Security News > 2021 > October

During the early days of the pandemic, while the rest of the world was stress streaming and working on sourdough starter, an ambitious teen stuck in his bedroom decided to set up a fake "Love2Shop" gift card site to harvest people's payment information, invest the stolen money in cryptocurrency and become a millionaire. His age certainly didn't prohibit the scammer from being allowed to purchase Google ads to help lure people to his phishing scam site, according to prosecutors, ultimately ranking the scam phishing site over the legitimate one.

As you may or may not know given the frequency of data breaches during the pandemic era, but October is cybersecurity awareness month.While many organisations have advocated for smarter cybersecurity practices to be observed in our personal and professional lives, Amazon Web Services (AWS) is offering something on top of this – freely accessible cybersecurity awareness training.

Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. Adobe has dropped a mammoth out-of-band security update this week, addressing 92 vulnerabilities across 14 products.

A set of seemingly innocuous Android apps have been infecting Israeli users with spyware since 2018, and the campaign continues to this day. The spyware-laden apps were discovered by researchers at Qihoo 360 who found various apps disguised as social applications, Threema, Al-Aqsa Radio, Al-Aqsa Mosque, Jerusalem Guide, PDF viewer, Wire, and other applications.

Avast has just released a decryption tool that will help AtomSilo and LockFile ransomware victims recover some of their files for free without having to pay a ransom. Avast released another decryption tool earlier today to help Babuk ransomware victims recover their files for free.

The very affordable Ethical Hacker Master Class Bundle allows you to do so at your own pace, even if you are working full-time. Not only is Python perfectly suited for ethical hacking tasks, but it is almost ridiculously easy to learn.

Twitter rolled out security keys to its entire workforce and made two-factor authentication mandatory for accessing internal systems following last year's hack. The company migrated all of its employees from legacy 2FA using SMS or authenticator apps to security keys in less than three months, according to Twitter's Senior IT Product Manager Nick Fohs and Senior Security Engineer Nupur Gholap.

War-driving - the process of driving around mapping residential Wi-Fi networks in hopes of finding a vulnerability to exploit - can still pay off for attackers, apparently: A CyberArk researcher recently found he could easily slice open about 70 percent of Wi-Fi network passwords in one Tel Aviv community - all at once. After gathering what he felt was a decent sample size of 5,000 SSIDs and password hashes, it was then time to get crackin' - literally.

The Security Service of Ukraine has arrested a team of actors who illegally infiltrated the information system of the National Health Service of Ukraine and entered false vaccination entries for other people. The actors found clients in the Sumy region through a team of doctors who participated in the scheme and offered to create false COVID-19 vaccination certificates for anyone who paid them 3,000 hryvnias.

Apple lovers who haven't yet updated to iOS 15, you may want to pop into Settings to freshen up your iPhone now: Apple has released several critical security updates that might light a fire under your britches. On Monday and Tuesday, Apple released iOS 14.8.1, iPadOS 14.8.1, watchOS 8.1 and tvOS 15.1, patching 24 CVEs in total.