Flaw in the Quebec vaccine passport: analysis

ESET's cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec's vaccine proof apps VaxiCode and VaxiCode Verif.

The post Flaw in the Quebec vaccine passport: analysis appeared first on WeLiveSecurity

Don’t use single‑factor authentication, warns CISA

The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods

The post Don’t use single‑factor authentication, warns CISA appeared first on WeLiveSecurity

Vaccine passports: Is your personal data in safe hands?

Vaccination passports may facilitate the return to normalcy, but there are also concerns about what kinds of personal data they collect and how well they protect it. Here’s what you should know.

The post Vaccine passports: Is your personal data in safe hands? appeared first on WeLiveSecurity

What Can You Learn from a Reverse IP Lookup?

These days when attacks occur every minute, cybersecurity has become an utmost priority for individuals…

What Can You Learn from a Reverse IP Lookup? on Latest Hacking News.

Malware Analysis Online: Why You Need It Now For Your Cloud Environment

There is rarely a company today that has not at least part of their environment…

Malware Analysis Online: Why You Need It Now For Your Cloud Environment on Latest Hacking News.

Bangkok Airways Disclosed Data Breach Following A Possible Ransomware Attack

Bangkok Airways admitted the data breach happened following an unfortunate cyber attack. While they didn’t…

Bangkok Airways Disclosed Data Breach Following A Possible Ransomware Attack on Latest Hacking News.

Cream Finance Crypto Exchange Hacked – Lost $29 Million To Attackers

Heads up, crypto users. Another cryptocurrency exchange has suffered a cyber attack losing assets worth…

Cream Finance Crypto Exchange Hacked – Lost $29 Million To Attackers on Latest Hacking News.

Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms

New vulnerabilities have been discovered in Fortress S03 Wi-Fi Home Security System that could be potentially abused by a malicious party to gain unauthorized access with an aim to alter system behavior, including disarming the devices without the victim's knowledge. The two unpatched issues, tracked under the identifiers CVE-2021-39276 (CVSS score: 5.3) and CVE-2021-39277 (CVSS score: 5.7),

Researchers Propose Machine Learning-based Bluetooth Authentication Scheme

A group of academics has proposed a machine learning approach that uses authentic interactions between devices in Bluetooth networks as a foundation to handle device-to-device authentication reliably. Called "Verification of Interaction Authenticity" (aka VIA), the recurring authentication scheme aims to solve the problem of passive, continuous authentication and automatic deauthentication once

CISA Adds Single-Factor Authentication to the List of Bad Practices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks. Single-factor authentication is a method of signing in users to websites and remote systems by

New Microsoft Exchange 'ProxyToken' Flaw Lets Attackers Reconfigure Mailboxes

Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information (PII). The issue, tracked as CVE-2021-33766 (CVSS score: 7.3) and coined "ProxyToken," was discovered by Le Xuan Tuyen, a researcher at the

Singapore Eye Clinic Suffered Ransomware Attack, Lost 73,000 Patients Data

Another public service has suffered a cyberattack. The latest victim is an eye clinic in…

Singapore Eye Clinic Suffered Ransomware Attack, Lost 73,000 Patients Data on Latest Hacking News.

FBI Alerts About Hive Ransomware Amidst Rising Attacks On Healthcare Systems

FBI has recently issued a detailed alert about the Hive ransomware that is actively targeting…

FBI Alerts About Hive Ransomware Amidst Rising Attacks On Healthcare Systems on Latest Hacking News.

Critical Vulnerability In Annke Network Video Recorder Could Allow RCE Attacks

A serious security vulnerability in Annke Network Video Recorder (NVR) could allow critical remote code…

Critical Vulnerability In Annke Network Video Recorder Could Allow RCE Attacks on Latest Hacking News.

Boston Public Library Suffers Outages Following A Cyber Attack

One of the oldest and the largest libraries in the US, the Boston Public Library,…

Boston Public Library Suffers Outages Following A Cyber Attack on Latest Hacking News.

T-Mobile Breach Update: CEO Confirmed Brute Force Attack On Network

The firm’s CEO has finally come up with an update about the breach that affected…

T-Mobile Breach Update: CEO Confirmed Brute Force Attack On Network on Latest Hacking News.

Ragnarok Ransomware Released Decryption Keys With No Formal Departure Notice

The notorious Ragnarok ransomware has seemingly shut down its operations. Although the gang didn’t appear…

Ragnarok Ransomware Released Decryption Keys With No Formal Departure Notice on Latest Hacking News.

Glowworm Attack Retrieves Sound From Devices Via LED Indicators

Another viable spying strategy has surfaced online as researchers teamed up to leverage optical changes…

Glowworm Attack Retrieves Sound From Devices Via LED Indicators on Latest Hacking News.

Samsung Release TV Block Feature That Disables Stolen TVs Remotely

Samsung has recently disclosed a feature already available with its TV sets that can disable…

Samsung Release TV Block Feature That Disables Stolen TVs Remotely on Latest Hacking News.

New iOS Zero-Click Exploited In Bahrain To Deploy Pegasus Spyware

NSO’s Pegasus spyware keeps making it to the news due to its high stealth functionalities…

New iOS Zero-Click Exploited In Bahrain To Deploy Pegasus Spyware on Latest Hacking News.

Malicious WhatsApp Mod FMWhatsapp Delivers Trojan On Android Devices

A malicious update to the FMWhatsApp WhatsApp mod infects target Android devices with the Triada…

Malicious WhatsApp Mod FMWhatsapp Delivers Trojan On Android Devices on Latest Hacking News.

How Does MTA-STS Improve Your Email Security?

Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage (e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now), and therefore security was not an important consideration.  As a result, in most email systems encryption is still opportunistic,

7 Security Tools to Safeguard Enterprise Data

With so many companies turning to remote work, sensitive enterprise data is flying across the…

7 Security Tools to Safeguard Enterprise Data on Latest Hacking News.

Get Lifetime Access to 24 Professional Cybersecurity Certification Prep Courses

Not all heroes wear capes. Cybersecurity professionals are digital warriors who use their knowledge and skill to battle malicious hackers.  Sounds like an exciting career, right?  If the comic-book comparisons aren’t working for you, perhaps some figures will. According to ZipRecruiter, the average salary of a cybersecurity professional is just over $100,000 a year. The Complete 2021

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption." Called LockFile, the operators of the ransomware has been found exploiting recently disclosed flaws such as ProxyShell and PetitPotam to compromise Windows servers and deploy file-encrypting malware that scrambles only

Microsoft Warns of Widespread Phishing Attacks Using Open Redirects

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365

Misconfigurations in Microsoft Power Apps Leaked Millions Of Records From Multiple Firms

Due to privacy blunders in Microsoft Power Apps, many firms from different sectors leaked data…

Misconfigurations in Microsoft Power Apps Leaked Millions Of Records From Multiple Firms on Latest Hacking News.

Multiple Vulnerabilities Spotted In elFinder File Manager WordPress Plugin

Numerous critical security vulnerabilities riddled the file manager plugin elFinder. Exploiting these bugs could allow…

Multiple Vulnerabilities Spotted In elFinder File Manager WordPress Plugin on Latest Hacking News.

Week in security with Tony Anscombe

ESET research discovers SideWalk backdoor – Why data breach costs have never been higher – 620,000 personal pictures stolen from iCloud accounts

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Beyond the pandemic: Why are data breach costs at an all‑time high?

It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges.

The post Beyond the pandemic: Why are data breach costs at an all‑time high? appeared first on WeLiveSecurity

Microsoft, Google to Invest $30 Billion in Cybersecurity Over Next 5 Years

Google and Microsoft said they are pledging to invest a total of $30 billion in cybersecurity advancements over the next five years, as the U.S. government partners with private sector companies to address threats facing the country in the wake of a string of sophisticated malicious cyber activity targeting critical infrastructure, laying bare the risks to data, organizations, and governments

Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers

U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure (

Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers

Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. The flaw, which grants read, write, and delete privileges, has been dubbed "ChaosDB," with Wiz researchers noting that "the

Man impersonates Apple support, steals 620,000 photos from iCloud accounts

The man was after sexually explicit photos and videos that he would then share online or store in his own collection

The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity

The Increased Liability of Local In-home Propagation

Today I discuss an attack vector conducive to cross-organizational spread, in-home local propagation. Though often overlooked, this vector is especially relevant today, as many corporate employees remain working from home. In this post, I contrast in-home local propagation with traditional vectors through which a threat (ransomware in particular) spreads throughout an organization. I discuss the

F5 Releases Critical Security Patches for BIG-IP and BIG-IQ Devices

Enterprise security and network appliance vendor F5 has released patches for more than two dozen security vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ devices that could potentially allow an attacker to perform a wide range of malicious actions, including accessing arbitrary files, escalating privileges, and executing JavaScript code. Of the 29 bugs addressed, 13 are

New Passwordless Verification API Uses SIM Security for Zero Trust Remote Access

Forget watercooler conspiracies or boardroom battles. There's a new war in the office. As companies nudge their staff to return to communal workspaces, many workers don't actually want to – more than 50 percent of employees would rather quit, according to research by EY.  While HR teams worry over the hearts and minds of staff, IT security professionals have a different battle plan to draft –

VMware Issues Patches to Fix New Flaws Affecting Multiple Products

VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses (from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 - 8.6) affect VMware vRealize Operations (prior to version 8.5.0), VMware Cloud Foundation (versions 3.x and 4.x), and

Critical Flaw Discovered in Cisco APIC for Switches — Patch Released

Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system. Tracked as CVE-2021-1577 (CVSS score: 9.1), the issue — which is due to improper access control — could

Preventing your Cloud 'Secrets' from Public Exposure: An IDE plugin solution

I'm sure you would agree that, in today's digital world, the majority of applications we work on require some type of credentials – to connect to a database with a username/password, to access computer programs via authorized tokens, or API keys to invoke services for authentication. Credentials, or sometimes just referred to as 'Secrets,' are pieces of user or system-level confidential

Researchers Uncover FIN8's New Backdoor Targeting Financial Institutions

A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed "Sardonic" by Romanian

B.Braun Infusomat Pumps Could Let Attackers Remotely Alter Medication Dosages

Cybersecurity researchers have disclosed five previously unreported security vulnerabilities affecting B. Braun's Infusomat Space Large Volume Pump and SpaceStation that could be abused by malicious parties to tamper with medication doses without any prior authentication. McAfee, which discovered and reported the flaws to the German medical and pharmaceutical device company on January 11, 2021, 

New SideWalk Backdoor Targets U.S.-based Computer Retail Business

A computer retail company based in the U.S. was the target of a previously undiscovered implant called SideWalk as part of a recent campaign undertaken by a Chinese advanced persistent threat group primarily known for singling out entities in East and Southeast Asia. Slovak cybersecurity firm attributed the malware to an advanced persistent threat it tracks under the moniker SparklingGoblin, an

Microsoft Power Apps misconfiguration exposes millions of records

The caches of data that were publicly accessible included names, email addresses and social security numbers

The post Microsoft Power Apps misconfiguration exposes millions of records appeared first on WeLiveSecurity

The SideWalk may be as dangerous as the CROSSWALK

Meet SparklingGoblin, a member of the Winnti family

The post The SideWalk may be as dangerous as the CROSSWALK appeared first on WeLiveSecurity

Can a VPN Protect You from Hackers? How It Keeps You Secure – And How It Doesn’t

VPNs have entered the cybersecurity mainstream. Whether people initially wanted more protection for their personal…

Can a VPN Protect You from Hackers? How It Keeps You Secure – And How It Doesn’t on Latest Hacking News.

Poly Network Thanks ‘Mr. WhiteHat’ For Returning Stolen Crypto Totalling $610 million

Recently,  Poly Network crypto exchange made it into the news for a huge crypto heist.…

Poly Network Thanks ‘Mr. WhiteHat’ For Returning Stolen Crypto Totalling $610 million on Latest Hacking News.

Modified Version of WhatsApp for Android Spotted Installing Triada Trojan

A modified version of the WhatsApp messaging app for Android has been trojanized to serve malicious payloads, display full-screen ads, and sign up device owners for unwanted premium subscriptions without their knowledge. "The Trojan Triada snuck into one of these modified versions of the messenger called FMWhatsApp 16.80.0 together with the advertising software development kit (SDK),"

Bahraini Activists Targeted Using a New iPhone Zero-Day Exploit From NSO Group

A previously undisclosed "zero-click" exploit in Apple's iMessage was abused by Israeli surveillance vendor NSO Group to circumvent iOS security protections and target nine Bahraini activists. "The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq

Researchers Warn of 4 Emerging Ransomware Groups That Can Cause Havoc

Cybersecurity researchers on Tuesday took the wraps off four up-and-coming ransomware groups that could pose a serious threat to enterprises and critical infrastructure, as the ripple effect of a recent spurt in ransomware incidents show that attackers are growing more sophisticated and more profitable in extracting payouts from victims. "While the ransomware crisis appears poised to get worse

38 Million Records Exposed from Microsoft Power Apps of Dozens of Organisations

More than 38 million records from 47 different entities that rely on Microsoft's Power Apps portals platform were inadvertently left exposed online, bringing into sharp focus a "new vector of data exposure." "The types of data varied between portals, including personal information used for COVID-19 contact tracing, COVID-19 vaccination appointments, social security numbers for job applicants,

US State Department Reportedly Suffered Cyber Attack

As more and more cyber threats aim at the United States, the recent victim has…

US State Department Reportedly Suffered Cyber Attack on Latest Hacking News.

LockFile Ransomware Exploits PetiPotam To Attack Windows Domains

Microsoft has recently fixed a severe vulnerability that could allow PetiPotam NTLM relay attacks. However,…

LockFile Ransomware Exploits PetiPotam To Attack Windows Domains on Latest Hacking News.

Steam Wallet API Vulnerability Discovered – Allowed For Addition of Unlimited Funds

Valve has recently addressed a serious API vulnerability that could allow an adversary to add…

Steam Wallet API Vulnerability Discovered – Allowed For Addition of Unlimited Funds on Latest Hacking News.

Pakistan’s FBR Suffered Cyber Attack – Network Access Sold On Dark Web

A major law enforcement entity in Pakistan managing taxation matters and revenue collection, the Federal…

Pakistan’s FBR Suffered Cyber Attack – Network Access Sold On Dark Web on Latest Hacking News.

Navigating Vendor Risk Management as IT Professionals

One of the great resources available to businesses today is the large ecosystem of value-added services and solutions. Especially in technology solutions, there is no end to the services of which organizations can avail themselves. In addition, if a business needs a particular solution or service they don't handle in-house, there is most likely a third-party vendor that can take care of that for

Researchers Detail Modus Operandi of ShinyHunters Cyber Crime Group

ShinyHunters, a notorious cybercriminal underground group that's been on a data breach spree since last year, has been observed searching companies' GitHub repository source code for vulnerabilities that can be abused to stage larger scale attacks, an analysis of the hackers' modus operandi has revealed. "Primarily operating on Raid Forums, the collective's moniker and motivation can partly be

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That's according to an in-depth look at the Linux threat landscape published by U.S.-Japanese cybersecurity firm Trend Micro, detailing the top

SEOPress WordPress Plugin Vulnerability Potentially Risked Over 100K Sites

A serious vulnerability in the SEOPress plugin posed a threat to thousands of WordPress websites.…

SEOPress WordPress Plugin Vulnerability Potentially Risked Over 100K Sites on Latest Hacking News.

Microsoft Exchange Under Attack With ProxyShell Flaws; Over 1900 Servers Hacked!

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL

Week in security with Tony Anscombe

Who is actually paying the ransom demand? – Be careful about what you throw away – Records from a terrorist watchlist exposed online

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Hackers swipe almost $100 million from major cryptocurrency exchange

Japanese cryptocurrency exchange Liquid suspends cryptocurrency deposits and withdrawals and moves its assets into cold storage

The post Hackers swipe almost $100 million from major cryptocurrency exchange appeared first on WeLiveSecurity

Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps

Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service (DDoS) attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industry last month. "Within seconds, the botnet bombarded the Cloudflare edge with over 330 million

ShadowPad Malware is Becoming a Favorite Choice of Chinese Espionage Groups

ShadowPad, an infamous Windows backdoor that allows attackers to download further malicious modules or steal data, has been put to use by five different Chinese threat clusters since 2017. "The adoption of ShadowPad significantly reduces the costs of development and maintenance for threat actors," SentinelOne researchers Yi-Jhen Hsieh and Joey Chen said in a detailed overview of the malware,

Vulnerability In Ford Servers Could Have Exposed Sensitive Internal Documents And Databases

Ford has recently patched a serious vulnerability affecting its servers that potentially exposed sensitive internal…

Vulnerability In Ford Servers Could Have Exposed Sensitive Internal Documents And Databases on Latest Hacking News.

Cybercrime Group Asking Insiders for Help in Planting Ransomware

A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme. "The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then they would be paid $1 million in bitcoin, or 40% of the

Realtek SDK Bugs Make Various IoT Devices Vulnerable To RCE Attacks

Realtek has recently addressed serious security issues in its SDK within numerous routers. Exploiting these…

Realtek SDK Bugs Make Various IoT Devices Vulnerable To RCE Attacks on Latest Hacking News.

Why outsourcing is good for your company?

The lack of qualified personnel, lack of funding and many other reasons for the delegation…

Why outsourcing is good for your company? on Latest Hacking News.

What You Need to Know About Kubernetes

More and more companies are undergoing digital transformation in the last couple of years. In…

What You Need to Know About Kubernetes on Latest Hacking News.

Cloud Security – What is the Weakest Link?

Digital technology has become a huge part of businesses today, fundamentally changing the way we…

Cloud Security – What is the Weakest Link? on Latest Hacking News.

CoinGeek Crime Bounty Program Launched to Identify Person Behind Recent BSV Attacks

The BSV network has been victimized recently by two sets of malicious block reorganization attacks.…

CoinGeek Crime Bounty Program Launched to Identify Person Behind Recent BSV Attacks on Latest Hacking News.

T-Mobile Suffered Data Breach (Again) – 100 Million Customers Affected

T-Mobile has once again made it to the news after suffering another cyber attack. This…

T-Mobile Suffered Data Breach (Again) – 100 Million Customers Affected on Latest Hacking News.

Colonial Pipeline Confirmed Data Breach Months After The Ransomware Attack

Colonial Pipeline made it to the news for suffering a devastating cyberattack that disrupted fuel…

Colonial Pipeline Confirmed Data Breach Months After The Ransomware Attack on Latest Hacking News.

Ransomware Gangs To Exploit PrintNightmare Bugs In Future Attacks

While cybercriminals already hunt for unpatched bugs to exploit, things become easy if the vendors…

Ransomware Gangs To Exploit PrintNightmare Bugs In Future Attacks on Latest Hacking News.

Mozilla Rolls Out HTTPS By Default In Private Browsing Mode With Firefox 91

Mozilla has taken another step towards protecting users from common cyber scams. With the latest…

Mozilla Rolls Out HTTPS By Default In Private Browsing Mode With Firefox 91 on Latest Hacking News.

After Patching PrintNightmare – Microsoft Has One More Print Spooler Zero-Day To Fix

It hasn’t been long since Microsoft patched the infamous PrintNightmare security vulnerabilities. In fact, the…

After Patching PrintNightmare – Microsoft Has One More Print Spooler Zero-Day To Fix on Latest Hacking News.

Mozi IoT Botnet Now Also Targets Netgear, Huawei, and ZTE Network Gateways

Mozi, a peer-to-peer (P2P) botnet known to target IoT devices, has gained new capabilities that allow it to achieve persistence on network gateways manufactured by Netgear, Huawei, and ZTE, according to new findings. "Network gateways are a particularly juicy target for adversaries because they are ideal as initial access points to corporate networks," researchers at Microsoft Security Threat

Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed

A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019. Tracked as CVE-2021-34730 (CVSS score: 9.8), the issue resides in the routers' Universal Plug-and-Play (UPnP) service, enabling an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart

Are you, the customer, the one paying the ransomware demand?

Ransomware payments may have greater implications than you thought – and not just for the company that gave in to the attackers’ demands

The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity

Researchers Find New Evidence Linking Diavol Ransomware to TrickBot Gang

Cybersecurity researchers have disclosed details about an early development version of a nascent ransomware strain called Diavol that has been linked to threat actors behind the infamous TrickBot syndicate. The latest findings from IBM X-Force show that the ransomware sample shares similarities to other malware that has been attributed to the cybercrime gang, thus establishing a clearer

Health authorities in 40 countries targeted by COVID‑19 vaccine scammers

Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns

The post Health authorities in 40 countries targeted by COVID‑19 vaccine scammers appeared first on WeLiveSecurity

Critical ThroughTek SDK Bug Could Let Attackers Spy On Millions of IoT Devices

A security vulnerability has been found affecting several versions of ThroughTek Kalay P2P Software Development Kit (SDK), which could be abused by a remote attacker to take control of an affected device and potentially lead to remote code execution. Tracked as CVE-2021-28372 (CVSS score: 9.6) and discovered by FireEye Mandiant in late 2020, the weakness concerns an improper access control flaw

BadAlloc Flaw Affects BlackBerry QNX Used in Millions of Cars and Medical Devices

A major vulnerability affecting older versions of BlackBerry's QNX Real-Time Operating System (RTOS) could allow malicious actors to cripple and gain control of a variety of products, including cars, medical, and industrial equipment. The shortcoming (CVE-2021-22156, CVSS score: 9.0) is part of a broader collection of flaws, collectively dubbed BadAlloc, that was originally disclosed by

Iranian Hackers Target Several Israeli Organizations With Supply-Chain Attacks

IT and communication companies in Israel were at the center of a supply chain attack campaign spearheaded by an Iranian threat actor that involved impersonating the firms and their HR personnel to target victims with fake job offers in an attempt to penetrate their computers and gain access to the company's clients. The attacks, which occurred in two waves in May and July 2021, have been linked

Does a VPN Protect You from Hackers?

A virtual private network (VPN) is the perfect solution for a lot of issues you might experience online- accessing blocked sites, hiding your browsing activity, getting rid of internet throttling, finding better deals, and much more.  But does a VPN protect you from hackers? Is your private information and files safer on the internet with a VPN? How much of a difference does it make in terms of