Cybersecurity News


Back-to-Basics: Use Strong Passwords

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on using strong passwords.

27 July 2021

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP.
27 July 2021

Apple Patches Actively Exploited Zero-Day in iOS, MacOS

Apple Patches Actively Exploited Zero-Day in iOS, MacOS Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system.
27 July 2021

Malware developers turn to 'exotic' programming languages to thwart researchers

They are focused on exploiting pain points in code analysis and reverse-engineering.
27 July 2021

Podcast: IoT Piranhas Are Swarming Industrial Controls

Podcast: IoT Piranhas Are Swarming Industrial Controls Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure.
26 July 2021

Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn

Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin.
26 July 2021

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked.
26 July 2021

PlugwalkJoe Does the Perp Walk

One day after last summer's mass-hack of Twitter, KrebsOnSecurity wrote that 22-year-old British citizen Joseph "PlugwalkJoe" O'Connor appeared to have been involved in the incident. When the Justice Department last week announced O'Connor's arrest and indictment, his alleged role in the Twitter compromise was well covered in the media. But most of the coverage so far seem to have overlooked the far more sinister criminal charges in the indictment, which involve an underground scene wherein young men turn to extortion, sextortion, SIM swapping, death threats and physical attacks -- all in a bid to seize control over highly-prized social media accounts.
26 July 2021

Malware Makers Using ‘Exotic’ Programming Languages

Malware Makers Using ‘Exotic’ Programming Languages Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection.
26 July 2021

The True Impact of Ransomware Attacks

The True Impact of Ransomware Attacks Keeper’s research reveals that in addition to knocking systems offline, ransomware attacks degrade productivity, cause organizations to incur significant indirect costs, and mar their reputations.
26 July 2021

Twitter handle swatter jailed after victim dies following home raid

The 60-year-old victim's daughter believes he was "scared to death."
26 July 2021

WhatsApp chief says government officials, US allies targeted by Pegasus spyware

The officials were allegedly targeted in attacks dating back to 2019.
26 July 2021

Officials who are US allies among targets of NSO malware, says WhatsApp chief

Officials who are US allies among targets of NSO malware, says WhatsApp chief

Will Cathcart claims government officials around the world among 1,400 WhatsApp users targeted in 2019

Senior government officials around the world – including individuals in high national security positions who are “allies of the US” – were targeted by governments with NSO Group spyware in a 2019 attack against 1,400 WhatsApp users, according to the messaging app’s chief executive.

Will Cathcart disclosed the new details about individuals who were targeted in the attack after revelations this week by the Pegasus project, a collaboration of 17 media organisations which investigated NSO, the Israeli company that sells its powerful surveillance software to government clients around the world.

What is in the data leak?

Related: How does Apple technology hold up against NSO spyware?

Continue reading...
24 July 2021

Discord CDN and API Abuses Drive Wave of Malware Detections

Discord CDN and API Abuses Drive Wave of Malware Detections Targets of Discord malware expand far beyond gamers.
23 July 2021

5 Steps to Improving Ransomware Resiliency

5 Steps to Improving Ransomware Resiliency Alex Restrepo, cybersecurity researcher at Veritas, lays out the key concepts that organizations should be paying attention to now and implementing today.
23 July 2021

Biden Administration Responds to Geopolitical Cyber Threats

In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.
23 July 2021

Week in security with Tony Anscombe

URL shortener services distributing Android malware – Week in security with Tony Anscombe

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

23 July 2021

FIN7’s Liquor Lure Compromises Law Firm with Backdoor

FIN7’s Liquor Lure Compromises Law Firm with Backdoor Using a lure relating to a lawsuit against the owner of Jack Daniels whiskey, the cybergang launched a campaign that may be bent on ransomware deployment.
23 July 2021

GitHub boosts supply chain security for Go modules

Go is now one of the most popular programming languages on the platform.
23 July 2021

Kaseya Obtains Universal Decryptor for REvil Ransomware

Kaseya Obtains Universal Decryptor for REvil Ransomware The vendor will work with customers affected by the early July spate of ransomware attacks to unlock files; it's unclear if the ransom was paid.
23 July 2021