Cybersecurity News
White House pushes for more telework as first DOD contractor dies because of COVID-19
White House OMB tells agencies to "utilize technology to the greatest extent practicable" for remote staff work during coronavirus outbreak.23 March 2020
New York asks domain registrars to crack down on sites used for coronavirus scams
New York Attorney General wants GoDaddy, Namecheap and other domain registrars to crack down on coronavirus scam sites.23 March 2020
Microsoft Publishes Advisory for Windows Zero-Day
There is no available patch for the vulnerabilities, which Microsoft says exist in all supported versions of Windows.23 March 2020
Three Ways Your BEC Defense Is Failing & How to Do Better
Business email compromises cost the economy billions of dollars. Experts have advice on how to stop them from hitting you for millions at a pop.
23 March 2020
538 Million Weibo Users' Info for Sale on Dark Web
The user data, which does not include passwords, purportedly comes from a mid-2019 breach.23 March 2020
Apache Tomcat Exploit Poised to Pounce, Stealing Files
Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers.
23 March 2020
Apache Tomcat Exploit Poised to Pounce, Stealing Files
Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers.
23 March 2020
Hackers Actively Exploit 0-Day in CCTV Camera Hardware
Criminals behind botnets Chalubo, FBot and Moobot attack unpatched vulnerabilities in the commercial DVRs made by LILIN.
23 March 2020
Hackers Actively Exploit 0-Day in CCTV Camera Hardware
Criminals behind botnets Chalubo, FBot and Moobot attack unpatched vulnerabilities in the commercial DVRs made by LILIN.
23 March 2020
Who’s Behind the ‘Web Listings’ Mail Scam?
In December 2018, KrebsOnSecurity looked at how dozens of U.S. political campaigns, cities and towns had paid a shady company called Web Listings Inc. after receiving what looked like a bill for search engine optimization (SEO) services rendered on behalf of their domain names. The story concluded that this dubious service had been scamming people and companies for more than a decade, and promised a Part II to explore who was behind Web Listings. What follows are some clues that point to a very convincing answer to that question.23 March 2020
Microsoft Warns of Critical Windows Zero-Day Flaws
The unpatched Windows zero day flaws are being exploited in "limited, targeted" attacks, according to Microsoft.
23 March 2020
Microsoft Warns of Critical Windows Zero-Day Flaws
The unpatched Windows zero day flaws are being exploited in "limited, targeted" attacks, according to Microsoft.
23 March 2020
Microsoft warns of Windows zero-day exploited in the wild
BREAKING: Hackers are exploiting a zero-day in the Adobe Type Manager Library (atmfd.dll) that ships with the Windows OS.23 March 2020
FBI Warns of Fake CDC Emails in COVID-19 Phishing Alert
Fraudsters exploit concerns by claiming to offer virus-related information or promising stimulus checks.23 March 2020
FireEye warns about the proliferation of ready-made ICS hacking tools
The growing number of hacking tools targeting industrial equipment is slowly becoming a problem.23 March 2020
Protecting Payments While Working Remotely
PCI SSC is dedicated to providing necessary guidance to the payments industry during evolving circumstances related to COVID-19. The current climate is forcing more global organizations to a remote-work model. As organization make this shift, it is important to maintain security practices to protect payment card data. The following are excerpts related to remote work best practices taken from the PCI SSC Information Supplement “Protecting Telephone-Based Payment Card Data”.
23 March 2020
Fake Coronavirus ‘Vaccine’ Website Busted in DoJ Takedown
Authorities have cracked down on a website that claimed to give out coronavirus vaccine kits - but that was actually stealing victims' payment card data and personal information.
23 March 2020
Fake Coronavirus ‘Vaccine’ Website Busted in DoJ Takedown
Authorities have cracked down on a website that claimed to give out coronavirus vaccine kits - but that was actually stealing victims' payment card data and personal information.
23 March 2020
8 Infosec Page-Turners for Days Spent Indoors
Stuck inside and looking for a new read? Check out these titles written be security practitioners and reporters across the industry.
23 March 2020
The good, the bad and the plain ugly
A prolific ransomware gang vows to dial back its campaigns and spare healthcare organizations altogether during the COVID-19 crisis. It’s no cause for celebration.
The post The good, the bad and the plain ugly appeared first on WeLiveSecurity
23 March 2020