Cybersecurity News


New WildPressure Malware Capable of Targeting Windows and MacOS

The Trojan sends information back to the attackers' servers about the programming language of a target device.
08 July 2021

Coursera Flunks API Security Test in Researchers’ Exam

Coursera Flunks API Security Test in Researchers’ Exam The problem APIs included numero uno on the OWASP API Security Top 10: a Broken Object Level Authorization (BOLA) issue that could have exposed personal data.
08 July 2021

How Fake Accounts and Sneaker-Bots Took Over the Internet

How Fake Accounts and Sneaker-Bots Took Over the Internet Jason Kent, hacker-in-residence at Cequence Security, discusses fake online accounts, and the fraud they carry out on a daily basis.
08 July 2021

Microsoft issues patch to fix PrintNightmare zero‑day bug

The out-of-band update fixes a remote code execution flaw affecting the Windows Print Spooler service

The post Microsoft issues patch to fix PrintNightmare zero‑day bug appeared first on WeLiveSecurity

08 July 2021

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya, a Miami-based company whose products help system administrators manage large networks remotely. Now it appears Kaseya's customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.
08 July 2021

Kaseya Hacked via Authentication Bypass

The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar -- but good authentication practices are also imperative.
08 July 2021

The NSA's 'New' Mission: Get More Public With the Private Sector

The National Security Agency's gradual emergence from the shadows was "inevitable" in cybersecurity, says Vinnie Liu, co-founder and CEO of offensive security firm Bishop Fox and a former NSA analyst. Now the agency has to figure out how to best work with the private sector, especially organizations outside the well-resourced and seasoned Fortune 100.
08 July 2021

Ransomware as a service: Negotiators are now in high demand

RaaS groups are hiring negotiators whose primary role is to force victims to pay up.
08 July 2021

What Colonial Pipeline Means for Commercial Building Cybersecurity

Banks and hospitals may be common targets, but now commercial real estate must learn to protect itself against stealthy hackers.
08 July 2021

Coursera API vulnerabilities disclosed by researchers

Coursera took “prompt ownership” of the bugs, once reported.
08 July 2021

170 Android cryptocurrency mining scam apps have stolen $350,000 from users

Users are paying up in the belief they are mining cryptocurrency. In reality, they get nothing.
08 July 2021

Ransomware: To pay or not to pay? Legal or illegal? These are the questions …

Caught between a rock and a hard place, many ransomware victims cave in to extortion demands. Here’s what might change the calculus.

The post Ransomware: To pay or not to pay? Legal or illegal? These are the questions … appeared first on WeLiveSecurity

08 July 2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Automation allowed a REvil affiliate to move from exploitation of vulnerable servers to installing ransomware on downstream companies faster than most defenders could react.
07 July 2021

Fake Android Apps Promise Cryptomining Services to Steal Funds

Researchers discover more than 170 Android apps that advertise cloud cryptocurrency mining services and fail to deliver.
07 July 2021

Sophos Acquires Capsule8 for Linux Server & Container Security

The deal was announced the same day ZeroFox bought Dark Web intelligence firm Vigilante as a wave of security M&A continues.
07 July 2021

Critical Sage X3 RCE Bug Allows Full System Takeovers

Critical Sage X3 RCE Bug Allows Full System Takeovers Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims' business-critical processes and to intercept data.
07 July 2021

MacOS Targeted in WildPressure APT Malware Campaign

MacOS Targeted in WildPressure APT Malware Campaign Threat actors enlist compromised WordPress websites in campaign targeting macOS users.
07 July 2021

Are Security Attestations a Necessity for SaaS Businesses?

Are Security Attestations a Necessity for SaaS Businesses? Are security attestations becoming business imperatives, or are they merely token additions on the list of regulatory requirements?
07 July 2021

Microsoft Releases Emergency Patch for 'PrintNightmare' Vuln

It organizations to immediately apply security update, citing exploit activity.
07 July 2021

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers' bank-card data.
07 July 2021