Cybersecurity News


Web Application Attacks Grow Reliant on Automated Tools

Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.
04 February 2021

Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months

Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months As many as 100,000 of the music streaming service's customers could face account takeover.
04 February 2021

Nespresso Smart Cards Brewed with Weak Security

Nespresso Smart Cards Brewed with Weak Security A researcher hacked Nespresso Pro smart cards to dispense free, unlimited coffee.
04 February 2021

Google: Better patching could have prevented 1 in 4 zero‑days last year

Vendors should fix the root cause of a vulnerability, rather than block just one path to triggering it, says Google

The post Google: Better patching could have prevented 1 in 4 zero‑days last year appeared first on WeLiveSecurity

04 February 2021

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.
04 February 2021

Google paid $6.7 million to bug bounty hunters in 2020

Sum is up from the $6.5 million the company paid security researchers a year before, in 2019.
04 February 2021

Critical Cisco Flaws Open VPN Routers Up to RCE Attacks

Critical Cisco Flaws Open VPN Routers Up to RCE Attacks The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.
04 February 2021

Microsoft Office 365 Attacks Sparked from Google Firebase

Microsoft Office 365 Attacks Sparked from Google Firebase A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.
04 February 2021

Is $50,000 for a Vulnerability Too Much?

Lofty bug bounties catch attention, but don't alleviate the application security flaws they are trying to solve.
04 February 2021

Blockchain transactions confirm murky and interconnected ransomware scene

Criminal gangs often use multiple ransomware strains and jump ship from one RaaS (Ransomware-as-a-Service) to another, seeking better deals.
04 February 2021

Discord servers targeted in cryptocurrency exchange scam wave

Free Bitcoin? Don’t believe it.
04 February 2021

Security firm Stormshield discloses data breach, theft of source code

Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks.
04 February 2021

Cisco’s AppDynamics debuts app performance, vulnerability management software

Cisco says that clients will no longer have to “sacrifice security for velocity.”
04 February 2021

Clearview Facial-Recognition Technology Ruled Illegal in Canada

Clearview Facial-Recognition Technology Ruled Illegal in Canada The company’s controversial practice of collecting and selling billions of faceprints was dealt a heavy blow by the Privacy Commissioner that could set a precedent in other legal challenges.
04 February 2021

LockBit ransomware operator: ‘For a cybercriminal, the best country is Russia’

A lone ransomware operator explains why they went down a criminal path.
04 February 2021

Facebook etiquette: Behaviors you should avoid

Sharing your thoughts or photos for the world to see is now as easy as pushing a button, but even a seemingly harmless post may come back to haunt you

The post Facebook etiquette: Behaviors you should avoid appeared first on WeLiveSecurity

04 February 2021

Digital Defense acquired to bolster HelpSystems’ security assessment portfolio

HelpSystems says the purchase will help clients improve infrastructure security.
04 February 2021

Android devices ensnared in DDoS botnet

New Matryosh botnet is targeting Android systems that have left their ADB debug interface exposed on the internet.
04 February 2021

Older Generation

Using technology securelly can be overwhelming or confusing, especially for those who did not grow up with it. When helping secure those who are uncomfortable with technology focus on just the basics - 1) be aware of social engineering attacks 2) secure your home network 3) keep your systems updated 4) use strong, unique passwords 5) backup your key personal data.
04 February 2021

Google: Proper patching would have prevented 25% of all zero-days found in 2020

A quarter of all the zero-days exploited in the wild in 2020 were variations of previously patched vulnerabilities.
03 February 2021