Web Security Archives | CW Enterprises

Articles targeted at Web App Security, hacks, guides, how to’s and the latest vulnerabilities.

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

22nd October 2021Tara Seals

The infamous Carbanak operator is moving is looking to juice its ransomware game by recruiting IT staff to its fake Bastion Secure ‘pen-testing’ [...]

REvil Servers Shoved Offline by Governments – But They’ll Be Back, Researchers Say

22nd October 2021Lisa Vaas

A multi-country effort has given ransomware gang REvil a taste of its own medicine by pwning its backups and pushing its leak site [...]

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

21st October 2021Tara Seals

A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment. Source: Threat Post [...]

Gigabyte Allegedly Hit by AvosLocker Ransomware

21st October 2021Lisa Vaas

If AvosLocker stole Gigabyte’s master keys, threat actors could force hardware to download fake drivers or BIOS updates in a supply-chain attack a [...]

Why is Cybersecurity Failing Against Ransomware?

21st October 2021Nate Warfield

Hardly a week goes by without another major company falling victim to a ransomware attack. Nate Warfield, CTO at Prevailion, discusses the immense [...]

Google Crushes YouTube Cookie-Stealing Channel Hijackers

20th October 2021Lisa Vaas

Google has caught and brushed off a bunch of cookie-stealing YouTube channel hijackers who were running cryptocurrency scams on, or auctioning off, ripped-off [...]

VPN Exposes Data for 1M Users, Leading to Researcher Questioning

20th October 2021Becky Bracken

Experts warn that virtual private networks are increasingly vulnerable to leaks and attack. Source: Threat Post – Web Security – VPN Exposes [...]

Geriatric Microsoft Bug Exploited by APT Using Commodity RATs

20th October 2021Elizabeth Montalbano

Disguised as an IT firm, the APT is hitting targets in Afghanistan & India, exploiting a 20-year-old+ Microsoft Office bug that’s as potent [...]

Squirrel Bug Lets Attackers Execute Code in Games, Cloud Services

19th October 2021Lisa Vaas

The out-of-bounds read vulnerability enables an attacker to escape a Squirrel VM in games with millions of monthly players – such as Counter-Strike: [...]

Fresh APT Harvester Reaps Telco, Government Data

19th October 2021Tara Seals

The group is likely nation-state-backed and is mounting an ongoing spy campaign using custom malware and stealthy tactics. Source: Threat Post – [...]