Cybersecurity News


HolesWarm Malware Exploits Unpatched Windows, Linux Servers   

HolesWarm Malware Exploits Unpatched Windows, Linux Servers    The botnet cryptominer has already compromised 1,000-plus clouds since June.
18 August 2021

The Overlooked Security Risks of The Cloud

The Overlooked Security Risks of The Cloud Nate Warfield, CTO of Prevaliion, discusses the top security concerns for those embracing virtual machines, public cloud storage and cloud strategies for remote working.
17 August 2021

Back-to-Basics: Secure Remote Access

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on securing remote access.

17 August 2021

LockBit 2.0 Ransomware Proliferates Globally

LockBit 2.0 Ransomware Proliferates Globally Fresh attacks target companies' employees, promising millions of dollars in exchange for valid account credentials for initial access.
17 August 2021

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.
17 August 2021

Nearly 2 million records from terrorist watchlist exposed online

The secret list was exposed online for three weeks, allowing anyone to access it without any kind of authentication

The post Nearly 2 million records from terrorist watchlist exposed online appeared first on WeLiveSecurity

17 August 2021

Terrorist Watchlist Exposed Online with Nearly 1.9M Records

Terrorist Watchlist Exposed Online with Nearly 1.9M Records A researcher discovered a data cache from the FBI’s Terrorist Screening Center left online without a password or authentication requirement.
17 August 2021

Apple: CSAM Image-Detection Backdoor ‘Narrow’ in Scope

Apple: CSAM Image-Detection Backdoor ‘Narrow’ in Scope Computing giant tries to reassure users that the tool won’t be used for mass surveillance.
17 August 2021

How to Reduce Exchange Server Downtime in Case of a Disaster?

How to Reduce Exchange Server Downtime in Case of a Disaster? Exchange downtime can have serious implications on businesses. Thus, it’s important to maintain backups and implement best practices for Exchange servers that can help restore the Exchange server when a disaster strikes with minimal impact and downtime.
17 August 2021

Dumpster diving is a filthy business

One man’s trash is another man’s treasure – here’s why you should think twice about what you toss in the recycling bin

The post Dumpster diving is a filthy business appeared first on WeLiveSecurity

17 August 2021

Phishing Costs Nearly Quadrupled Over 6 Years

Phishing Costs Nearly Quadrupled Over 6 Years Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not payouts to crooks.
17 August 2021

T-Mobile Investigating Claims of Massive Data Breach

Communications giant T-Mobile said today it is investigating the extent of a data breach that hackers claim has exposed sensitive personal data on 100 million T-Mobile USA customers, in many cases including the name, Social Security number, address, date of birth, phone number, security PINs and details that uniquely identify each customer's mobile device.
16 August 2021

Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets

Critical Valve Bug Lets Gamers Add Unlimited Funds to Steam Wallets Valve plugs an API bug found in its Steam platform that that abused the Smart2Pay system to add unlimited funds to gamer digital wallets.
16 August 2021

XSS Bug in SEOPress WordPress Plugin Allows Site Takeover

XSS Bug in SEOPress WordPress Plugin Allows Site Takeover The bug would allow a number of malicious actions, up to and including full site takeover. The vulnerable plugin is installed on 100,000 websites.
16 August 2021

100m T-Mobile Customer Records Purportedly Up for Sale

100m T-Mobile Customer Records Purportedly Up for Sale The seller claims to have sucker-punched U.S. infrastructure out of retaliation. The offer: 30m records for ~1 penny each, with the rest being sold privately.
16 August 2021

Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come?

Amazon’s Plan to Track Worker Keystrokes: A Sign of Controls to Come? Data theft, insider threats and imposters accessing sensitive customer data have apparently gotten so bad inside Amazon, the company is considering rolling out keyboard-stroke monitoring for its customer-service reps. A confidential memo from inside Amazon explained that customer service credential abuse and data theft was on the rise, according to Motherboard which reviewed the document. […]
13 August 2021

Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware

Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware CAPTCHA-protected malicious URLs are snowballing lately, researchers said.
13 August 2021

SolarWinds 2.0 Could Ignite Financial Crisis – Podcast

SolarWinds 2.0 Could Ignite Financial Crisis – Podcast That’s what NY State suggests could happen, given the utter lack of cybersec protection at many private equity & hedge fund firms. Can AI help avert it?
13 August 2021

Exchange Servers Under Active Attack via ProxyShell Bugs

Exchange Servers Under Active Attack via ProxyShell Bugs There’s an entirely new attack surface in Exchange, a researcher revealed at Black Hat, and threat actors are now exploiting servers vulnerable to the RCE bugs.
13 August 2021

New Anti Anti-Money Laundering Services for Crooks

Two new dark web services are marketing to cybercriminals who are curious to see how their various cryptocurrency holdings and transactions may be linked to known criminal activity. Dubbed "Antinalysis" and "AMLBot," the services purport to offer a glimpse into how one's payment activity might be flagged by law enforcement agencies and private companies that try to link suspicious cryptocurrency transactions to real people.
13 August 2021