Cybersecurity News


Ukrainian man extradited to the US to face botnet, data theft charges

The suspect has been detained ahead of his trial.
10 September 2021

Thousands of Fortinet VPN Account Credentials Leaked

Thousands of Fortinet VPN Account Credentials Leaked They were posted for free by former Babuk gang members who’ve bickered, squabbled and huffed off to start their own darn ransomware businesses, dagnabbit.
09 September 2021

McDonald’s Email Blast Includes Password to Monopoly Game Database

McDonald’s Email Blast Includes Password to Monopoly Game Database Usernames, passwords for database sent in prize redemption emails.
09 September 2021

Howard University suffers cyberattack, suspends online classes in aftermath

The university suffered a ransomware attack, however there is no evidence so far of data being accessed or stolen.

The post Howard University suffers cyberattack, suspends online classes in aftermath appeared first on WeLiveSecurity

09 September 2021

Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’

Financial Cybercrime: Why Cryptocurrency is the Perfect ‘Getaway Car’ John Hammond, security researcher with Huntress, discusses how financially motivated cybercrooks use and abuse cryptocurrency.
09 September 2021

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise A chain of exploits could allow a malicious Azure user to infiltrate other customers' cloud instances within Microsoft's container-as-a-service offering.
09 September 2021

SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’

SideWalk Backdoor Linked to China-Linked Spy Group ‘Grayfly’ Grayfly campaigns have launched the novel malware against businesses in Taiwan, Vietnam, the US and Mexico and are targeting Exchange and MySQL servers. 
09 September 2021

Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix

Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix An authentication bypass vulnerability leading to remote code execution offers up the keys to the corporate kingdom.
09 September 2021

BladeHawk Attackers Target Kurds with Android Apps

BladeHawk Attackers Target Kurds with Android Apps Pro-Kurd Facebook profiles deliver '888 RAT' and 'SpyNote' trojans, masked as legitimate apps, to perform mobile espionage.
09 September 2021

Attacker releases credentials for 87,000 FortiGate SSL VPN devices

Access data for FortiGate devices was obtained by exploiting a known, old vulnerability.
09 September 2021

91% of IT teams have felt 'forced' to trade security for business operations

When it comes to remote work, security is often the last thing on the priority list.
09 September 2021

GitHub tackles severe vulnerabilities in Node.js packages

Bugs impacting tar and @npmcli/arborist were reported through a bug bounty program.
09 September 2021

What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast

What Ragnar Locker Got Wrong About Ransomware Negotiators – Podcast There are a lot of "tells" that the ransomware group doesn't understand how negotiators work, despite threatening to dox data if victims call for help.
08 September 2021

Tooling Network Detection & Response for Ransomware

Tooling Network Detection & Response for Ransomware Justin Jett, director of audit and compliance at Plixer, discusses how to effectively use network flow data in the fight against ransomware.
08 September 2021

Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports

Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports Australian immunization app bug lets attackers fake vaccine status.
08 September 2021

TeamTNT’s New Tools Target Multiple OS

TeamTNT’s New Tools Target Multiple OS The attackers are indiscriminately striking thousands of victims worldwide with their new “Chimaera” campaign.
08 September 2021

Microsoft: Attackers Exploiting Windows Zero-Day Flaw

Microsoft Corp. warned Tuesday that attackers are exploiting a previously unknown vulnerability in Windows 10 and many Windows Server versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.
08 September 2021

Pro-Chinese government propaganda campaign spurs on COVID-19 protests in the US

The campaign is far more extensive than previously thought.
08 September 2021

Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows

Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files.
08 September 2021

Operation Chimaera: TeamTNT hacking group strikes thousands of victims worldwide

The cybercriminals are now indiscriminate in the operating systems they attack.
08 September 2021