Security News > 2021 > September

A fake Walmart press release stating that the retail chain would begin accepting Litecoin caused the cryptocurrency to jump by almost 35% this morning. The fake Walmart press release [archive] was released this morning at 9:30 AM and included made-up quotes from Walmart's CEO Doug McMillon and Litecoin creator Charlie Lee about the partnership.

An open redirect on a UK council-backed property website allowed low-level miscreants to evade filters. The website operated by tech services biz Civica had an open redirect being actively abused by spammers, piggybacking off the website's domain authority so their messages weren't flagged up by scanning tools.

An unofficial Cobalt Strike Beacon Linux version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide. Cobalt Strike is also used by threat actors for post-exploitation tasks after deploying so-called beacons, which provide persistent remote access to compromised devices.

To protect businesses from such devastating threats, IT security teams need the right tools to monitor endpoints and identify threats before they can escalate. Your EDR software should be able to prioritize these alerts for your security team and make sure they respond to the most pressing issues first.

A successful ransomware attack can overwhelm an organization as we've seen many times, especially over the past several months. While most organizations acknowledge the threat and risk of such attacks, how many are truly ready to defend themselves against one? New information from Deloitte examines whether organizations are properly prepared against a ransomware attack and offers advice on how to combat such attacks.

Quickly following the president's mandate announcement, the price of a phony CDC vaccination card shot up from $100 to $200, Check Point Research said on Friday. In January, the phony vaccine card sales occurred mostly on the Dark Web, where you needed special software to access them, Ahmed said.

Olympus, a leading medical technology company, is investigating a "Potential cybersecurity incident" that impacted some of its EMEA IT systems last week. Olympus has more than 31,000 employees worldwide and over 100 years of history developing for the medical, life sciences, and industrial equipment industries.

Susan Landau wrote an essay on the privacy, efficacy, and equity of contract-tracing smartphone apps. Also see her excellent book on the topic.

The incoming head of the UK's data watchdog has "Gone on the record" to say he will be fair and impartial in his dealings with tech companies despite once describing Facebook as "Morally bankrupt pathological liars." Speaking on Thursday at a hearing of the Digital, Culture, Media and Sport Committee via video link from New Zealand, he was asked about his criticism of big tech companies.

A widely used NPM package called 'Pac-Resolver' for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent. A Proxy Auto-Configuration file is a JavaScript function that determines whether web browser requests should be routed directly to the destination or forwarded to a web proxy server for a given hostname.