Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but not modify, the source code present in its repositories, the company said. <!--adsense--> "We detected

Vulnerability In Google Docs Could Allow Hijacking Feedback Screenshots

A serious vulnerability affected Google Docs that could allow anyone to steal screenshots of users’ documents. Google fixed the vulnerability

Vulnerability In Google Docs Could Allow Hijacking Feedback Screenshots on Latest Hacking News.

Japanese Giant Kawasaki Admits Security Breach With Potential Data Leak

The Japanese mechanical giant Kawasaki Heavy Industries Group has recently disclosed a security breach affecting its numerous offices worldwide. The

Japanese Giant Kawasaki Admits Security Breach With Potential Data Leak on Latest Hacking News.

New warning issued over COVID‑19 vaccine fraud, cyberattacks

Cybercriminals look to cash in on the vaccine rollout, including by falsely offering to help people jump the line

The post New warning issued over COVID‑19 vaccine fraud, cyberattacks appeared first on WeLiveSecurity

Appliances Giant Whirlpool Suffered Ransomware Attack

One more corporate giant has fallen victim to a devastating cyber attack. The latest victim is the appliances giant Whirlpool

Appliances Giant Whirlpool Suffered Ransomware Attack on Latest Hacking News.

Facebook Ads Phishing Campaign Stole Facebook Credentials Of 615K Users

Researchers have uncovered a huge phishing campaign exploiting Facebook ads and GitHub pages. Through these baits, the attackers targeted over

Facebook Ads Phishing Campaign Stole Facebook Credentials Of 615K Users on Latest Hacking News.

21 arrested after allegedly using stolen logins to commit fraud

UK police also give some food for thought to those on the verge of breaking the law

The post 21 arrested after allegedly using stolen logins to commit fraud appeared first on WeLiveSecurity

Multiple Smart Doorbells Found Vulnerable To Cyber Attacks

While smart doorbells are a convenience, they are also vulnerable to cyber attacks. Researchers have discovered numerous popular smart doorbell

Multiple Smart Doorbells Found Vulnerable To Cyber Attacks on Latest Hacking News.

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google's Vulnerability Reward Program. <!-

How to choose a CRM software for a real estate company?

Customer Relation Management is the full form for CRM software. This software was developed, keeping in mind the CRM strategy.

How to choose a CRM software for a real estate company? on Latest Hacking News.

AutoHotkey-Based Password Stealer Targeting US, Canadian Banking Users

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey (AHK) scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One,

GoDaddy Apologized For The Insensitive Phishing Test Of Its Staff

While no one can deny the importance of training employees regarding cybersecurity for business, GoDaddy went a bit too far.

GoDaddy Apologized For The Insensitive Phishing Test Of Its Staff on Latest Hacking News.

Voice Assistants Can Store And Leak Texts Typed On Smartphones In Proximity

A team of researchers from the University of Cambridge, UK, has discovered how smart voice assistants can cause data leak.

Voice Assistants Can Store And Leak Texts Typed On Smartphones In Proximity on Latest Hacking News.

Main areas to consider before implementing a new virtualized SQL server

Virtualization and SQL Server can go hand in hand, but this is not a combination you should rush to adopt

Main areas to consider before implementing a new virtualized SQL server on Latest Hacking News.

Twitter Download To Your Computer For Free

Are you still using Windows Mobile and are wondering how to download Twitter? If so, you are certainly not alone

Twitter Download To Your Computer For Free on Latest Hacking News.

Critical Vulnerability In Nintendo 3DS Console Could Allow MiTM Attacks

A researcher discovered a highly critical vulnerability affecting the Nintendo 3DS console. Exploiting this bug could allow an adversary to

Critical Vulnerability In Nintendo 3DS Console Could Allow MiTM Attacks on Latest Hacking News.

Livecoin Cryptocurrency Exchange Hacked Losing Control Of All Servers

As the holiday season begins, the cybercriminals are working overtime to execute more dangerous cyberattacks. One such incident has recently

Livecoin Cryptocurrency Exchange Hacked Losing Control Of All Servers on Latest Hacking News.

Sangoma Technologies Disclose Ransomware Attack – Conti Ransomware Gang Involved

Another day, another ransomware attack incident surfaces online. The recent reports refer to the ransomware attack hitting Sangoma Technologies. The

Sangoma Technologies Disclose Ransomware Attack – Conti Ransomware Gang Involved on Latest Hacking News.

The Most Dangerous Online Threats Businesses Should Prepare For

With every business resorting to online operations today, the threat of working across digitized platforms has increased by multifold. In

The Most Dangerous Online Threats Businesses Should Prepare For on Latest Hacking News.

Here are 7 VPN Reviews on Reddit You Need to Check Out If You’re Looking for a VPN

The emergence of the digital world paved the way for people to perform various activities online, from browsing to shopping,

Here are 7 VPN Reviews on Reddit You Need to Check Out If You’re Looking for a VPN on Latest Hacking News.

Book Promotion Site NetGalley Disclosed Data Breach Following Website Defacement

The book promotion platform NetGalley has recently suffered a data breach. The site faced a defacement amidst which the attackers

Book Promotion Site NetGalley Disclosed Data Breach Following Website Defacement on Latest Hacking News.

Cellebrite Claims To Decrypt Signal App On Android Devices

Signal is known for its robust, seemingly impossible encryption technology for securing users’ data. However, Cellebrite now claims to have

Cellebrite Claims To Decrypt Signal App On Android Devices on Latest Hacking News.

A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware

An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used to interface with all other Orion system monitoring and management products suffers from a security flaw that could

Joint LEA Operation Took Down Three Bulletproof VPN Services

In a joint operation, the law enforcement authorities from multiple countries recently took down three Bulletproof VPN services. These services

Joint LEA Operation Took Down Three Bulletproof VPN Services on Latest Hacking News.

TaskRabbit Reset Passwords After Credential Stuffing Attack

One more time, TaskRabbit has made it to the news. However, the issue isn’t as severe this time as in

TaskRabbit Reset Passwords After Credential Stuffing Attack on Latest Hacking News.

Flavor And Fragrance Giant Symrise AG Hit By Clop Ransomware

Recently, one more business suffered serious disruptions due to a ransomware attack. This time, the victim is Symrise AG that

Flavor And Fragrance Giant Symrise AG Hit By Clop Ransomware on Latest Hacking News.

Dell Wyse Thin Client Vulnerabilities Could Allow Device Takeover

Highly critical vulnerabilities existed in Dell Wyse Thin client devices. As discovered, exploiting these bugs could let an adversary take

Dell Wyse Thin Client Vulnerabilities Could Allow Device Takeover on Latest Hacking News.

Smart tech gifts: How to keep your kids and family safe

Cyberthreats can take the fun out of connected gadgets – here's how to make sure your children enjoy the tech without putting themselves or their family at risk

The post Smart tech gifts: How to keep your kids and family safe appeared first on WeLiveSecurity

Police Arrest 21 WeLeakInfo Customers Who Bought Breached Personal Data

21 people have been arrested across the UK as part of a nationwide cyber crackdown targeting customers of WeLeakInfo[.]com, a now-defunct online service that had been previously selling access to data hacked from other websites. The suspects used stolen personal credentials to commit further cyber and fraud offences, the NCA said. Of the 21 arrested—all men aged between 18 and 38— nine have been

Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers

New evidence amidst the ongoing probe into the espionage campaign targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "abnormal

Attackers Abusing Citrix NetScaler Devices to Launch Amplified DDoS Attacks

Citrix has issued an emergency advisory warning its customers of a security issue affecting its NetScaler application delivery controller (ADC) devices that attackers are abusing to launch amplified distributed denial-of-service (DDoS) attacks against several targets. "An attacker or bots can overwhelm the Citrix ADC [Datagram Transport Layer Security] network throughput, potentially leading to

7 ways malware can get into your device

You know that malware is bad, but are you also aware of the various common ways in which it can infiltrate your devices?

The post 7 ways malware can get into your device appeared first on WeLiveSecurity

Google Discloses Poorly-Patched, Now Unpatched, Windows 0-Day Bug

Google's Project Zero team has made public details of an improperly patched zero-day security vulnerability in Windows print spooler API that could be leveraged by a bad actor to execute arbitrary code. Details of the unpatched flaw were revealed publicly after Microsoft failed to patch it within 90 days of responsible disclosure on September 24. Originally tracked as CVE-2020-0986, the flaw

North Korean Hackers Trying to Steal COVID-19 Vaccine Research

Threat actors such as the notorious Lazarus group are continuing to tap into the ongoing COVID-19 vaccine research to steal sensitive information to speed up their countries' vaccine-development efforts. Cybersecurity firm Kaspersky detailed two incidents at a pharmaceutical company and a government ministry in September and October leveraging different tools and techniques but exhibiting

How to Defend Against Malware, Phishing, and Scams During COVID-19 Crisis

As if the exponential rise in phishing scams and malware attacks in the last five years wasn't enough, the COVID-19 crisis has worsened it further. The current scenario has given a viable opportunity to cybercriminals to find a way to target individuals, small and large enterprises, government corporations. According to Interpol's COVID-19 Cybercrime Analysis Report, based on the feedback of 194

Law Enforcement Seizes Joker's Stash — Stolen Credit Card Marketplace

The US Federal Bureau of Investigation (FBI) and Interpol have allegedly seized proxy servers used in connection with Blockchain-based domains belonging to Joker's Stash, a notorious fraud bazaar known for selling compromised payment card data in underground forums. The takedown happened last week on December 17. The operators of Joker's Stash operate several versions of the platform, including 

New Critical Flaws in Treck TCP/IP Stack Affect Millions of IoT Devices

The US Cybersecurity Infrastructure and Security Agency (CISA) has warned of critical vulnerabilities in a low-level TCP/IP software library developed by Treck that, if weaponized, could allow remote attackers to run arbitrary commands and mount denial-of-service (DoS) attacks. The four flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier and were reported to the company by Intel. Two of

SolarWinds Cyber Attack – What We Know About It, So Far

The past week was way too hectic for both journalists and the cybersecurity community as the SolarWinds cyber attack caused

SolarWinds Cyber Attack – What We Know About It, So Far on Latest Hacking News.

How to Protect Yourself With a VPN

The words “stay safe” used to be only applied when couples would reach that next level of intimacy. Nowadays you

How to Protect Yourself With a VPN on Latest Hacking News.

How to Avoid Identity Theft and Other Online Scams

One of the top scams worldwide is identity theft. With the right information, scammers can go on a campaign of

How to Avoid Identity Theft and Other Online Scams on Latest Hacking News.

Cybercriminals' Favorite Bulletproof VPN Service Shuts Down In Global Action

Law enforcement agencies from the US, Germany, Netherlands, Switzerland, France, along with Europol's European Cybercrime Centre (EC3), announced today the coordinated takedown of Safe-Inet, a popular virtual private network (VPN) service that was used to facilitate criminal activity. The three domains in question — insorg[.]org, safe-inet[.]com, and safe-inet[.]net — were shut down, and their

What Is the Safest Backup Option Available to Regular Users

When it comes to the subject of backing up data, you’ll find a range of opinions, which can be confusing

What Is the Safest Backup Option Available to Regular Users on Latest Hacking News.

How to secure your business from cyberattacks

All types of businesses are targeted by cyberattacks, so just because you run a small business does not mean that

How to secure your business from cyberattacks  on Latest Hacking News.

Trucking And Freight Company Forward Air Suffered Ransomware Attack

Another day, another ransomware attack has made it to the news. This time, the victim firm is a trucking and

Trucking And Freight Company Forward Air Suffered Ransomware Attack on Latest Hacking News.

Cybersecurity Advent calendar: Stay aware, stay safe!

When it comes to holiday gifts, surprise and wonder are always welcome. When it comes to protecting your security, however, you don’t want to leave anything to chance.

The post Cybersecurity Advent calendar: Stay aware, stay safe! appeared first on WeLiveSecurity

A Second Hacker Group May Have Also Breached SolarWinds, Microsoft Says

As the probe into the SolarWinds supply chain attack continues, new digital forensic evidence has brought to light that a separate threat actor may have been abusing the IT infrastructure provider's Orion software to drop a similar persistent backdoor on target systems. "The investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the

Zero-Click iOS Zero-Day Vulnerability Found Targeting Al-Jazeera Journalists

A new zero-day vulnerability in the iOS devices went under exploit for targeting Al-Jazeera journalists. The latest iOS, though, fixes

Zero-Click iOS Zero-Day Vulnerability Found Targeting Al-Jazeera Journalists on Latest Hacking News.

Two Critical Flaws — CVSS Score 10 — Affect Dell Wyse Thin Client Devices

A team of researchers today unveils two critical security vulnerabilities it discovered in Dell Wyse Thin clients that could have potentially allowed attackers to remotely execute malicious code and access arbitrary files on affected devices. The flaws, which were uncovered by healthcare cybersecurity provider CyberMDX and reported to Dell in June 2020, affects all devices running ThinOS

Common Security Misconfigurations and Their Consequences

Everyone makes mistakes. That one sentence was drummed into me in my very first job in tech, and it has held true since then. In the cybersecurity world, misconfigurations can create exploitable issues that can haunt us later - so let's look at a few common security misconfigurations. The first one is development permissions that don't get changed when something goes live. For example, AWS S3

Mozilla To Roll Out Network Partitioning With Firefox 85

Beginning 2021, Mozilla plans to launch the network partitioning feature with its browser Firefox 85. This new feature will enhance

Mozilla To Roll Out Network Partitioning With Firefox 85 on Latest Hacking News.

iPhones of 36 Journalists Hacked Using iMessage Zero-Click Exploit

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign. In a new report published yesterday by University of Toronto's Citizen Lab, researchers said personal phones of 36 journalists, producers, anchors, and executives at Al Jazeera, and a journalist at London-based Al

Info-stealing Trojan PyMICROPSIA Emerges As New Windows Malware

Another cybersecurity threat is now in the wild aiming at Windows users. Researchers have discovered PyMICROPSIA info-stealing trojan that particularly

Info-stealing Trojan PyMICROPSIA Emerges As New Windows Malware on Latest Hacking News.

28 Chrome And Edge Third-Party Extensions Found Infected With Malware

Researchers found numerous third-party extensions on Google Chrome and Microsoft Edge infected with malware. The malware hijacked traffic supposedly for

28 Chrome And Edge Third-Party Extensions Found Infected With Malware on Latest Hacking News.

AIR-FI Attack Turns RAM In Air-Gapped Systems Into WiFi To Steal Data

Here’s one more threat to the security of air-gapped systems that the admins should take care of. Researchers have devised

AIR-FI Attack Turns RAM In Air-Gapped Systems Into WiFi To Steal Data on Latest Hacking News.

CoderWare Ransomware Masks Itself As Cyberpunk 2077 Mobile Game App

Leveraging the craze the new game has created, threat actors have now begun exploiting the game for malicious activities. As

CoderWare Ransomware Masks Itself As Cyberpunk 2077 Mobile Game App on Latest Hacking News.

Week in security with Tony Anscombe

Supply‑chain attack against a certification authority in Southeast Asia. Holiday online… Safely! Scammers targeting PayPal users. Week in security with Tony Anscombe

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Goontact Spyware Targets Smartphone Users Via Fake Messaging Apps

Once again, third-party app users need to remain vigilant as a new malware is in the wild. Dubbed Goontact, the

Goontact Spyware Targets Smartphone Users Via Fake Messaging Apps on Latest Hacking News.

Weighing the Pros and Cons of Static Application Security Testing

Find out if you should use SAST in your project In 2017, The Open Web Application Security Project (OWASP) released

Weighing the Pros and Cons of Static Application Security Testing on Latest Hacking News.

Building an App: 6 Things to Consider

Building an app is a complicated process. You don’t want to rush through it, otherwise, you may not be happy

Building an App: 6 Things to Consider on Latest Hacking News.

Improving Workplace Security in 7 Easy Steps

Have you ever wondered how to keep your workplace safe and secure? Are you constantly worried about a potential break-in,

Improving Workplace Security in 7 Easy Steps on Latest Hacking News.

The Services You Need To Hire To Build A Quality E-Commerce Website

Building a successful e-commerce website takes a good vision, plenty of planning, and a great deal of effort. That being

The Services You Need To Hire To Build A Quality E-Commerce Website on Latest Hacking News.

6 Great Upgrades to Take Your Game Room to the Next Level

Sooner or later, every avid gamer starts thinking of the way to enhance his or her experience, taking it literally

6 Great Upgrades to Take Your Game Room to the Next Level on Latest Hacking News.

How To Choose A Laptop For Ethical Hacking

So You Want To Be A Hacker There are many good and bad reasons to hack. Since you’re here, I’m

How To Choose A Laptop For Ethical Hacking on Latest Hacking News.

Top 5 online maps to track cyberattacks worldwide

Did you know? Thousands of websites are hacked every day due to vulnerable files, plugins, and their servers’ misconfiguration. This

Top 5 online maps to track cyberattacks worldwide on Latest Hacking News.

Investors Are Choosing Bitcoin Over Gold as The Better Hedge Against Inflation

Introduction Inflation has always been one of the major problems for fiat currencies. No matter which fiat currency we take,

Investors Are Choosing Bitcoin Over Gold as The Better Hedge Against Inflation on Latest Hacking News.

How Social Media Is Contributing to The Popularity of Bitcoin

Introduction Today, there is loads of hype going around in the market related to Blockchain technology and Cryptocurrencies. In 2016,

How Social Media Is Contributing to The Popularity of Bitcoin on Latest Hacking News.

Serious File Upload Vulnerability In Contact Form 7 Threatened Millions Of Websites

Heads up, WordPress admins. A critical vulnerability that potentially threatened the security of millions of websites has recently received a

Serious File Upload Vulnerability In Contact Form 7 Threatened Millions Of Websites on Latest Hacking News.

Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia

ESET researchers have uncovered a supply-chain attack on the website of a government in Southeast Asia.

The post Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia appeared first on WeLiveSecurity

Microsoft Says Its Systems Were Also Breached in Massive SolarWinds Hack

The massive state-sponsored espionage campaign that compromised software maker SolarWinds also targeted Microsoft, as the unfolding investigation into the hacking spree reveals the incident may have been far more wider in scope, sophistication, and impact than previously thought. News of Microsoft's compromise was first reported by Reuters, which also said Microsoft's own products were then used

How did the pandemic change Esports landscape?

2020 can be said to be a tough time for the whole world community. Mainly since the COVID-19 outbreak spread so widely that

How did the pandemic change Esports landscape? on Latest Hacking News.

The Ultimate Guide to Bypassing Geo-restrictions While Streaming

It’s the holiday season, and with multiple lockdowns in action, TV and streaming movies online are the only possible solution

The Ultimate Guide to Bypassing Geo-restrictions While Streaming on Latest Hacking News.

5 Perks of VPN

VPN has become very popular as of late. Everyone seems to be using it, mostly to hide their identity on

5 Perks of VPN on Latest Hacking News.

Easy Tips To Guard Your Files From Most Types Of Hacking

While it can be hard to recall exactly how we functioned before the digital era, we need to remember that

Easy Tips To Guard Your Files From Most Types Of Hacking on Latest Hacking News.

Should You Use End-to-End Encryption for Your Email?

The encrypted email describes a process in which the e-mail messages are encoded in a way that they can not

Should You Use End-to-End Encryption for Your Email? on Latest Hacking News.

How to Use Password Length to Set Best Password Expiration Policy

One of the many features of an Active Directory Password Policy is the maximum password age. Traditional Active Directory environments have long using password aging as a means to bolster password security. Native password aging in the default Active Directory Password Policy is relatively limited in configuration settings. Let's take a look at a few best practices that have changed in regards

Software Supply-Chain Attack Hits Vietnam Government Certification Authority

Cybersecurity researchers today disclosed a new supply-chain attack targeting the Vietnam Government Certification Authority (VGCA) that compromised the agency's digital signature toolkit to install a backdoor on victim systems. Uncovered by Slovak internet security company ESET early this month, the "SignSight" attack involved modifying software installers hosted on the CA's website ("ca.gov.vn

Cybersecurity Advent calendar: Stay close to one another… Safely!

This year, many of us will be celebrating Christmas with our loved ones virtually, however we shouldn’t underestimate the value of securing our online communication.

The post Cybersecurity Advent calendar: Stay close to one another… Safely! appeared first on WeLiveSecurity

Global Cybercrime Costs Reached $1 Trillion In 2020 – Yet Organizations Are Unprepared

The growing cybercrime costs the global economy over $1 trillion, according to the report of McAfee. McAfee, a computer software

Global Cybercrime Costs Reached $1 Trillion In 2020 – Yet Organizations Are Unprepared on Latest Hacking News.

New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor

The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack. A new report published by ReversingLabs today and shared in advance with The Hacker News has revealed

Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy

Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools, according to new research. In a new analysis published by Sophos today and shared with The Hacker News, recent deployments of Ryuk and Egregor ransomware have involved the use of SystemBC backdoor to laterally move across the network and fetch additional payloads

New 5G Network Flaws Let Attackers Track Users' Locations and Steal Data

As 5G networks are being gradually rolled out in major cities across the world, an analysis of its network architecture has revealed a number of potential weaknesses that could be exploited to carry out a slew of cyber assaults, including denial-of-service (DoS) attacks to deprive subscribers of Internet access and intercept data traffic. The findings form the basis of a new "5G Standalone core

What is Geocoding? — How to Find Coordinates of An Address

How can your app hook into a geocoding service that offers forward and reverse geocoding and an auto-completion facility? Geocoding turns a location name or address into geocoordinates. The service gets used by thousands of applications like Uber and Grubhub to track and plot their map data. Yet, it can also help web development by enhancing UX through reverse geocoding. Not to mention

Medical scans of millions of patients exposed online

Other leaked data included a range of personal information such as names, addresses and personal healthcare information.

The post Medical scans of millions of patients exposed online appeared first on WeLiveSecurity

SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to

SolarWinds Issues Second Hotfix for Orion Platform Supply Chain Attack

Network monitoring services provider SolarWinds officially released a second hotfix to address a critical vulnerability in its Orion platform that was exploited to insert malware and breach public and private entities in a wide-ranging espionage campaign. In a new update posted to its advisory page, the company urged its customers to update Orion Platform to version 2020.2.1 HF 2 immediately to

Wormable Gitpaste-12 Botnet Returns to Target Linux Servers, IoT Devices

A new wormable botnet that spreads via GitHub and Pastebin to install cryptocurrency miners and backdoors on target systems has returned with expanded capabilities to compromise web applications, IP cameras, and routers. Early last month, researchers from Juniper Threat Labs documented a crypto-mining campaign called "Gitpaste-12," which used GitHub to host malicious code containing as many as

Download the Essential Guide to Response Automation

In the classic children's movie 'The Princess Bride,' one of the characters utters the phrase, "You keep using that word. I do not think it means what you think it means." It's freely used as a response to someone's misuse or misunderstanding of a word or phrase. "Response Automation" is another one of those phrases that have different meanings to different people. It's bantered around by the

Nearly 18,000 SolarWinds Customers Installed Backdoored Software

SolarWinds, the enterprise monitoring software provider who found itself at the epicenter of the most consequential supply chain attacks, said as many as 18,000 of its high-profile customers might have installed a tainted version of its Orion products. The acknowledgment comes as part of a new filing made by the company to the US Securities and Exchange Commission on Monday. The Texas-based

How scammers target PayPal users and how you can stay safe

What are some common ploys targeting PayPal users? Here’s what you should watch out for when using the popular payment service.

The post How scammers target PayPal users and how you can stay safe appeared first on WeLiveSecurity

Exfiltrating Data from Air-Gapped Computers via Wi-Fi Signals (Without Wi-Fi Hardware)

A security researcher has demonstrated that sensitive data could be exfiltrated from air-gapped computers via a novel technique that leverages Wi-Fi signals as a covert channel—surprisingly, without requiring the presence of Wi-Fi hardware on the targeted systems. Dubbed "AIR-FI," the attack hinges on deploying a specially designed malware in a compromised system that exploits "DDR SDRAM buses

WinZip Trial Popup Vulnerability That Allowed For Malware Attacks – Update Now!

Heads up, WinZip users. Make sure to update to the latest WinZip version as it includes the patch for a

WinZip Trial Popup Vulnerability That Allowed For Malware Attacks – Update Now! on Latest Hacking News.

Intel’s AI Developer Habana Labs Suffered Pay2Key Ransomware Attack

As ransomware attacks continue targeting various firms, the tech giant Intel has now appeared on their radar. Briefly, Intel’s AI

Intel’s AI Developer Habana Labs Suffered Pay2Key Ransomware Attack on Latest Hacking News.

7 Important Tips That Will Help Keep Your Digital Data Safe From Hackers

More personal and business information is being shared and distributed online than ever before. Because of that, it’s important to

7 Important Tips That Will Help Keep Your Digital Data Safe From Hackers on Latest Hacking News.

Tips On How To Record Your Streaming Radio Station

Radio streaming is not something new anymore. It is a conversant form of online entertainment that you do not want

Tips On How To Record Your Streaming Radio Station on Latest Hacking News.

Why Do Hackers Target Online Retailers?

With the current state of the world, both consumers and retailers have shifted their focus from in-store retail to online

Why Do Hackers Target Online Retailers? on Latest Hacking News.

Cyber Security Certifications For Beginners

It is a common question from a student, which cybersecurity certification can be perfect for their career. We know it’s

Cyber Security Certifications For Beginners on Latest Hacking News.

Why Does China Ban VPN? How to Set Up FortiClient VPN for an Uninterrupted Connection

The use of VPNs is currently banned in China. Discover how to access popular websites with Fortinet and how the

Why Does China Ban VPN? How to Set Up FortiClient VPN for an Uninterrupted Connection on Latest Hacking News.

Cybersecurity Best Practices For Employees

Security awareness aims to make all employees aware of information security policies and help us deal with problems. We can

Cybersecurity Best Practices For Employees on Latest Hacking News.

Why Programmers Should Think Like Hackers

It’s funny how much attention hackers get. They are the bad boys of the digital world. As such, they get

Why Programmers Should Think Like Hackers on Latest Hacking News.

6 Ways to Keep Employer Data Safe When Working Remotely

With the evolution of technology and its other facilities, many companies have dared to expand their businesses in other states

6 Ways to Keep Employer Data Safe When Working Remotely on Latest Hacking News.

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. "SoReL-20M" (short for Sophos-ReversingLabs – 20 Million), as it's called, is a dataset containing metadata, labels

Password Reset Vulnerability In WordPress SMTP Plugin Under Attack – Update Now!

Heads up, WordPress admins. The WordPress SMTP plugin has a serious vulnerability that allows an adversary to reset passwords and

Password Reset Vulnerability In WordPress SMTP Plugin Under Attack – Update Now! on Latest Hacking News.

Depix Tool Retrieves Passwords From Pixelized Images

For all those who thought saving passwords as pictures, rather distorted pictures is a great idea – things have changed.

Depix Tool Retrieves Passwords From Pixelized Images on Latest Hacking News.

US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor

State-sponsored actors allegedly working for Russia have targeted the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies to monitor internal email traffic as part of a widespread cyberespionage campaign. The Washington Post, citing unnamed sources, said the latest attacks were the work of APT29 or Cozy Bear, the

Cisco Fixes Vulnerabilities In The Jabber Mobile And Desktop Clients

Cisco has recently rolled out patches for multiple vulnerabilities affecting the Jabber web conferencing platform. Exploiting these vulnerabilities could allow

Cisco Fixes Vulnerabilities In The Jabber Mobile And Desktop Clients on Latest Hacking News.

Critical CSRF Vulnerability Found In Glassdoor Platform

A serious security vulnerability affected the popular job and business review platform Glassdoor. The researcher found a CSRF vulnerability in

Critical CSRF Vulnerability Found In Glassdoor Platform on Latest Hacking News.

Starbucks Mobile Platform Vulnerability Could Lead To Remote Code Execution

Starbucks has recently addressed a critical vulnerability affecting its mobile platform. The bug, upon exploitation, could severely threaten the platform

Starbucks Mobile Platform Vulnerability Could Lead To Remote Code Execution on Latest Hacking News.

Microsoft December Patch Tuesday Out With 58 Security Fixes

Microsoft has released the last monthly scheduled updates of 2020 this week. The December Patch Tuesday is the second smallest

Microsoft December Patch Tuesday Out With 58 Security Fixes on Latest Hacking News.

Week in security with Tony Anscombe

ESET researchers discovered that chat software called Able Desktop, part of a business management suite popular in Mongolia was used to deliver the HyperBro backdoor (commonly used by LuckyMouse), the Korplug RAT , and a RAT called Tmanger. A Q&A with security researcher Alejandro Hernández, who has unearthed a long list of vulnerabilities in leading online trading platforms that may expose their users to a host of security and privacy

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Is your trading app putting your money at risk?

A Q&A with security researcher Alejandro Hernández, who has unearthed a long list of vulnerabilities in leading trading platforms that may expose their users to a host of security and privacy risks

The post Is your trading app putting your money at risk? appeared first on WeLiveSecurity

Mount Locker Ransomware Offering Double Extortion Scheme to Other Hackers

A relatively new ransomware strain behind a series of breaches on corporate networks has developed new capabilities that allow it to broaden the scope of its targeting and evade security software—as well as with ability for its affiliates to launch double extortion attacks. The MountLocker ransomware, which only began making the rounds in July 2020, has already gained notoriety for stealing

Watch Out! Adrozek Malware Hijacking Chrome, Firefox, Edge, Yandex Browsers

Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising. "Adrozek," as it's called by the Microsoft 365 Defender Research Team, employs an "expansive, dynamic attacker infrastructure" consisting of 159 unique domains, each of which hosts an average of

Governance Considerations for Democratizing Your Organization's Data in 2021

With the continuing rise of IoT devices, mobile networks, and digital channels, companies face a lot of pressure to generate meaningful and actionable insights from the wealth of data they capture. Gartner Research lists data democratization as one of the top strategic technology trends to watch out for.  While empowering non-technical users to run ad-hoc reports gives enterprises the ability to

Cybersecurity Advent calendar: Tips for buying gifts and not receiving coal

While shopping for the perfect presents, be on the lookout for naughty cybercriminals trying to ruin your Christmas cheer by tricking you out of both gifts and money

The post Cybersecurity Advent calendar: Tips for buying gifts and not receiving coal appeared first on WeLiveSecurity

Operation StealthyTrident: corporate software under attack

LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in Mongolian supply-chain attack

The post Operation StealthyTrident: corporate software under attack appeared first on WeLiveSecurity

Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam

Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware. Tracked as APT32 (or Bismuth, OceanLotus, and Cobalt Kitty), the state-aligned operatives affiliated with the Vietnam government have been known for