Cybersecurity News
Week in security with Tony Anscombe
Who is actually paying the ransom demand? – Be careful about what you throw away – Records from a terrorist watchlist exposed online
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Hackers swipe almost $100 million from major cryptocurrency exchange
Japanese cryptocurrency exchange Liquid suspends cryptocurrency deposits and withdrawals and moves its assets into cold storage
The post Hackers swipe almost $100 million from major cryptocurrency exchange appeared first on WeLiveSecurity
Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits
Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organization’s network.
Australians hit by ‘Flubot’ malware that arrives by text message
New scam spreads to Australia from Europe, targeting thousands of Android users
Thousands of Australians have been hit by a new scam text message known as Flubot, which aims to install malware on their phones.
Flubot is a type of malware targeting Android users, but iPhone users can also receive the messages. It tells the receiver they missed a call or have a new voicemail, providing a fake link to listen.
Related: Password of three random words better than complex variation, experts say
Related: How NSO became the company whose software can spy on the world
Continue reading...What’s Next for T-Mobile and Its Customers? – Podcast
Hopefully not a hacked-up hairball of a “no can do” message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite.
How Ready Are You for a Ransomware Attack?
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement.
Critical Cisco Bug in Small Business Routers to Remain Unpatched
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.
InkySquid State Actor Exploiting Known IE Bugs
The North Korea-linked APT group leverages known Internet Explorer vulns for watering-hole attacks.
Windows EoP Bug Detailed by Google Project Zero
Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention.
COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate
COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors.
Wanted: Disgruntled Employees to Deploy Ransomware
Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer's network in exchange for a percentage of any ransom amount paid by the victim company.Postmortem on U.S. Census Hack Exposes Cybersecurity Failures
Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems.
Are you, the customer, the one paying the ransomware demand?
Ransomware payments may have greater implications than you thought – and not just for the company that gave in to the attackers’ demands
The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity
Bogus Cryptomining Apps Infest Google Play
The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads.
T-Mobile: >40 Million Customers’ Data Stolen
Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection.
T-Mobile: Breach Exposed SSN/DOB of 40M+ People
T-Mobile warned Monday that a data breach has exposed the names, date of birth, Social Security number and driver's license/ID information of more than 40 million current, former or prospective customers. The acknowledgment came less than 48 hours after millions of the stolen T-Mobile customer records went up for sale in the cybercrime underground.Health authorities in 40 countries targeted by COVID‑19 vaccine scammers
Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns
The post Health authorities in 40 countries targeted by COVID‑19 vaccine scammers appeared first on WeLiveSecurity
Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks
The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices.
Kerberos Authentication Spoofing: Don’t Bypass the Spec
Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.
Unpatched Fortinet Bug Allows Firewall Takeovers
The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month.