Cybersecurity News


BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity

BAHAMUT Spies-for-Hire Linked to Extensive Nation-State Activity Researchers uncovered a sophisticated, incredibly well-resourced APT that has its fingers in wide-ranging espionage and disinformation campaigns.
07 October 2020

Working from a hotel? Beware the dangers of public Wi‑Fi

As more and more hotels are turning rooms into offices, the FBI is warning remote workers of cyber-threats lurking in the shadows

The post Working from a hotel? Beware the dangers of public Wi‑Fi appeared first on WeLiveSecurity

07 October 2020

Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables

Google’s Chrome 86: Critical Payments Bug, Password Checker Among Security Notables Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users.
07 October 2020

Promising Infusions of Cash, Fake Investor John Bernard Walked Away With $30M

September featured two stories on a phony tech investor named John Bernard, a pseudonym used by a convicted thief named John Clifton Davies who's fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments. Those stories prompted a flood of tips from Davies' victims that paint a much clearer picture of this serial con man and his cohorts, including allegations of hacking, smuggling, bank fraud and murder.
07 October 2020

PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict

PoetRAT Resurfaces in Attacks in Azerbaijan Amid Escalating Conflict Spear-phishing attacks targeting VIPs and others show key malware changes and are likely linked to the current conflict with Armenia.
07 October 2020

IRS COVID-19 Relief Payment Deadlines Anchor Convincing Phish

IRS COVID-19 Relief Payment Deadlines Anchor Convincing Phish The upcoming deadlines for applying for coronavirus relief are the lure for a phish that gets around email security gateways by using a legitimate SharePoint page for data-harvesting.
07 October 2020

Beware of ATM Cash-Outs


PCI SSC and ATMIA share guidance and information on protecting against ATM Cash-outs.

07 October 2020

Comcast TV Remote Hack Opens Homes to Snooping

Comcast TV Remote Hack Opens Homes to Snooping Researchers disclosed the 'WarezTheRemote' attack, affecting Comcast's XR11 voice remote control.
07 October 2020

UK Department For Education fails to meet UK, GDPR data protection standards - with flying colors

A compulsory audit has revealed severe security failings and data management problems.
07 October 2020

Hackers exploit Windows Error Reporting service in new fileless attack

The Kraken attack technique abuses WER to avoid detection.
07 October 2020

GitLab patches Elasticsearch private group data leak bug

Public group projects made private were still searchable via an API.
07 October 2020

ZeroFOX acquires Cyveillance threat intelligence business from LookingGlass

The deal focuses on improving threat intelligence features on the ZeroFOX platform.
07 October 2020

US gov’t warns against paying off ransomware attackers

Companies facilitating ransomware payments run the risk of facing stern penalties for violating US regulations

The post US gov’t warns against paying off ransomware attackers appeared first on WeLiveSecurity

06 October 2020

Grindr’s Bug Bounty Pledge Doesn’t Translate to Security

Grindr’s Bug Bounty Pledge Doesn’t Translate to Security At SAS@Home, Luta Security CEO Katie Moussouris stressed that bug bounty programs aren't a 'silver bullet' for security teams.
06 October 2020

New HEH botnet can wipe routers and IoT devices

The disk-wiping feature is present in the code but has not been used yet.
06 October 2020

Male Chastity Device Comes with Massive Security Flaws

Male Chastity Device Comes with Massive Security Flaws Smart sex toy vulnerable to hacks, researchers say -- which could expose users’ most sensitive bits (of data) to cybercriminals.
06 October 2020

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack The Magecart spinoff group targeted the wireless service provider in an odd choice of victim.
06 October 2020

Women in Payments: Q&A with Diana Greenhaw

 

Protecting data is everyone’s responsibility, according to Diana Greenhaw who followed a nontraditional path into the security space. In this month’s blog series, Greenhaw explains why you don’t have to be an information technology expert to work in cybersecurity.

06 October 2020

Chrome 86 released with password-related security improvements

The new Native File System API now also lets websites to interact with any file or folder stored on the user's local disk.
06 October 2020

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.
06 October 2020