Cybersecurity News


CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers

The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.
03 March 2021

Google Patches Actively-Exploited Flaw in Chrome Browser

Google Patches Actively-Exploited Flaw in Chrome Browser A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users.
03 March 2021

Malaysia Air Downplays Frequent-Flyer Program Data Breach

Malaysia Air Downplays Frequent-Flyer Program Data Breach A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals. 
03 March 2021

Home-Office Photos: A Ripe Cyberattack Vector

Home-Office Photos: A Ripe Cyberattack Vector Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk.
03 March 2021

RTM Cybergang Adds New Quoter Ransomware to Crime Spree

RTM Cybergang Adds New Quoter Ransomware to Crime Spree The Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics.
03 March 2021

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow Attackers have weaponized code dependency confusion to target internal apps at tech giants.
03 March 2021

How SolarWinds Busted Up Our Assumptions About Code Signing

With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
03 March 2021

Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets

Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets Full dumps of email boxes, lateral movement and backdoors characterize sophisticated attacks by a Chinese APT - while more incidents spread like wildfire.
03 March 2021

Design, Security, Tech Is the New Stack You Should Be Building

Instead of different departments managing information systems, Ally Financial has combined data, digitization, security, and design into a single "stack" of human resources.
03 March 2021

Ursnif Trojan has targeted over 100 Italian banks

1,700 credentials were stolen from a single payment processor.
03 March 2021

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

The researcher says he could have abused the bug to hijack Microsoft accounts.
03 March 2021

Google patches actively exploited Chrome browser zero-day vulnerability

Upgrading your Chrome build as quickly as possible is recommended.
03 March 2021

Not all cybercriminals are sophisticated

Some perpetrators of online crime and fraud don’t use advanced methods to profit at the expense of unsuspecting victims and to avoid getting caught

The post Not all cybercriminals are sophisticated appeared first on WeLiveSecurity

03 March 2021

SEC charges group for alleged pump-and-dump Airborne Wireless stock scam

SEC claims investors were defrauded out of $45 million.
03 March 2021

How Enterprises are Developing Secure Applications

How Enterprises are Developing Secure Applications Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
03 March 2021

Policy Group Calls for Public-Private Cyber-Defense Program

The proposed National Cyber Response Network would link federal agencies, companies, and local governments, allowing collaboration during a cyberattack.
02 March 2021

Microsoft Ignite Brings Security & Compliance Updates

Microsoft announces support for data loss prevention in Google Chrome, co-authoring of protected files, and more at Ignite 2021.
02 March 2021

'ObliqueRAT' Now Hides Behind Images on Compromised Websites

'Transparent Tribe' has switched its tactics for distributing the remote access Trojan, researchers found.
02 March 2021

Post-Cyberattack, Universal Health Services Faces $67M in Losses

Post-Cyberattack, Universal Health Services Faces $67M in Losses The Fortune-500 hospital network owner is facing steep costs in damages after a cyberattack impacted patient care and billing in September and October.
02 March 2021

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

Microsoft Corp. today released software updates to plug four critical security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The company says all four flaws are being actively exploited as part of a complex attack chain deployed by a previously unidentified Chinese cyber espionage group.
02 March 2021