This banking Trojan abuses YouTube to manage remote settingsThe spam-spread malware is another headache for Latin America in the cybersecurity realm.
Numando: Count once, code twice
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans.
The post Numando: Count once, code twice appeared first on WeLiveSecurity
Cyberattacks against the aviation industry linked to Nigerian threat actorThe investigation began after a Microsoft tweet concerning AsyncRAT.
Trial Ends in Guilty Verdict for DDoS-for-Hire BossA jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel's conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.
CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho BugThe newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.
Airline Credential-Theft Takes Off in Widening CampaignA spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom.
Information Supplement: Implementing ISO Format 4 PIN Blocks
The Implementing ISO Format 4 PIN Blocks Information Supplement provides guidance to help PIN acquiring entities with the planning, migration, and testing of the implementation of ISO Format 4 PIN blocks in conformance with the requirements in the PCI PIN Standard. This document contains information that may be useful in migrating to the Advanced Encryption Standard (AES).
Financial Cybercrime: Following Cryptocurrency via Public LedgersJohn Hammond, security researcher with Huntress, discusses a wallet-hijacking RAT, and how law enforcement recovered millions in Bitcoin after the Colonial Pipeline attack.
REvil/Sodinokibi Ransomware Universal Decryptor Key Is OutBitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil's servers went belly-up on July 13.
New Go malware Capoae targets WordPress installs, Linux systemsCapoae highlights the increase of cyberattacks designed to deploy cryptocurrency-mining payloads.
DDoS Attacks: A Flourishing Business for Cybercrooks – PodcastImperva’s Peter Klimek on how DDoS attacks started out as inconveniences but evolved to the point where attackers can disrupt businesses for as little as the price of a cup of coffee,
HP Omen Hub Exposes Millions of Gamers to CyberattackA driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.
Azure Zero-Day Flaws Highlight Lurking Supply-Chain RiskDubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said.
Customer Care Giant TTEC Hit By Ransomware?TTEC, [NASDAQ: TTEC], a company used by some of the world's largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident that appears to be the result of a ransomware attack, KrebsOnSecurity has learned.
No Patch for High-Severity Bug in Legacy IBM System X ServersTwo of IBM's aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw.
Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws
The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML.
The post Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws appeared first on WeLiveSecurity