Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring
Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's kn
25-07-2021 08:27

Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring
Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's kn
24-07-2021 23:07

How DuckDuckGo makes money selling search, not privacy
Commentary: DuckDuckGo is small by Google's standards, but the company is proving it's very possible to make a lot of money with just a bit more privacy.
23-07-2021 17:56

Week in security with Tony Anscombe
URL shortener services distributing Android malware – Week in security with Tony Anscombe The post appeared first on
23-07-2021 16:52

Threat Actors Target Kubernetes Clusters via Argo Workflows
Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer.
23-07-2021 16:00

House Passes Several Critical Infrastructure Cybersecurity Bills
The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.
23-07-2021 15:03

TikTok fined €750,000 for Violating Children's Privacy
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens – AP) announced Thursday that it has imposed a fine of €750,000 on TikTok “for violating the privacy of young children”. More specifically, TikTok failed to provide a privacy statement in t
23-07-2021 14:03

Dutch Police Arrest Alleged Member of 'Fraud Family' Cybercrime Gang
Authorities in the Netherlands have arrested a 24-year-old believed to be a developer of phishing frameworks for a cybercrime ring named “Fraud Family.”
23-07-2021 14:00

Cyber Risk Management Firm Safe Security Raises $33 Million
Cyber risk measurement and mitigation platform provider Safe Security this week announced that it has received a $33 million strategic investment led by BT Group. The funds, Safe Security says, will be used to double the size of its engineering team, as
23-07-2021 13:02

Industrial Cybersecurity Firm SynSaber Launches With $2.5M in Seed Funding
SynSaber, a new industrial cybersecurity company, announced its launch this week with $2.5 million in seed funding from SYN Ventures, Rally Ventures and Cyber Mentor Fund.
23-07-2021 11:51

Estonian Botnet Operator Pleads Guilty in U.S. Court
An Estonian national has pleaded guilty in a United States court to two counts of computer fraud and abuse over his role in creating and operating a proxy botnet.
23-07-2021 11:02

Protecting the hybrid workplace through Zero Trust security
The Zero Trust architecture offers an increasingly popular way to minimize cyber-risk in a world of hybrid cloud, flexible working and persistent threat actors. The post appeared first on
23-07-2021 09:30

Kaseya Obtains Universal Decryptor for Ransomware Attack Victims
IT management software maker Kaseya on Thursday said it obtained a universal decryptor that should allow victims of the to recover their files.
23-07-2021 08:49

Wake up! Identify API Vulnerabilities Proactively, From Production Back to Code
After more than 20 years in the making, now it's official: APIs are everywhere. In a 2021 survey, 73% of enterprises reported that they already publish more than 50 APIs, and this number is constantly growing. APIs have crucial roles to play in virtuall
23-07-2021 07:14

Dutch Police Arrest Two Hackers Tied to "Fraud Family" Cybercrime Ring
Law enforcement authorities in the Netherlands have arrested two alleged individuals belonging to a Dutch cybercriminal collective who were involved in developing, selling, and renting sophisticated phishing frameworks to other threat actors in what's kn
23-07-2021 05:58

Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as
23-07-2021 05:22

Kaseya Gets Universal Decryptor to Help REvil Ransomware Victims
Nearly three weeks after Florida-based software vendor Kaseya was hit by a widespread supply-chain ransomware attack, the company on Thursday said it obtained a universal decryptor to unlock systems and help customers recover their data. <!--adsense-
23-07-2021 04:00

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejs_net_server" and downloaded ove
22-07-2021 21:29

Kaseya obtains universal decryptor key for recent REvil ransomware attacks
A company spokesperson confirmed that the key works but won't reveal the source, saying only that it came from a trusted third party.
22-07-2021 20:42

Akamai Software Update Triggers Internet Outages
Websites were briefly knocked offline Thursday after a software update triggered a glitch at network specialty firm Akamai. Reports of internet outages from locations around the world spiked at website Downdetector, with US-based Akamai saying some we
22-07-2021 19:36

Bug Bounty and VDP Platform YesWeHack Raises $18.8 Million
European bug bounty and vulnerability disclosure policy platform YesWeHack this week announced the closing of a €16 million ($18.8 million) round of venture capital financing. 
22-07-2021 18:49

Scammers offer streaming services, giveaways and a fake cyber currency to cash in on the Olympic Games
Kaspersky's analysis found that cybercriminals are getting extra creative with the latest campaigns designed to harvest credentials.
22-07-2021 16:38

Popular Wi‑Fi routers still using default passwords making them susceptible to attacks
To mitigate the chances of their Wi-Fi home routers being compromised, users would do well to change the manufacturer’s default access credentials The post appeared first on
22-07-2021 16:00

Atlassian Patches Critical Vulnerability in Jira Data Center Products
Software development and collaboration solutions provider Atlassian on Wednesday informed customers that it has patched a critical code execution vulnerability affecting some of its Jira products.
22-07-2021 15:03

How cyberattacks exploit known security vulnerabilities
Knowing that many organizations fail to patch known flaws, attackers continually scan for security holes that they can exploit, says Barracuda.
22-07-2021 14:50

The ransomware risk management calculus is changing for OT, ICS and critical infrastructure
Paralysis is the worst possible state for businesses to find themselves in when faced with the threat, says Claroty's CPO.
22-07-2021 14:38

Systemd can't seem to catch a break: New vulnerability found
A dangerous vulnerability was found in the Linux systemd stack. Find out what it is and how to upgrade your Linux distributions.
22-07-2021 14:29

Google Cloud Unveils New SOC, IDS Solutions
Google Cloud this week announced new security offerings for its customers, including Autonomic Security Operations to improve security operations centers (SOCs) and Cloud Intrusion Detection System (IDS) for network-based threat detection.
22-07-2021 14:15

Windows "HiveNightmare" bug could expose system files to non-admin users
An attacker who exploits this flaw could use system privileges to install programs, view or delete data, and create accounts with full user rights.
22-07-2021 13:36

China-Linked APT31 Abuses Hacked Routers in Attacks, France Warns
The French National Agency for the Security of Information Systems (ANSSI) on Wednesday issued an alert to warn organizations that a threat group tracked as APT31 has been abusing compromised routers in its recent attacks.
22-07-2021 12:54

iOS Security Update Patches Recently Disclosed Wi-Fi Vulnerability
Tens of Vulnerabilities Patched by Apple in macOS and iOS Apple this week started rolling out security updates for iOS, macOS, iPadOS, watchOS, tvOS, and Safari, to address tens of vulnerabilities, including some that could result in arbitrary code exec
22-07-2021 12:18

CISA Details Malware Used in Attacks Targeting Pulse Secure Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday released analysis reports for 13 malware samples discovered on Pulse Secure devices that were compromised in recent attacks.
22-07-2021 11:52

Is Your SecOps Solution Keeping Up?
The goal of any SecOps system is to collect, correlate, and assess data gathered from every corner of the network to detect and investigate anomalous behavior and then respond promptly to thwart an attack before its damage is done. And when networks were
22-07-2021 11:30

Dell Patches Critical Vulnerabilities in OpenManage Enterprise
Patches released this week by Dell for its OpenManage Enterprise product address multiple critical-severity vulnerabilities. A systems management and monitoring application, Dell OpenManage Enterprise provides administrators with a comprehensive view of
22-07-2021 11:23

UK Man Arrested in Spain, Charged in US With Twitter Hack
A British man has been charged in the United States in connection with a that compromised the accounts of prominent politicians, celebrities and technology moguls, the Justice Department said Wednesday.
22-07-2021 11:01

APT Hackers Distributed Android Trojan via Syrian e-Government Portal
An advanced persistent threat (APT) actor has been tracked in a new campaign deploying Android malware via the Syrian e-Government Web Portal, indicating an upgraded arsenal designed to compromise victims. "To the best of our knowledge, this is the firs
22-07-2021 05:04

Reduce End-User Password Change Frustrations
Organizations today must give attention to their cybersecurity posture, including policies, procedures, and technical solutions for cybersecurity challenges.  This often results in a greater burden on the IT service desk staff as end-users encounter iss
22-07-2021 03:12

Biden to Meet Next Month With Private Sector on Cyber Issues
President Joe Biden and members of his national security team plan to meet next month with business executives about cybersecurity, an official said Wednesday.
22-07-2021 02:00

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729
22-07-2021 01:21

Another Hacker Arrested for 2020 Twitter Hack and Massive Bitcoin Scam
A U.K. citizen has been arrested in the Spanish town of Estepona over his alleged involvement in the July 2020 hack of Twitter, resulting in the compromise of 130 high-profile accounts. Joseph O'Connor, 22, has been charged with intentionally accessing
22-07-2021 01:04

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems
A popular malware known for stealing sensitive information from Windows machines has evolved into a new strain capable of also targeting Apple's macOS operating system. The upgraded malware, dubbed "XLoader," is a successor to another well-known Windows
21-07-2021 23:25

US and Global Allies Accuse China of Massive Microsoft Exchange Attack
The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic
21-07-2021 20:41

Turns Out That Low-Risk iOS Wi-Fi Naming Bug Can Hack iPhones Remotely
The Wi-Fi network name bug that was found to completely disable an iPhone's networking functionality had remote code execution capabilities and was silently fixed by Apple earlier this year, according to new research. The denial-of-service vulnerability
21-07-2021 20:40

Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability
Merely days after Microsoft sounded the alarm on an unpatched security vulnerability in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be
21-07-2021 20:40

Several New Critical Flaws Affect CODESYS Industrial Automation Software
Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud opera
21-07-2021 20:38

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejs_net_server" and downloaded ove
21-07-2021 20:37

New Windows and Linux Flaws Give Attackers Highest System Privileges
Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the opera
21-07-2021 20:36

How to activate Microsoft Defender Application Guard in Windows 10
Microsoft Defender Application Guard protects your networks and data from malicious applications running in your web browser, but you must install and activate it first.
21-07-2021 19:56

Google Cloud Introduces New Zero Trust Offerings for Government
Google Cloud this week announced a new set of services aimed at help federal, state, and local government organizations in the United States to implement Zero Trust architecture.
21-07-2021 19:55

Saudi Aramco Facing $50M Cyber Extortion Over Leaked Data
Saudi Arabia’s state oil giant acknowledged Wednesday that leaked data from the company — files now apparently being used in a cyber-extortion attempt involving a $50 million ransom demand — likely came from one of its contractors.
21-07-2021 19:43

Cybercriminals may target 2020 Tokyo Olympics, FBI warns
Cybercriminals may target the popular event with ransomware, phishing, or DDoS attacks in a bid to increase their notoriety or make money The post appeared first on
21-07-2021 18:27

Should we use AI in cybersecurity? Yes, but with caution and human help
Artificial intelligence is a powerful tool, and an expert says we had better ensure it stays just that—a useful tool.
21-07-2021 17:49

Ransomware Attack on UK Rail System - Spray and Pray or Targeted?
Northern Rail, one of the UK’s local railway systems covering the north of England, had its new self-service ticketing machines taken off-line following a ransomware attack last week.
21-07-2021 17:31

Microsoft Acquires Cloud Security Start-up CloudKnox
After years of mostly sitting on the sidelines, Microsoft is starting to be aggressive with cybersecurity acquisitions. The world’s largest software company said Wednesday it would acquire CloudKnox, a Silicon Valley startup that sells tools to help com
21-07-2021 17:01

DNSFilter Raises $30 Million in Series A Funding
Cybersecurity firm raises $30 Million to support growth of its AI-based DNS threat protection system
21-07-2021 15:53

The space wide web is ready to launch
There is even more to space innovation than the fledgling space tourism sector. Somewhat out of the public eye, there is a fast-growing space tech industry.
21-07-2021 15:15

Industrial Firms Warned of Risk Posed by Cloud-Based ICS Management Systems
Researchers at industrial cybersecurity firm Claroty have identified a series of vulnerabilities that have enabled them to demonstrate how malicious actors could abuse cloud-based management platforms when targeting industrial organizations.
21-07-2021 15:13

Cybersecurity risk: The number of employees going around IT security may surprise you
The findings detail a complex security balancing act between IT teams and users; especially in the age of remote work and virtual collaboration at scale.
21-07-2021 13:38

Oracle Releases July 2021 CPU With 342 Security Patches
Oracle on Tuesday announced the availability of a total of 342 new security patches as part of its July 2021 Critical Patch Update (CPU). More than half of the addressed vulnerabilities could be exploited remotely without authentication.
21-07-2021 13:33

Chrome 92 Brings Several Privacy, Security Improvements
Google on Tuesday announced the release of Chrome 92 in the stable channel, with 35 security patches and with various other security improvements, such as better site isolation and phishing protection.
21-07-2021 13:16

Macron Among 14 Heads of States on Potential Spyware List
French President Emmanuel Macron leads a list of 14 current or former heads of state who may have been targeted for hacking by clients of the notorious,
21-07-2021 12:17

Millions of Devices Affected by Vulnerability in HP, Samsung, Xerox Printer Drivers
A printer driver shipped to millions of computers since 2005 is affected by a vulnerability that can be exploited for privilege escalation, according to endpoint security company SentinelOne.
21-07-2021 11:45

Zero Trust, We Must
Daily headlines about cyber-attacks and data breaches (e.g., , , ,
21-07-2021 11:27

Cybersecurity lags behind as IoT devices proliferate, according to a new report
About one-quarter of respondents do not incorporate any of the listed measures to protect these devices and many feel as though consumers are not responsible for smart and IoT device security.
21-07-2021 11:00

Adobe Patches 21 Vulnerabilities Across Seven Products
Security updates released by Adobe on Tuesday for seven of its products patch a total of 21 vulnerabilities, including 15 flaws that have been assigned a critical severity rating.
21-07-2021 10:03

Moving OT to the cloud means accounting for a whole new host of security risks
ICS systems managed via cloud software are open to exploits that could be destructive enough to cause physical damage to industrial systems. Here's how to protect your operational technology network.
21-07-2021 10:00

Fortinet Patches Remote Code Execution Vulnerability in FortiManager, FortiAnalyzer
Fortinet on Monday announced the availability of patches for a vulnerability in both FortiManager and FortiAnalyzer that could allow an attacker to execute code with root privileges.
21-07-2021 08:47

Malicious NPM Package Caught Stealing Users' Saved Passwords From Browsers
A software package available from the official NPM repository has been revealed to be actually a front for a tool that's designed to steal saved passwords from the Chrome web browser. The package in question, named "nodejs_net_server" and downloaded ove
21-07-2021 08:14

Several New Critical Flaws Affect CODESYS Industrial Automation Software
Cybersecurity researchers on Wednesday disclosed multiple security vulnerabilities impacting CODESYS automation software and the WAGO programmable logic controller (PLC) platform that could be remotely exploited to take control of a company's cloud opera
21-07-2021 06:38

Google Enhances Protections in Cloud Armor Web Security Service
Google announced recently that it has expanded the capabilities of Cloud Armor, a service that provides distributed denial of service (DDoS) protections and a web application firewall (WAF) to keep customers safe from web attacks.
21-07-2021 04:07

XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems
Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system. The malware, dubbed "XLoader," is a successor to another well-known Windows-ba
21-07-2021 03:12

[eBook] A Guide to Stress-Free Cybersecurity for Lean IT Security Teams
Today’s cybersecurity landscape is enough to make any security team concerned. The rapid evolution and increased danger of attack tactics have put even the largest corporations and governments at heightened risk. If the most elite security teams can’t pr
21-07-2021 02:52

US and Global Allies Accuse China of Massive Microsoft Exchange Attack
The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic
21-07-2021 00:05

New Windows and Linux Flaws Give Attackers Highest System Privileges
Microsoft's Windows 10 and the upcoming Windows 11 versions have been found vulnerable to a new local privilege escalation vulnerability that permits users with low-level permissions access Windows system files, in turn, enabling them to unmask the opera
20-07-2021 23:50

Russian Hacker Levashov Sentenced to Time Already Served
A Russian hacker known internationally as the “bot master” was sentenced Tuesday to the 33 months he has already served in custody on federal charges he operated a network of devices used to steal computer credentials, distribute spam and install malicio
20-07-2021 21:01

New Cybersecurity Order Issued for US Pipeline Operators
The Department of Homeland Security on Tuesday announced new requirements for U.S. pipeline operators to bolster cybersecurity following a across the East Coast.
20-07-2021 19:51

Vaccine passports have to be consistent so that all countries can recognize them, expert says
This might create problems for those from poorer countries. Their countries may not have the resources to create vaccine passports that are readable everywhere.
20-07-2021 19:21

Security experts: Consistency and security are key in creating vaccine passports
Countries and states have to agree on a consistent platform for vaccine passports in order to make them work effectively.
20-07-2021 19:19

Top 5 things to know about supply chain attacks
Worried about supply chain attacks? Tom Merritt can help you understand your risk.
20-07-2021 18:19

Supply chain attacks: Top 5 things to know
Worried about supply chain attacks? Tom Merritt has answers for you.
20-07-2021 18:18

Rapid7 Acquires Threat Intelligence Firm Intsights for $335 Million
Boston- based cybersecurity firm Rapid7 announced on Tuesday that it has shelled out $335 million to acquire threat intelligence startup Intsights.
20-07-2021 15:55

Life in Lockdown: Offices Are Empty of People, Full of Risky IoT Devices
During lockdown, offices have been empty and quiet – but not dead. Networks have continued to run, and IoT devices have continued to operate unattended. Many of these devices have communicated in plain text leaving the networks vulnerable.
20-07-2021 15:10

U.S. Government Attributes ICS Attacks to Russia, China, Iran
Hacking Operation Sought to Help China Develop Cyberattack Capabilities for Damaging and Disrupting U.S. Pipelines
20-07-2021 15:00

Success of Ransomware Attacks Shows the State of Cybersecurity
Ransomware is incredibly popular because it works, and it is very profitable for the attackers 
20-07-2021 14:56

Vulnerability Exposes MicroLogix PLCs to Remote DoS Attacks
A high-severity vulnerability affecting Rockwell Automation’s MicroLogix 1100 programmable logic controllers (PLCs) can be exploited to cause a device to enter a persistent fault condition.
20-07-2021 13:38

Ransomware: International cooperation is needed to curb these cybersecurity threats, says expert
Ransomware knows no borders. An attorney with cybersecurity expertise suggests the only way to stop ransomware is for nations to create a global solution.
20-07-2021 13:29

China Says Washington Hack Claims 'Fabricated', Condemns US Allies
China on Tuesday said the US had "fabricated" allegations it carried out a massive Microsoft hack, countering that Washington was the "world champion" of cyber attacks while raging at American allies for signing up to a rare joint statement of condemnati
20-07-2021 12:58

Microsoft Adds Teams Mobile Applications to Bug Bounty Program
Microsoft on Monday announced that it has included the Teams mobile applications for Android and iOS within the scope of its bug bounty programs.
20-07-2021 12:32

Some URL shortener services distribute Android malware, including banking or SMS trojans
On iOS we have seen link shortener services pushing spam calendar files to victims’ devices. The post appeared first on
20-07-2021 12:00

Ransomware fallout is devastating and could often be avoided, study finds
Ransomware victims face tightened budgets, lost productivity and other problems. In most cases, new post-attack security measures could have prevented the ransomware attack if implemented beforehand.
20-07-2021 12:00

Companies are losing the war against phishing as attacks increase in number and sophistication
A new report finds that 74% of companies have been the victim of phishing in the last year. Staff shortages, a lack of security training and an increase in mobile device usage for work are factors.
20-07-2021 12:00

Cybersecurity M&A Roundup for July 9-19, 2021
A total of 11 cybersecurity-related acquisitions were announced between July 9 and July 19, 2021.
20-07-2021 11:38

UN Rights Chief Alarmed by Reported Use of Powerful Spyware
The United Nations’ human rights chief voiced alarm Monday over the reported use of military-grade malware from Israel-based to spy on journalists, human rights activists and political dissidents.
20-07-2021 11:01

Mitigating Threats to Encryption From Quantum and Bad Random
20-07-2021 10:47

Researchers: Apple Quietly Patched 0-Click Wi-Fi Code Execution Vulnerability in iOS
Apple in early 2021 quietly patched an iOS vulnerability that could lead to remote code execution when connecting to a Wi-Fi access point that had a specially crafted SSID.
20-07-2021 10:32

16-Year-Old Security Bug Affects Millions of HP, Samsung, Xerox Printers
Details have emerged about a high severity security vulnerability affecting a software driver used in HP, Xerox, and Samsung printers that has remained undetected since 2005. Tracked as CVE-2021-3438 (CVSS score: 8.8), the issue concerns a buffer overfl
20-07-2021 04:47

EXPLAINER: Target List of Israeli Hack-for-Hire Firm Widens
Human rights and press freedom activists are up in arms about a , the notorious Israeli hacker-for-hire company. The report, by a global media consortium, expands public knowledge of the target list used in NSO’s military-grade spyware.
20-07-2021 02:19

US and Global Allies Accuse China of Massive Microsoft Exchange Attack
The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic
20-07-2021 01:49

This New Malware Hides Itself Among Windows Defender Exclusions to Evade Detection
Cybersecurity researchers on Tuesday lifted the lid on a previously undocumented malware strain dubbed "MosaicLoader" that singles out individuals searching for cracked software as part of a global campaign. "The attackers behind MosaicLoader created a
20-07-2021 01:48

Microsoft Cracks Down on Malicious Homoglyph Domains
Microsoft on Monday announced that it secured a court order to take down numerous malicious homoglyph domains that a criminal group registered to impersonate legitimate sites of various businesses, predominantly located in North America.
19-07-2021 22:54

source : hackernews, securityweek, techrepublicsecurity, welivesecurity