Security News > 2021

Attackers use the Telegram handle "Smokes Night" to spread the malicious Echelon infostealer, which steals credentials for cryptocurrency and other user accounts, researchers said. Attackers are targeting crypto-wallets of Telegram users with the Echelon infostealer, in an effort aimed at defrauding new or unsuspecting users of a cryptocurrency discussion channel on the messaging platform, researchers have found.

Popular wrestling t-shirt site Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers. Pro Wrestling Tees is a website allowing professional wrestlers to set up their own mini-stores to sell merchandise like shirts, posters, action figures, and more to their fans.

Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker. If you're seriously concerned about security and would rather not save your password database on a third-party server, you might want to consider deploying your own Bitwarden server.

VK is finally introducing two-factor authentication on all its services and plans to make it mandatory in February 2022 for administrators of large communities. Starting in February, all communities that count over 10,000 subscribers must be managed by a 2FA secured admin account to prevent large-scale phishing incidents.

Global buzz around the release of Spider-Man: No Way Home is making tons of online noise - an ideal environment for cybercriminals to spread a Monero cryptominer disguised as a download of the newly released film. A torrent download of Spider-Man: No Way Home is circulating, infected with a persistent Monero cryptominer, according to a new alert from ReasonLabs.

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. The truth is we have no idea how severely attackers have taken advantage of the vulnerabilities in Log4j.

A Bluetooth phone designed to evoke the carefree days of early childhood has been found to instead threaten the very adult prospect of being surveilled in your home. The phone is the Fisher Price Chatter Special Edition, a device that adds Bluetooth and a speaker to the smiling, brightly coloured, wheeled, rotary dial phone on which it's previously been possible to make calls only by using one's imagination.

China's internet regulator, the Ministry of Industry and Information Technology, has suspended a partnership with Alibaba Cloud, the cloud computing subsidiary of e-commerce giant Alibaba Group, for six months for failing to promptly report a critical security vulnerability affecting the broadly used Log4j logging library. The development was reported by Reuters and South China Morning Post, citing a report from 21st Century Business Herald, a Chinese business-news daily newspaper.

China's Ministry of Industry and Information Technology has suspended Alibaba Cloud's membership of an influential security board to protest its handling of the Log4j flaw. The move appears odd as The Apache Software Foundation credited Alibaba Cloud's Chen Zhaojunfor identifying and reporting the Log4J flaw in the first place.

As ransomware attacks increase, more companies are paying the ransom to retrieve precious data. At the micro level, companies are not prepared for an attack and will likely conduct a cost-benefit analysis to decide whether they will pay.