Cybersecurity News


Cloud Leak Exposes 320M Dating-Site Records

Cloud Leak Exposes 320M Dating-Site Records A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.
14 September 2020

Due Diligence That Money Can’t Buy

Most of us automatically put our guard up when someone we don't know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Here's the story of how companies searching for investors to believe in their ideas can run into trouble.
14 September 2020

FBI says credential stuffing attacks are behind some recent bank hacks

The FBI is raising a sign of alarm about the rising number of credential stuffing attacks targeting financial institutions.
14 September 2020

TikTok Fixes Flaws That Opened Android App to Compromise

TikTok Fixes Flaws That Opened Android App to Compromise The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.
14 September 2020

Magecart Attack Impacts More Than 10K Online Shoppers

Magecart Attack Impacts More Than 10K Online Shoppers Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.
14 September 2020

Virginia's Largest School System Hit With Ransomware

Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.
14 September 2020

Benefits of Becoming a Participating Organization

 

It is great that your organization takes securing payment data seriously. Now is the time to take the next step forward and make a difference by becoming a PCI SSC Participating Organization, (PO). POs play a key role in both influencing the ongoing development of PCI Security Standards and programs, and in helping ensure that PCI Security Standards are implemented globally to secure payment data.

14 September 2020

CISA: Chinese state hackers are exploiting F5, Citrix, Pulse Secure, and Exchange bugs

CISA says attacks have started a year ago and some have been successful.
14 September 2020

Open Source Security's Top Threat and What To Do About It

With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.
14 September 2020

More Printers Could Mean Security Problems for Home-Bound Workers

Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.
14 September 2020

Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency

Cyber-attacks on cloud systems spiked 250% from 2019 to 2020.
14 September 2020

US citizen charged with running diamond Ponzi scheme, cryptocurrency scam

The operator claimed to have $25 million in diamond ‘stock’.
14 September 2020

Zerologon attack lets hackers take over enterprise networks

If you're managing enterprise Windows Servers, don't skip on the August 2020 Patch Tuesday.
14 September 2020

DeFi SushiSwap creator returns $14m in ETH to project after causing coin crash

Chef Nomi says they are sorry for wreaking havoc by cashing out $14 million without warning.
14 September 2020

New BlindSide attack uses speculative execution to bypass ASLR

New BlindSide technique abuses the CPU's internal performance-boosting feature to bypass OS security protection.
14 September 2020

A Real-World Tool for Organizing, Integrating Third-Party Tools

Omdia Cybersecurity Accelerator analyst Eric Parizo describes how a security product integration framework (SPIF) can unify best-of-breed architectures.
13 September 2020

Leaky server exposes users of dating site network

Personal details of hundreds of thousands of dating site users were temporarily exposed online earlier this month.
13 September 2020

Researcher kept a major Bitcoin bug secret for two years to prevent attacks

The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.
12 September 2020

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.
11 September 2020

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
11 September 2020