- Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws
The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML.
The post Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws appeared first on WeLiveSecurity
- WhatsApp announces end‑to‑end encrypted backups
The Facebook-owned messaging service plans to roll out the feature to both iOS and Android users in the coming weeks.
The post WhatsApp announces end‑to‑end encrypted backups appeared first on WeLiveSecurity
- What is a cyberattack surface and how can you reduce it?
Discover the best ways to mitigate your organization's attack surface, in order to maximize cybersecurity.
The post What is a cyberattack surface and how can you reduce it? appeared first on WeLiveSecurity
- Beware of these 5 common scams you can encounter on Instagram
From cybercriminal evergreens like phishing to the verification badge scam, we look at the most common tactics fraudsters use to trick their victims
The post Beware of these 5 common scams you can encounter on Instagram appeared first on WeLiveSecurity
- Week in security with Tony Anscombe
Cyberespionnage against Kurdish ethnic group, and more! – Week in security with Tony Anscombe
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
- Victims duped out of US$1.8 million by BEC and Romance scam ring
Elderly men and women were the main targets of the romance scams operated by the fraudsters.
The post Victims duped out of US$1.8 million by BEC and Romance scam ring appeared first on WeLiveSecurity
- Howard University suffers cyberattack, suspends online classes in aftermath
The university suffered a ransomware attack; however, there is no evidence so far of data being accessed or stolen.
The post Howard University suffers cyberattack, suspends online classes in aftermath appeared first on WeLiveSecurity
- ProtonMail forced to log user’s IP address after an order from Swiss authorities
Following the incident the company has updated its website and privacy policy to clarify its legal obligations to its userbase
The post ProtonMail forced to log user’s IP address after an order from Swiss authorities appeared first on WeLiveSecurity
- BladeHawk group: Android espionage against Kurdish ethnic group
ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group, and that has been active since at least March 2020.
The post BladeHawk group: Android espionage against Kurdish ethnic group appeared first on WeLiveSecurity
- Week in security with Tony Anscombe
Vaccination passports - what you need to know. A guide to kids' smartphone security. CISA lists single-factor authentication as bad practice.
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
- A parent’s guide to smartphone security
Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks, we’ve prepared some handy tips on how to keep their devices secure.
The post A parent’s guide to smartphone security appeared first on WeLiveSecurity
- Twitter introduces new feature to automatically block abusive behavior
Dubbed Safety Mode, the feature will temporarily block authors of offensive tweets from being able to contact or follow users.
The post Twitter introduces new feature to automatically block abusive behavior appeared first on WeLiveSecurity
- Flaw in the Quebec vaccine passport: analysis
ESET cybersecurity expert Marc-Étienne Léveillé analyses in-depth the Quebec vaccine proof apps VaxiCode and VaxiCode Verif.
The post Flaw in the Quebec vaccine passport: analysis appeared first on WeLiveSecurity
- Don’t use single‑factor authentication, warns CISA
The federal agency urges organizations to ditch the bad practice and instead use multi-factor authentication methods
The post Don’t use single‑factor authentication, warns CISA appeared first on WeLiveSecurity
- Vaccine passports: Is your personal data in safe hands?
Vaccination passports may facilitate the return to normalcy, but there are also concerns about what kinds of personal data they collect and how well they protect it. Here’s what you should know.
The post Vaccine passports: Is your personal data in safe hands? appeared first on WeLiveSecurity
- Week in security with Tony Anscombe
ESET research discovers SideWalk backdoor – Why data breach costs have never been higher – 620,000 personal pictures stolen from iCloud accounts
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
- Beyond the pandemic: Why are data breach costs at an all‑time high?
It might be tempting to blame the record-high costs of data breaches on the COVID-19 pandemic alone. But dig deeper and a more nuanced picture emerges.
The post Beyond the pandemic: Why are data breach costs at an all‑time high? appeared first on WeLiveSecurity
- Man impersonates Apple support, steals 620,000 photos from iCloud accounts
The man was after sexually explicit photos and videos that he would then share online or store in his own collection
The post Man impersonates Apple support, steals 620,000 photos from iCloud accounts appeared first on WeLiveSecurity
- Microsoft Power Apps misconfiguration exposes millions of records
The caches of data that were publicly accessible included names, email addresses and social security numbers
The post Microsoft Power Apps misconfiguration exposes millions of records appeared first on WeLiveSecurity
- The SideWalk may be as dangerous as the CROSSWALK
Meet SparklingGoblin, a member of the Winnti family
The post The SideWalk may be as dangerous as the CROSSWALK appeared first on WeLiveSecurity
- Week in security with Tony Anscombe
Who is actually paying the ransom demand? – Be careful about what you throw away – Records from a terrorist watchlist exposed online
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
- Hackers swipe almost $100 million from major cryptocurrency exchange
Japanese cryptocurrency exchange Liquid suspends cryptocurrency deposits and withdrawals and moves its assets into cold storage
The post Hackers swipe almost $100 million from major cryptocurrency exchange appeared first on WeLiveSecurity
- Are you, the customer, the one paying the ransomware demand?
Ransomware payments may have greater implications than you thought – and not just for the companies that paid up
The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity
- Health authorities in 40 countries targeted by COVID‑19 vaccine scammers
Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns
The post Health authorities in 40 countries targeted by COVID‑19 vaccine scammers appeared first on WeLiveSecurity
- Nearly 2 million records from terrorist watchlist exposed online
The secret list was exposed online for three weeks, allowing anyone to access it without any kind of authentication
The post Nearly 2 million records from terrorist watchlist exposed online appeared first on WeLiveSecurity
- Dumpster diving is a filthy business
One man’s trash is another man’s treasure – here’s why you should think twice about what you toss in the recycling bin
The post Dumpster diving is a filthy business appeared first on WeLiveSecurity
- Week in security with Tony Anscombe
How IISpy spies on its victims and stays under the radar – IISerpent tampers with search engine results – How to avoid falling prey to ransomware
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
- Examining threats to device security in the hybrid workplace
As employees split their time between office and off-site work, there’s a greater potential for company devices and data to fall into the wrong hands
The post Examining threats to device security in the hybrid workplace appeared first on WeLiveSecurity
- IISerpent: Malware‑driven SEO fraud as a service
The last in our series on IIS threats introduces a malicious IIS extension used to manipulate page rankings for third-party websites
The post IISerpent: Malware‑driven SEO fraud as a service appeared first on WeLiveSecurity
- Deepfakes – the bot made me do it
As deepfakes become indistinguishable from reality and the potential for the misuse of synthetic content is virtually endless, what can you do to avoid falling victim to deepfake fraud?
The post Deepfakes – the bot made me do it appeared first on WeLiveSecurity
- Ransomware runs rampant, so how can you combat this threat?
A new paper explains how ransomware has become one of the top cyberthreats of the day and how your organization can avoid becoming the next victim
The post Ransomware runs rampant, so how can you combat this threat? appeared first on WeLiveSecurity
- DEF CON 29: Satellite hacking 101
How poking at the innards of satellites can make the future of cybersecurity in space more palatable
The post DEF CON 29: Satellite hacking 101 appeared first on WeLiveSecurity
- IISpy: A complex server‑side backdoor with anti‑forensic features
The second in our series on IIS threats dissects a malicious IIS extension that employs nifty tricks in an attempt to secure long-term espionage on the compromised servers
The post IISpy: A complex server‑side backdoor with anti‑forensic features appeared first on WeLiveSecurity
- Week in security with Tony Anscombe
ESET research dissects IIS web server threats – How IIStealer steals credit card data – The flood of spam in your inbox
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
- Black Hat 2021: Lessons from a lawyer
Why companies and their security teams need to engage with a lawyer before an incident occurs
The post Black Hat 2021: Lessons from a lawyer appeared first on WeLiveSecurity
- Black Hat 2021: Wanted posters for ransomware slingers
Is the net closing in on cyber-extortionists and can bounties on their collective heads ultimately help stem the ransomware scourge?
The post Black Hat 2021: Wanted posters for ransomware slingers appeared first on WeLiveSecurity
- IIStealer: A server‑side threat to e‑commerce transactions
The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information
The post IIStealer: A server‑side threat to e‑commerce transactions appeared first on WeLiveSecurity
- Anatomy of native IIS malware
ESET researchers publish a white paper putting IIS web server threats under the microscope
The post Anatomy of native IIS malware appeared first on WeLiveSecurity
- Is your personal information being abused?
Drowning in spam? A study presented at Black Hat USA 2021 examines if sharing your personal information with major companies contributes to the deluge of nuisance emails, texts and phone calls.
The post Is your personal information being abused? appeared first on WeLiveSecurity
- Why cloud security is the key to unlocking value from hybrid working
How can companies and employees who start to adapt to hybrid working practices protect themselves against cloud security threats?
The post Why cloud security is the key to unlocking value from hybrid working appeared first on WeLiveSecurity
- Black Hat 2021 – non‑virtual edition
How is Black Hat USA 2021 different from the past editions of the conference and what are the themes may steal the show this year?
The post Black Hat 2021 – non‑virtual edition appeared first on WeLiveSecurity
- On course for a good hacking
A story of how easily hackers could hit a hole-in-one with the computer network of a premier golf club in the UK.
The post On course for a good hacking appeared first on WeLiveSecurity
- Week in security with Tony Anscombe
Fraud taking aim at Airbnb users – Common scams doing the rounds on Amazon – Insider threats in the age of hybrid work
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
- Watch out for these scams targeting Amazon customers
Most people are fans of the convenience Amazon brings to online shopping, and that’s precisely what cybercriminals are betting on.
The post Watch out for these scams targeting Amazon customers appeared first on WeLiveSecurity
- Cybersecurity agencies reveal most exploited vulnerabilities in the past two years
There are 30 vulnerabilities listed in total; organizations would do well to patch their systems if they haven’t done so yet
The post Cybersecurity agencies reveal most exploited vulnerabilities in the past two years appeared first on WeLiveSecurity
- Tackling the insider threat to the new hybrid workplace
Now that organizations are set to evolve a hybrid blend of home and office-based work for most employees, it is more important then ever to address the risks that insider threat can pose
The post Tackling the insider threat to the new hybrid workplace appeared first on WeLiveSecurity
- Most Twitter users haven’t enabled 2FA yet, report reveals
Twitter’s transparency report revealed that users aren’t quick to adopt 2FA and once they do enable it, they choose the least secure option
The post Most Twitter users haven’t enabled 2FA yet, report reveals appeared first on WeLiveSecurity
- Booking your next holiday? Beware these Airbnb scams
With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation.
The post Booking your next holiday? Beware these Airbnb scams appeared first on WeLiveSecurity
- Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS
The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products.
The post Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS appeared first on WeLiveSecurity
- Week in security with Tony Anscombe
URL shortener services distributing Android malware – Week in security with Tony Anscombe
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
