Cybersecurity News


UC San Diego Health Breach Tied to Phishing Attack

UC San Diego Health Breach Tied to Phishing Attack Employee email takeover exposed personal, medical data of students, employees and patients.
29 July 2021

CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer

CISA’s Top 30 Bugs: One’s Old Enough to Buy Beer There are patches or remediations for all of them, but they're still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do?
29 July 2021

Leading cybersecurity agencies reveal list of most exploited vulnerabilities of the past 2 years

There are 30 vulnerabilities listed in total; organizations would do well to patch their systems if they haven’t done so yet

The post Leading cybersecurity agencies reveal list of most exploited vulnerabilities of the past 2 years appeared first on WeLiveSecurity

29 July 2021

Israeli Government Agencies Visit NSO Group Offices

Israeli Government Agencies Visit NSO Group Offices Authorities opened an investigation into the secretive Israeli security firm.
29 July 2021

The Life Cycle of a Breached Database

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. Here's a closer look at what typically transpires in the weeks or months before an organization notifies its users about a breached database. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another. One might even say passwords are the fossil fuels powering most IT modernization: They're ubiquitous because they are cheap and easy to use, but that means they also come with significant trade-offs -- such as polluting the Internet with weaponized data when they're leaked or stolen en masse.
29 July 2021

Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them

Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them Uptycs Threat Research outline how malicious Linux shell scripts are used to cloak attacks and how defenders can detect and mitigate against them.
29 July 2021

Tackling the insider threat to the new hybrid workplace

Now that organizations are set to evolve a hybrid blend of home and office-based work for most employees, it is more important then ever to address the risks that insider threat can - willingly or unwitingly - pose.

The post Tackling the insider threat to the new hybrid workplace appeared first on WeLiveSecurity

29 July 2021

Most Twitter users haven’t enabled 2FA yet, report reveals

Twitter’s transparency report revealed that users aren’t quick to adopt 2FA and once they do enable it, they choose the least secure option

The post Most Twitter users haven’t enabled 2FA yet, report reveals appeared first on WeLiveSecurity

28 July 2021

8 Security Tools to be Unveiled at Black Hat USA

8 Security Tools to be Unveiled at Black Hat USA Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
28 July 2021

BlackMatter & Haron: Evil Ransomware Newborns or Rebirths

BlackMatter & Haron: Evil Ransomware Newborns or Rebirths They’re either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling.
28 July 2021

Reboot of PunkSpider Tool at DEF CON Stirs Debate

Reboot of PunkSpider Tool at DEF CON Stirs Debate Researchers plan to introduce a revamp of PunkSpider, which helps identify flaws in websites so companies can make their back-end systems more secure, at DEF CON.
28 July 2021

Booking your next holiday? Watch out for these Airbnb scams

With vacations in full swing, cybercriminals will be looking to scam vacationers looking for that perfect accommodation.

The post Booking your next holiday? Watch out for these Airbnb scams appeared first on WeLiveSecurity

28 July 2021

Podcast: Why Securing Active Directory Is a Nightmare

Podcast: Why Securing Active Directory Is a Nightmare Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam.
28 July 2021

Enterprise data breach cost reached record high during COVID-19 pandemic

IBM research estimates that the average data breach now costs upward of $4 million.
28 July 2021

No More Ransom Saves Victims Nearly €1 Over 5 Years

No More Ransom Saves Victims Nearly €1 Over 5 Years No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich.
27 July 2021

Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS

The vulnerability is under active exploitation by unknown attackers and affects a wide range of Apple’s products.

The post Apple releases patch for zero‑day flaw in iOS, iPadOS and macOS appeared first on WeLiveSecurity

27 July 2021

Zimbra Server Bugs Could Lead to Email Plundering

Zimbra Server Bugs Could Lead to Email Plundering Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email.
27 July 2021

Back-to-Basics: Use Strong Passwords

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on using strong passwords.

27 July 2021

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP.
27 July 2021

Apple Patches Actively Exploited Zero-Day in iOS, MacOS

Apple Patches Actively Exploited Zero-Day in iOS, MacOS Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system.
27 July 2021