Cybersecurity News


Jenkins Hit as Atlassian Confluence Cyberattacks Widen

Jenkins Hit as Atlassian Confluence Cyberattacks Widen Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed.
07 September 2021

ProtonMail Forced to Log IP Address of French Activist

ProtonMail Forced to Log IP Address of French Activist The privacy-touting, end-to-end encrypted email provider erased its site's “we don’t log your IP” boast after France sicced Swiss cops on it.
07 September 2021

ProtonMail forced to log user’s IP address after an order from Swiss authorities

Following the incident the company has updated its website and privacy policy to clarify its legal obligations to its userbase

The post ProtonMail forced to log user’s IP address after an order from Swiss authorities appeared first on WeLiveSecurity

07 September 2021

Authorities Arrest Another TrickBot Gang Member in South Korea

Authorities Arrest Another TrickBot Gang Member in South Korea A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.
07 September 2021

BladeHawk group: Android espionage against Kurdish ethnic group

ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group, and that has been active since at least March 2020.

The post BladeHawk group: Android espionage against Kurdish ethnic group appeared first on WeLiveSecurity

07 September 2021

Holy Grail of Security: Answers to ‘Did XYZ Work?’ – Podcast

Holy Grail of Security: Answers to ‘Did XYZ Work?’ – Podcast Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to "What are we doing right?" instead of the constant reminders of what's not working in fending off threats.
07 September 2021

“FudCo” Spam Empire Tied to Pakistani Software Firm

In May 2015, KrebsOnSecurity briefly profiled "The Manipulaters," the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers.
06 September 2021

Human Fraud: Detecting Them Before They Detect You

Human Fraud: Detecting Them Before They Detect You Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack.
06 September 2021

IoT Attacks Skyrocket, Doubling in 6 Months

IoT Attacks Skyrocket, Doubling in 6 Months The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.
06 September 2021

This is the perfect ransomware victim, according to cybercriminals

An investigation into what ransomware groups want has painted the picture of the perfect target.
06 September 2021

Apple slams the brakes on plans to scan user images for child abuse content

Backlash stemming from privacy concerns has delayed the rollout.
06 September 2021

The State of Incident Response: Measuring Risk and Evaluating Your Preparedness

The State of Incident Response: Measuring Risk and Evaluating Your Preparedness Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster.
03 September 2021

FIN7 Capitalizes on Windows 11 Release in Latest Gambit

FIN7 Capitalizes on Windows 11 Release in Latest Gambit The financially motivated group looked to steal payment-card data from a California-based point-of-sale service provider.
03 September 2021

Week in security with Tony Anscombe

Vaccination passports - what you need to know. A guide to kids' smartphone security. CISA lists single-factor authentication as bad practice.

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

03 September 2021

Brute-Force Attacks Target Inboxes for Gift Card Data

Brute-Force Attacks Target Inboxes for Gift Card Data Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.
03 September 2021

FTC orders SpyFone to delete all of its surveillance data

The watchdog alleges the app "helped stalkers steal private information."
03 September 2021

A parent’s guide to smartphone security

Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks, we’ve prepared some handy tips on how to keep their devices secure.

The post A parent’s guide to smartphone security appeared first on WeLiveSecurity

03 September 2021

BitConnect director pleads guilty to role in $2 billion cryptocurrency fraud

Prosecutors claim that the promoter earned over $24 million.
03 September 2021

NFT Collector Tricked into Buying Fake Banksy 

NFT Collector Tricked into Buying Fake Banksy  An attacker breached the site of famed street artist Banksy to host a fraudulent NFT auction but then gave back the money.
02 September 2021

SpyFone & CEO Banned From Stalkerware Biz

SpyFone & CEO Banned From Stalkerware Biz The FTC's first spyware ban nixes a company whose "slipshod" security practices led to exposure of thousands of victims' illegally collected personal data.
02 September 2021