News

Attention Linux Users! A vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a targeted

Do you know Apple is sending iOS web browsing data of some of its users to Chinese Internet company Tencent? I am sure many of you are not aware of this, neither was I, and believe me, none of us could expect this from a tech company that promotes itself as a champion of consumer privacy. Late last week, it was widely revealed that starting from at least iOS 12.2, Apple silently integrated

Until now, I'm sure you all might have heard of the SimJacker vulnerability disclosed exactly a month ago that affects a wide range of SIM cards and can remotely be exploited to hack into any mobile phone just by sending a specially crafted binary SMS. If you are unaware, the name "SimJacker" has been given to a class of vulnerabilities that resides due to a lack of authentication and

A 39-year-old password of Ken Thompson, the co-creator of the UNIX operating system among, has finally been cracked that belongs to a BSD-based system, one of the original versions of UNIX, which was back then used by various computer science pioneers. In 2014, developer Leah Neukirchen spotted an interesting "/etc/passwd" file in a publicly available source tree of historian BSD version 3,

Watch out Windows users! The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's iTunes and iCloud software for Windows to evade antivirus detection. The vulnerable component in question is the Bonjour updater, a zero-configuration implementation of network

Today's CISOs operate in an overly intensive environment. As the ones who are tasked with the unenviable accountability for failed protection and successful breaches, they must relentlessly strive to improve their defense lines with workforce education, training their security teams and last but definitely not least — looking for products that will upgrade and adjust their security against

A 7-year-old critical remote code execution vulnerability has been discovered in iTerm2 macOS terminal emulator app—one of the most popular open source replacements for Mac's built-in terminal app. Tracked as CVE-2019-9535, the vulnerability in iTerm2 was discovered as part of an independent security audit funded by the Mozilla Open Source Support Program (MOSS) and conducted by cybersecurity

There has been no shortage of massive security breaches so far this year. Just last July, Capital One disclosed that it was hit by a breach that affected more than 100 million customers. Also recently, researchers came across an unsecured cloud server that contained the names, phone numbers, and financial information of virtually all citizens of Ecuador – around 20 million people. These are

After exposing private tweets, plaintext passwords, and personal information for hundreds of thousands of its users, here is a new security blunder social networking company Twitter admitted today. Twitter announced that the phone numbers and email addresses of some users provided for two-factor authentication (2FA) protection had been used for targeted advertising purposes—though the company

Microsoft today rolling out its October 2019 Patch Tuesday security updates to fix a total of 59 vulnerabilities in Windows operating systems and related software, 9 of which are rated as critical, 49 are important, and one is moderate in severity. What’s good about this month’s patch update is that after a very long time, none of the security vulnerabilities patched by the tech giant this

After releasing a patch for a critical zero-day remote code execution vulnerability late last month, vBulletin has recently published a new security patch update that addresses 3 more high-severity vulnerabilities in its forum software. If left unpatched, the reported security vulnerabilities, which affect vBulletin 5.5.4 and prior versions, could eventually allow remote attackers to take

I have really bad news for Adobe customers in Venezuela… California-based software company Adobe on Monday announced to soon ban accounts and cancel the subscriptions for all of its customers in Venezuela in order to comply with economic sanctions that the United States imposed on the Latin American country. The Trump administration issued an executive order on 5th August 2019, targeting

Almost every application contains security vulnerabilities, some of which you may find today, but others would remain invisible until someone else finds and exploits them—which is the harsh reality of cybersecurity and its current state. And when we say this, Signal Private Messenger—promoted as one of the most secure messengers in the world—isn't any exception. Google Project Zero

Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android. What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, to gain control of

A picture is worth a thousand words, but a GIF is worth a thousand pictures. Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight. But what if an innocent-looking GIF greeting with Good morning, Happy Birthday, or Merry Christmas message

Phishing is still one of the widely used strategies by cybercriminals and espionage groups to gain an initial foothold on the targeted systems. Though hacking someone with phishing attacks was easy a decade ago, the evolution of threat detection technologies and cyber awareness among people has slowed down the success of phishing and social engineering attacks over the years. Since phishing

Cases of document-based malware are steadily rising. 59 percent of all malicious files detected in the first quarter of 2019 were contained in documents. Due to how work is done in today's offices and workplaces, companies are among those commonly affected by file-based attacks. Since small to medium businesses (SMBs) usually lack the kind of security that protects their larger counterparts,

An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos. According to an press note released by the U.S. Justice Department, Reyes Daniel Ruiz, a 34-year-old resident of California and former Yahoo software engineer, admitted

Looking for ways to unlock and read the content of an encrypted PDF without knowing the password? Well, that's now possible, sort of—thanks to a novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file, but under some specific circumstances. Dubbed PDFex, the new set of techniques includes two classes of attacks

If you have an account with the Comodo discussion board and support forums, also known as ITarian Forum, you should change your password immediately. Cybersecurity company Comodo has become one of the major victims of a recently disclosed vBulletin 0-day vulnerability, exposing login account information of over nearly 245,000 users registered with the Comodo Forums websites. In a brief

The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites. To be noted, hackers haven't found any way to run ads for free; instead, the modus operandi of eGobbler attackers

The greatest threat facing most nations is no longer a standing army. It's a hacker with a computer who can launch a crippling cyber attack from thousands of miles away—potentially taking down everything from server farms to entire power grids with a few lines of code. So it should come as no surprise that virtually every major company in both the public and private sector—as well as national

A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Exim maintainers today released an urgent security update—Exim version 4.92.3—after publishing an early warning two days ago, giving system administrators an early

A Pakistani hacker who previously made headlines earlier this year for selling almost a billion user records stolen from nearly 45 popular online services has now claimed to have hacked the popular mobile social game company Zynga Inc. With a current market capitalization of over $5 billion, Zynga is one of the world's most successful social game developers with a collection of hit online

Remember the Simjacker vulnerability? Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers. If you can recall, the Simjacker vulnerability resides in a dynamic

Smartphones are taking the market by storm and so are the rising mobile malware attacks! As per reports by Quick Heal Security Labs, the last quarter clocked around 2,22000+ malware hits across our Android AV customers, all of which got blocked at the right time. This goes on to explain…

Quick Heal Security Labs reported 29 malicious apps found on Google Play Store, which have a collective download count of more than 10 Millions. Google was quick enough to remove these malicious apps from Play Store immediately. One of the Apps from this set, named “Multiapp multiple accounts simultaneously” has crossed 5 million…

The term “hacking” has become the talk of the town, with one new incidence of hacking being reported every single day. The internet is in for a spin as cases of hacking are getting reported on a global level, triggering the realization that anything and everything with a vulnerable spot…

Quick Heal Security Labs recently spotted multiple Fake Antivirus Apps on Google Play Store. What’s more alarming, is that one of these fake AV Apps has been downloaded 100000+ times already. These Apps appear to be genuine Anti-virus/virus-removal Apps with names like Virus Cleaner, Antivirus security, etc., but do not…

A good teacher is not just someone who is good with academics. They are more of a role model and mentor, who can share the right knowledge with their students, to help them choose and perceive between the good and bad of the society they live in. Given the increasing…

Trend of PowerShell based malware is increasing. General trend observed shows that malware authors use new techniques for infection and propagation of malwares along with open source tools. PowerShell gets executed with high privileges and that’s why it easily performs its activity and propagates through network. Quick Heal Security Lab…

The rapid shift of brands towards online platforms and ecommerce portals, has opened the gates for cyber threats like Phishing, Cybersquatting and Typosquatting. In fact, every entity with an online presence today, feels burdened by the fear of compromising their brand reputation, in the face of these ubiquitous cyber threats….

In the latest of its kind phishing attacks, phishers have been found to use custom 404 Not Found error pages to run phishing campaign. This unusual phishing campaign is basically aimed at tricking unsuspecting victims into sharing their Microsoft login credentials. A 404 Not Found page is typically an indication…

Quick Heal Security Lab spotted 27 malicious apps of dropper category on official “Google Play Store”. These apps have been removed from Play Store after Quick Heal Security Lab reported it to Google last week. These apps continuously show installation prompt for fake “Google Play Store”. If any user falls…

Scammers are literally on their toes all year round, but for all the wrong reasons, devising ways and means to trick innocent people. In their latest attempt at fraud, cyber criminals are using fake SMS pretending to be from Income Tax Department to trick innocent victims into sharing bank account…

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

Australia! Geez it's nice to sit amongst the gum trees and listen to the birds, even if it's right in the middle of some fairly miserable weather. I'll continue to be here for the foreseeable future too, at least in one state or another. But being back here hasn't stopped

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

Well, this will be the last weekly update done overseas for some time as I count down the return to beaches, sunshine and fantastic coffee (yes, I'm confident saying that even whilst in Italy!) It's been a non-stop trip with an attempt of a bit of downtime at the end

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

It's been a bit of intense country-hopping since the last update so this one is a consolidated "this week in tweets" version. I actually found it kind of interesting going back through the noteworthy incidents of the week in lieu of having original content of my own, see what you

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

Hungary! And that's about as much intro as I'm going to do on that because this is going out super later and I'm writing this at the end of a very long day. Only other thing I'll mention is the audio - the Instamic failed to record again so it's

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

Allow me to be controversial for a moment: arbitrary password restrictions on banks such as short max lengths and disallowed characters don't matter. Also, allow me to argue with myself for a moment: banks shouldn't have these restrictions in place anyway.

I want to put forward cases for both arguments

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

Turns out it's actually a sunny day in Oslo today, although it's the last one I'll see here for quite some time before heading off to Denmark then other European things for the remainder of this trip. I'm talking a little about those events (all listed on my events page

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

From the emerging spring to the impending autumn, I'm back in Oslo at the beginning of another series of European events that'll take me across Norway, Denmark, Hungary and Switzerland. This week's update comes from under the glow of a warm outdoor heater at ridiculous o'clock as my sleep cycle

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

How's that for a setting in this week's video? 🌴 First day of spring here which aligned with a father's day on the water:

May all your father’s days be full of fun and laughter 😎 pic.twitter.com/pN1dQ38cDr

— Troy Hunt (@troyhunt) September 1, 2019

Back on business as

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

Australia! Sunshine, good coffee and back in the water on the tail end of "winter". I'm pretty late doing this week's video as the time has disappeared rather quickly and I'm making the most of it before the next round of events. Be that as it may, there's a bunch

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

I made it out of Vegas! That was a rather intense 8 days and if I'm honest, returning to the relative tranquillity of Oslo has been lovely (not to mention the massive uptick in coffee quality). But just as the US to Europe jet lag passes, it's time to head

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

Almost one year ago now, I declared extended validation certificates dead. The entity name had just been removed from Safari on iOS, it was about to be removed from Safari on Mojave and there were indications that Chrome would remove it from the desktop in the future (they already weren't

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

Well that's Vegas done. 8 days of absolutely non-stop events that's now pretty much robbed me of my voice but hey, I got a flying cow! Scott and I both spent BSides, Black Hat and DEF CON doing "hallway con" or in other words, wandering around just meeting people. The

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

Vegas! I'm a bit late with this week's update but I thought I'd catch up with Scott Helme and do the video together. We're talking about the events in Vegas, the ongoing Project Svalbard process, some very screwy messaging about certificates from Sectigo and the Irish government coming on board

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

Over the last year and a bit I've been working to make more data in HIBP freely available to governments around the world that want to monitor their own exposure in data breaches. Like the rest of us, governments regularly rely on services that fall victim to attacks resulting in

Presently sponsored by: Varonis. Free Video Course: 7 Hidden Office 365 Security Settings You Can Only Unlock with PowerShell

What. A. Week.

I've been in San Fran meeting with a whole bunch of potential purchasers for HIBP and it's been... intense. Daunting. Exciting. It's actually an amazing feeling to see my "little" project come to this where I'm sitting in a room with some of the most awesome tech

New ESET white paper released describing updates to the malware arsenal and campaigns of this group known for its supply-chain attacks

The post Connecting the dots: Exposing the arsenal and methods of the Winnti Group appeared first on WeLiveSecurity

This week, ESET researchers published an analysis of a previously unknown cyber-espionage platform and described a system enabling them to explore the UEFI landscape in an efficient way

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

What are the scenarios that may prove to be challenging to manage in the 5G world?

The post EU warns of cyber‑risks as 5G looms appeared first on WeLiveSecurity

ESET researchers discover a previously unreported cyberespionage platform used in targeted attacks against diplomatic missions and governmental institutions, and privacy-concerned users

The post ESET discovers Attor, a spy platform with curious GSM fingerprinting appeared first on WeLiveSecurity

An ESET survey of thousands of people in North America provides a peek into how they perceive the privacy and security of their smart home connected devices

The post How concerned are you about the privacy challenges of your IoT devices? appeared first on WeLiveSecurity

We sat down with internet pioneer and Farsight Security CEO Dr. Paul Vixie, who co-invented some of the services that are central to the 'Net's fabric, to discuss a range of issues affecting security and privacy

The post Internet pioneer Dr. Paul Vixie on global internet security appeared first on WeLiveSecurity

An ESET survey polled 4,000 people to get a sense of their attitudes towards the privacy and security implications of smart home technology

The post Inside consumer perceptions of security and privacy in the connected home appeared first on WeLiveSecurity

ESET experts describe how they trained a machine-learning model to recognize a handful of unwanted UEFI components within a flood of millions of harmless samples

The post Needles in a haystack: Picking unwanted UEFI components out of millions of samples appeared first on WeLiveSecurity

ESET researchers publish an in-depth analysis of the Casbaneiro banking trojan that targets banks and cryptocurrency services in Brazil and Mexico

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The incidents send medical staff back to the days of pen and paper

The post Hospitals in US, Australia hobbled by ransomware appeared first on WeLiveSecurity

Número dois in our series demystifying Latin American banking trojans

The post Casbaneiro: Dangerous cooking with a secret ingredient appeared first on WeLiveSecurity

Why you should ensure that all those apps on your smartphone only run with the permissions they reasonably need to do their job

The post Do apps need all the permissions? appeared first on WeLiveSecurity

October is upon us, reminding us to make choices every day that will scare cybersecurity threats away

The post Cyber Security Awareness Month starts today! appeared first on WeLiveSecurity

ESET researchers break down a revamped set of tools that the Sednit group has added to its Zebrocy malware family

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Almost 60% of second-hand hard drives hold leftover data from previous owners, a study shows

The post Are you sure you wiped your hard drive properly? appeared first on WeLiveSecurity

There is no word on which threat actor is abusing the severe vulnerability for attacks

The post Microsoft rushes out patch for Internet Explorer zero‑day appeared first on WeLiveSecurity

Many companies are ranking cybersecurity as a top 5 priority but their actions do not measure up to the claim, a survey finds

The post Do companies take cybersecurity seriously enough? appeared first on WeLiveSecurity

ESET researchers describe the latest components used in a recent Sednit campaign

The post No summer vacations for Zebrocy appeared first on WeLiveSecurity

A nationwide data leak is believed to affect almost all citizens of Ecuador, putting them at risk of identity theft

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The UK’s cybersecurity agency also outlines precautions that academia should take to mitigate risks

The post Universities warned to brace for cyberattacks appeared first on WeLiveSecurity

In almost all tested units, the researchers achieved their goal of obtaining remote root-level access

The post Remote access flaws found in popular routers, NAS devices appeared first on WeLiveSecurity

The humongous collection of extensive personal details about millions of people could be a gold mine for scam artists

The post Nearly all of Ecuador’s citizens caught up in data leak appeared first on WeLiveSecurity

ESET researchers found an undocumented backdoor used by the infamous Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East. With the launch of the Safer Kids online initiative, a guide to help parents protect their kids when they take selfie. The discovery of a serious vulnerability

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The bug, which has already been fixed by Facebook, allowed access to private user information that could be abused by malicious actors.

The post A vulnerability in Instagram exposes personal information of users appeared first on WeLiveSecurity

Are you – and especially your children – aware of the risks that may come with sharing selfies?

The post Selfies for kids – A guide for parents appeared first on WeLiveSecurity

ESET researchers discovered a backdoor linked to malware used by the Stealth Falcon group, an operator of targeted spyware attacks against journalists, activists and dissidents in the Middle East

The post ESET discovered an undocumented backdoor used by the infamous Stealth Falcon group appeared first on WeLiveSecurity

This week, we present an introduction to the MITRE ATT&CK framework, the review of the mobile threats and vulnerabilities detected for mobile during the first half of 2019, and Firefox 69 new features.

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Firefox new Enhanced Tracking Protection (ETP) feature launched to all users of the browser to offer better privacy and protection from cryptojacking.

The post Firefox 69: Third‑party tracking cookies and cryptomining now blocked by default appeared first on WeLiveSecurity

Malware detections for iOS increased, as did the number of vulnerabilities detected in this operating system, while in the case of Android, the number of reported vulnerabilities decreased, although the number of highly critical bugs reported increased.

The post Semi‑annual balance of mobile security 2019 appeared first on WeLiveSecurity

An introduction to the MITRE ATT&CK framework and how it can help organize and classify various types of threats and adversarial behaviors.

The post What is MITRE ATT&CK and how is it useful? appeared first on WeLiveSecurity

ESET research uncovers the first known instances of spyware that is based on the AhMyth Remote Access Tool and has snuck into Google Play

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

How schools and educators can address and help prevent abusive behavior on the internet

The post Cyberbullying: What schools and teachers can do appeared first on WeLiveSecurity

ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play – twice

The post First‑of‑its‑kind spyware sneaks into Google Play appeared first on WeLiveSecurity

As education is becoming an increasingly vital tool in companies’ security toolboxes, the question arises: How can they effectively implement security awareness training?

The post Education and privacy legislation at ChannelCon appeared first on WeLiveSecurity

The attack, which has victimized mostly smaller local governments, is thought to have been unleashed by a single threat actor

The post Ransomware wave hits 23 towns in Texas appeared first on WeLiveSecurity

This week, ESET researchers described an ongoing campaign that targets accountants in the Balkans and spreads both a backdoor and a remote access trojan

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Does true Artificial Intelligence even exist yet? Will it ever exist or will it end the world before we reach its full capacity?

The post AI: Artificial Ignorance appeared first on WeLiveSecurity

Unlike BlueKeep, however, these vulnerabilities affect more recent Windows versions, including Windows 10

The post Microsoft warns of new BlueKeep‑like flaws appeared first on WeLiveSecurity

ESET researchers discovered a campaign that uses two malicious tools with similar capabilities to ensure both resilience and broader potential for the attackers

The post In the Balkans, businesses are under fire from a double‑barreled weapon appeared first on WeLiveSecurity

After welcoming hacking research, automobile technology started to get better at defending against hacks. So why has the airline industry not been as welcoming?

The post Hacking my airplane – BlackHat edition appeared first on WeLiveSecurity

This week, ESET researchers described a cyberespionage campaign against government targets in Latin America and the ins and out of a spambot targeting French internet users

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The legal action, brought over alleged click injection fraud, is said to be among the first of its kind

The post Facebook hits two app developers with lawsuit appeared first on WeLiveSecurity

ESET researchers document malware-distributing spam campaigns targeting people in France

The post Varenyky: Spambot à la Française appeared first on WeLiveSecurity

Up to 30 percent of romance fraud victims in 2018 are estimated to have been used as money mules

The post FBI warns of romance scams using online daters as money mules appeared first on WeLiveSecurity

ESET research uncovers a cyberespionage operation targeting Venezuelan government institutions

The post Sharpening the Machete appeared first on WeLiveSecurity

This week, ESET researchers put the spotlight on two threats – new Android ransomware that spreads to victims’ contacts via SMS messages, and a banking trojan that targets Latin America

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

A primer on why internet-enabled TVs make for attractive and potentially soft targets, and how cybercriminals can ruin more than your TV viewing experience

The post Smart TVs: Yet another way for attackers to break into your home? appeared first on WeLiveSecurity

The first in an occasional series demystifying Latin American banking trojans

The post From Carnaval to Cinco de Mayo – The journey of Amavaldo appeared first on WeLiveSecurity

ESET researchers discover a new Android ransomware family that attempts to spread to victims’ contacts and deploys some unusual tricks

The post Android ransomware is back appeared first on WeLiveSecurity

The fraudulent campaign is hosted by a domain that is home to yet more bogus offers pretending to come from other well-known brands

The post Scam impersonates WhatsApp, offers ‘free internet’ appeared first on WeLiveSecurity