All posts in Web Security
Allegedly perv college coach charged with cyberstalking and extorting nudes from his female athletes. A former track-and-field coach who worked at several universities has been arrested and is facing up to five years in prison for attempting to solicit nude photos of his athletes through sham social-media accounts and cyberstalking. . . . Read more

The database was subsequently leaked elsewhere, imperiling consumers from the U.S. and around the world. The Swarmshop cyber-underground “card shop” has been hit by hackers, who lifted the site’s database of stolen payment-card data and leaked it online. That’s according to researchers at Group-IB, who said that the database was . . . Read more

Justin Jett, director of audit and compliance for Plixer, discusses the transformation of network-traffic analytics and what it means for cybersecurity now. Last year, Gartner published a market guide on network detection and response (NDR). Formerly known as network-traffic analytics, which I’ve spoken about in the past at length, NDR has . . . Read more
Like the Facebook incident earlier this week, the information — including user profile IDs, email addresses and other PII — was scraped from the social-media platform. Personal data from more than 500 million LinkedIn users has been posted for sale online in yet another incident of threat actors scraping data . . . Read more

Cybercriminals are encouraging users to send the “offers” via WhatsApp to their friends as well. Malicious Android apps disguised as TikTok and offers for free Lenovo laptops are being used in ad-stuffing attacks underway against devices on the Jio telecom network in India, security researchers warn. Researchers from Zscaler report . . . Read more
A widespread email campaign using malicious Microsoft Excel attachments and Excel 4 macros is delivering IcedID at high volumes, suggesting it’s filling the Emotet void. The banking trojan known as IcedID appears to be taking the place of the recently disrupted Emotet trojan, according to researchers. IcedID (a.k.a. BokBot), bears . . . Read more

One Discord network search turned up 20,000 virus results, researchers found. Workflow and collaboration tools like Slack and Discord have been infiltrated by threat actors, who are abusing their legitimate functions to evade security and deliver info-stealers, remote-access trojans (RATs) and other malware. The pandemic-induced shift to remote work . . . Read more

Saryu Nayyar, CEO at Gurucul, discusses the new Cold War and the potential for a cyberattack to prompt military action. The Cold War concept isn’t outdated. In the decades since the fall of the Soviet Union, the battleground has simply shifted from conflicts between ideological proxy governments to cyberspace. And . . . Read more

Cyberattackers are actively exploiting known security vulnerabilities in widely deployed, mission-critical SAP applications, allowing for full takeover and the ability to infest an organization further. Active cyberattacks on known vulnerabilities in SAP systems could lead to full control of unsecured SAP applications, researchers are warning. Adversaries are carrying out a . . . Read more

An estimated 32 million, of the half-billion of Facebook account details posted online, were tied to US-based accounts. More than 533 million Facebook users had their personal information posted to a public hacker forum, a move that is raising concerns about an uptick in cybercrime leveraging the credentials. The publicly . . . Read more