Cybersecurity News
WordPress Sites Abused in Aggah Spear-Phishing Campaign
The Pakistan-linked threat group's campaign uses compromised WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea.
Week in security with Tony Anscombe
How IISpy spies on its victims and stays under the radar – IISerpent tampers with search engine results – How to avoid falling prey to ransomware
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
UK security chiefs issue guidance after hackers target ministers on WhatsApp
Exclusive: civil service chief points to work to improve cybersecurity in response to Labour concerns
Ministers and civil servants conducting “government by WhatsApp” have been exposed to hackers, leading to new advice from security chiefs about how to improve their privacy.
The cabinet secretary, Simon Case, revealed that the Government Security Group had issued new guidance after Labour raised questions about ministers using their personal phones to conduct official business.
Related: UK government admits ministers can use self-deleting messages
Continue reading...Rogue Marketplace AlphaBay Reboots
Illicit underground marketplace relaunches years after takedown.
Black Hat: Novel DNS Hack Spills Confidential Corp Data
Threatpost interviews Wiz CTO about a vulnerability recently patched by Amazon Route53's DNS service and Google Cloud DNS.
Payment Security Experts Emphasize Working Together
The PCI SSC Latin American Forum, an online event took place this week with more than 1,100 payment security practitioners from Latin America discussing the latest in payment security and standards. Here we talk with Carlos Caetano, PCI Security Standards Council Associate Director, Latin American Region for Brazil, Elder Vinicius Telles de Arruda, Information Security Manager, Getnet; Enildo Barros, IT Services Head, C6 Bank and Ricardo Nilsen Moreno, Information Security Superintendent, Banco Safra about cloud security trends, highlights from the Latin American Forum (LAF) and industry involvement opportunities for the region.
AdLoad Malware 2021 Samples Skate Past Apple XProtect
A crush of new attacks using the well-known adware involves at least 150 updated samples, many of which aren't recognized by Apple's built-in security controls.
Ransomware Payments Explode Amid ‘Quadruple Extortion’
Unit 42 puts the average payout at over half a million, while Barracuda has tracked a 64 percent year over year spike in the number of attacks.
QR Code Scammers Get Creative with Bitcoin ATMs
Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology's trust relationship with users.
Microsoft Warns: Another Unpatched PrintNightmare Zero-Day
The out-of-band warning pairs with a working proof-of-concept exploit for the issue, circulating since mid-July.
Examining threats to device security in the hybrid workplace
As employees split their time between office and off-site work, there’s a greater potential for company devices and data to fall into the wrong hands
The post Examining threats to device security in the hybrid workplace appeared first on WeLiveSecurity
Accenture Confirms LockBit Ransomware Attack
LockBit offered Accenture's purported databases and made a requisite jab at its purportedly sad security. Accenture says it recovered just fine from backups.
NSA Watchdog Will Review Tucker Carlson Spying Claims
Despite a lack of evidence, the National Security Agency will investigate whether the Fox host was illegally targeted.
‘Friends’ Reunion Anchors Video Swindle
Spam was on the rise in Q2, with video fraud and COVID-19-related efforts in the mix.
Kaseya’s ‘Master Key’ to REvil Attack Leaked Online
The decryptor is of little use to other companies hit in the spate of attacks unleashed before the notorious ransomware group went dark, researchers said.
SAP Patches Nine Critical & High-Severity Bugs
Experts urged enterprises to patch fast: SAP vulnerabilities are being weaponized in a matter of hours.
Crypto Hack Earned Crooks $600 Million
In one of the largest cryptocurrency hacks to date, cyberattackers reportedly stole millions from the decentralized finance (DeFi) platform Poly Network.
Paving the Way: Inspiring Women in Payments - A Podcast Featuring Candice Pressinger
As the first girl in her family who was encouraged to go to university, Candice Pressinger is inspired by how far the world has come in terms of education, female role models, and new societal norms. These advancements are now reflected in her own daughter who is exposed to technology at a young age through STEM programs in school. In this edition of our podcast, Candice reflects on her career journey through a changing tech world but acknowledges that there is still a long way to go to achieve a workforce representative of equal opportunity and diversity in all its forms.
IISerpent: Malware‑driven SEO fraud as a service
The last in our series on IIS threats introduces a malicious IIS extension used to manipulate page rankings for third-party websites
The post IISerpent: Malware‑driven SEO fraud as a service appeared first on WeLiveSecurity
Connected Farms Easy Pickings for Global Food Supply-Chain Hack
John Deere security bugs could allow cyberattackers to damage crops, surrounding property or even people; impact harvests; or destroy farmland for years.