Cybersecurity News | CyberSecured 24x7

14 Dec

Six Charged in Mass Takedown of DDoS-for-Hire Sites

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services. The booter service OrphicSecurityTeam[.]com was one of the 48 DDoS-for-hire domains seized by the…

14 Dec

Go-based Botnet GoTrim Targeting WordPress Sites

Attacks, Malware

GoTrim employs several anti-bot checks to avoid some of the less complex botnet mitigations. It uses a Mozilla Firefox user-agent with the same gzip, deflate, and Brotil content encoding algorithms. The malware also attempts to detect CAPTCHA security plugins and has the capability of solving the challenges for some of them. If it cannot bypass a security plugin, the botnet is globally updated with a “skip” for that domain. Interestingly, any website containing “1gb.ru” in…

14 Dec

Apple Security Update Fixes New iOS Zero-Day

Attacks, Malware

Even though this zero-day flaw was likely used in highly-targeted attacks, it is still suggested to install the security updates as soon as possible. https://www.bleepingcomputer.com/news/apple/apple-security-update-fixes-new-ios-zero-day-used-to-hack-iphones/

14 Dec

Open-Source Repositories Flooded by +144,000 Phishing Packages

Attacks, Malware

This campaign highlights two problems for the cybersecurity space – the increase in the frequency and sophistication of phishing as well as the increase in automated attacks. As time has gone on, the sophistication of phishing campaigns has increased significantly, with the interactive chat dialogue being an example from this campaign. This sophistication has allowed phishing campaigns to be much more successful, and in turn has led to an increase in the frequency of phishing…

14 Dec

Microsoft Patch Tuesday, December 2022 Edition

Information, Insights

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday. The security updates include…

14 Dec

Cybersecurity Trends 2023: Securing our hybrid lives

Information

ESET experts offer their reflections on what the continued blurring of boundaries between different spheres of life means for our human and social experience – and especially our cybersecurity and privacy The future isn’t what it used to be. This adage, if a little trite, has taken on a whole new meaning after our lives turned on a dime with the outbreak of the COVID-19 pandemic. And as the world was bouncing back from the…

14 Dec

Top tips for security‑ and privacy‑enhancing holiday gifts

Information

Think outside the (gift) box. Here are a few ideas for security and privacy gifts to get for your relatives – or even for yourself. Some don’t cost a penny! Thanks to a decade or more of big-name data breaches, global privacy scandals and consumer rights legislation like the GDPR, we’re all more aware of cybersecurity and privacy issues today. And now that many of us are working more from home and our personal and…

14 Dec

COVID-bit: the wireless spyware trick with an unfortunate name

Information

by Paul Ducklin If you’re a regular Naked Security reader, you can probably guess where on the planet we’re headed in this virtual journey…. …we’re off once more to the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev in Israel. Researchers in the department’s Cyber-Security Research Center regularly investigate security issues related to so-called airgapped networks. As the name suggests, an airgapped network is deliberately disconnected not only from the…

14 Dec

Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware

Information

by Paul Ducklin Another month, another Microsoft Patch Tuesday, another 48 patches, another two zero-days… …and an astonishing tale about a bunch of rogue actors who tricked Microsoft itself into giving their malicious code an official digital seal of approval. For a threat researcher’s view of the Patch Tuesday fixes for December 2002, please consult the Sophos X-Ops writeup on our sister site Sophos News: For a deep dive into the saga of the signed…

14 Dec

Apple patches everything, finally reveals mystery of iOS 16.1.2

Information

by Paul Ducklin Apple has just published a wide range of security fixes for all its supported platforms, from the smallest watch to the biggest laptop. In other words, if you’ve got an Apple product, and it’s still officially supported, we urge you to do an update check now. Remember that even if you’ve set your iDevices to update entirely automatically, doing a manual check is still well worth it, because: It ensures that you…

CyberSecurity Updates

Six Charged in Mass Takedown of DDoS-for-Hire Sites

Go-based Botnet GoTrim Targeting WordPress Sites

Apple Security Update Fixes New iOS Zero-Day

Open-Source Repositories Flooded by +144,000 Phishing Packages

Microsoft Patch Tuesday, December 2022 Edition

Cybersecurity Trends 2023: Securing our hybrid lives

Top tips for security‑ and privacy‑enhancing holiday gifts

COVID-bit: the wireless spyware trick with an unfortunate name

Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware

Apple patches everything, finally reveals mystery of iOS 16.1.2

Search

The 6 Stages of a Vulnerability Management Process

Get Cybersecurity Alerts

Read More

Categories

Site Navigation

Resources