Cybersecurity News
Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws
Two flaws - one of them yet to be fixed - are afflicting a third-party plugin used by Magento e-commerce websites.
01 September 2020
Apple Signs Shlayer, Legitimizes Malware
Shlayer, a common macOS Trojan, received Apple's notary certification and place in the App Store -- twice.01 September 2020
Facebook and Twitter suspend Russian propaganda accounts following FBI tip
The banned accounts belonged to PeaceData, a news website publishing misleading articles about world politics.01 September 2020
New APT Pioneer Kitten Linked to Iranian Government
The group's targets have primarily been North American and Israeli entities, with a focus on technology, government, defense, and healthcare.01 September 2020
ISO 27701 Paves the Way for a Strategic Approach to Privacy
As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.01 September 2020
Norwegian Parliament discloses cyber-attack on internal email system
Norway's Parliament, Stortinget, says hackers gained access and downloaded content for "a small number of parliamentary representatives and employees."01 September 2020
U.S. Voter Databases Offered for Free on Dark Web, Report
Some underground forum users said they're monetizing the information through the State Department's anti-influence-campaign effort.
01 September 2020
Magecart Credit-Card Skimmer Adds Telegram as C2 Channel
In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals.
01 September 2020
FBI: Ring Smart Doorbells Could Sabotage Cops
While privacy advocates have warned against Ring's partnerships with police, newly unearthed documents reveal FBI concerns about 'new challenges' smart doorbell footage could create for cops.
01 September 2020
Why Are There Still So Many Windows 7 Devices?
As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.01 September 2020
Pioneer Kitten APT Sells Corporate Network Access
The Iran-based APT has infiltrated multiple VPNs using open-source tools and known exploits.
01 September 2020
FBI warned of how Ring doorbell surveillance can be used against police officers
Smart doorbells can provide the police with valuable intelligence -- but the network can also be turned against them.01 September 2020
AI on the Email Offense
Mass domain purchasing enables email attackers to slip by traditional defenses. Here's how artificial intelligence can stop them.
01 September 2020
Tor launches membership program to secure finance, boost integration
Members include Avast, DuckDuckGo, and Insurgo.01 September 2020
Iranian hackers are selling access to compromised companies on an underground forum
The Iranian hacker group who's been attacking corporate VPNs for months is now trying to monetize some of the hacked systems by selling access to some networks to other hackers.31 August 2020
Average BEC attempts are now $80k, but one group is aiming for $1.27m per attack
A Russian cyber-crime group named Cosmic Lynx has been focused on tricking companies into sending over huge wire transfers.31 August 2020
Testing & Automation Pay Off for NSA's DevSecOps Project
Communication with stakeholders, extensive testing, and robust automation pays dividends for military intelligence agency, one of several presenters at GitLab's virtual Commit conference.31 August 2020
Slack Patches Critical Desktop Vulnerability
The remote code execution flaw could allow a successful attacker to fully control the Slack desktop app on a target machine.31 August 2020
Malicious Android Apps Slip Through Google Play Protection
Multiple Android apps were found spying on users and recruiting victims' devices into ad-fraud botnets.31 August 2020