corporate Attacks
The issue lies in a parental-control function that's always enabled by default, even if users don't configure for child security.22 September 2021
UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data
The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.22 September 2021
Unpatched Apple Zero-Day in macOS Finder Allows Code Execution
All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.22 September 2021
How REvil May Have Ripped Off Its Own Affiliates
A newly discovered backdoor and double chats could have enabled REvil ransomware-as-a-service operators to hijack victim cases and snatch affiliates’ cuts of ransom payments.22 September 2021
VMware Warns of Ransomware-Friendly Bug in vCenter Server
VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs.22 September 2021
TikTok, GitHub, Facebook Join Open-Source Bug Bounty
The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain.22 September 2021
Feds Sanctions SUEX Cryptocurrency Exchange for Laundering Ransomware Payouts
The action is the first of its kind in the U.S., as the government increases efforts to get a handle on cybercrime.22 September 2021
This cryptocurrency miner is exploiting the new Confluence remote code execution bug
It didn't take long for CVE-2021-26084 to be added to exploit kits.22 September 2021
Microsoft Autodiscover abused to collect web requests, credentials
Researchers were able to exploit a protocol design feature on a vast scale.22 September 2021
Plugging the holes: How to prevent corporate data leaks in the cloud
Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration conundrums.
The post Plugging the holes: How to prevent corporate data leaks in the cloud appeared first on WeLiveSecurity
22 September 2021