Cybersecurity News


A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets

A Look Ahead at 2021: SolarWinds Fallout and Shifting CISO Budgets Threatpost editors discuss the SolarWinds hack, healthcare ransomware attacks and other threats that will plague enterprises in 2021.
08 January 2021

Ryuk Rakes in $150M in Ransom Payments

Ryuk Rakes in $150M in Ransom Payments An examination of the malware gang's payments reveals insights into its economic operations.
08 January 2021

State Department creates bureau to reduce 'likelihood of cyber conflict'

The new Bureau of Cyberspace Security and Emerging Technologies (CSET) will manage cybersecurity issues as part of the US' foreign policy and diplomatic efforts.
08 January 2021

Malware Developers Refresh Their Attack Tools

Cisco analyzes the latest version of the LokiBot malware for stealing credentials, finding that its developers have added more misdirection and anti-analysis features.
08 January 2021

Cartoon: Shakin' It Up at the Office

Cartoon: Shakin' It Up at the Office And the winner of our December cartoon caption contest is ...
08 January 2021

SolarWinds Hires Chris Krebs and Alex Stamos for Breach Recovery

The former US cybersecurity official and former Facebook security chief will help SolarWinds respond to its recent attack and improve security.
08 January 2021

SolarWinds Hires Chris Krebs, Alex Stamos in Wake of Hack

SolarWinds Hires Chris Krebs, Alex Stamos in Wake of Hack Former CISA director Chris Krebs and former Facebook security exec Alex Stamos have teamed up to create a new consulting group - and have been hired by SolarWinds.
08 January 2021

Week in security with Tony Anscombe

Watch out for a new PayPal smishing campaign – Employee login credentials up for sale – WhatsApp to share more data with Facebook

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

08 January 2021

Chrome, Firefox updates fix severe security bugs

Successful exploitation of some of these flaws could allow attackers to take control of vulnerable systems

The post Chrome, Firefox updates fix severe security bugs appeared first on WeLiveSecurity

08 January 2021

A crypto-mining botnet is now stealing Docker and AWS credentials

After if began stealing AWS credentials last summer, the TeamTNT botnet is now also stealing Docker API logins, making the use of firewalls mandatory for all internet-exposed Docker interfaces.
08 January 2021

Top 5 'Need to Know' Coding Defects for DevSecOps

Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.
08 January 2021

FBI Warns of Egregor Attacks on Businesses Worldwide

FBI Warns of Egregor Attacks on Businesses Worldwide The agency said the malware has already compromised more than 150 organizations and provided insight into its ransomware-as-a-service behavior.
08 January 2021

Nvidia releases security update for high-severity graphics driver vulnerabilities

Exploits include data tampering, denial of service, and privilege escalation.
08 January 2021

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
08 January 2021

New side-channel attack can recover encryption keys from Google Titan security keys

Attack requires physical access to the devices but Titan and other keys can be cloned if attacks are successful.
07 January 2021

Sealed U.S. Court Records Exposed in SolarWinds Breach

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.
07 January 2021

Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020

Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.
07 January 2021

FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack

CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.
07 January 2021

Biden to Appoint Cybersecurity Advisor to NSC – Report

Biden to Appoint Cybersecurity Advisor to NSC – Report Anne Neuberger will join the National Security Council, according to sources.
07 January 2021

State Dept. to Create New Cybersecurity & Technology Agency

Bureau of Cyberspace Security and Emerging Technologies (CSET) will serve as diplomatic arm for US cybersecurity interests.
07 January 2021