Cybersecurity News


More Details Emerge on the Microsoft Exchange Server Attacks

The attacks are more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
03 March 2021

Intel: Paid Research Caught More Than 90% of Our Vulnerabilities

Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.
03 March 2021

Okta to Buy Rival Auth0

The deal, valued at $6.5 billion, will bring together competitors in the identity management space.
03 March 2021

Unpatched Bug in WiFi Mouse App Opens PCs to Attack

Unpatched Bug in WiFi Mouse App Opens PCs to Attack Wireless mouse-utility lacks proper authentication and opens Windows systems to attack.
03 March 2021

CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers

The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.
03 March 2021

Google Patches Actively-Exploited Flaw in Chrome Browser

Google Patches Actively-Exploited Flaw in Chrome Browser A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users.
03 March 2021

Malaysia Air Downplays Frequent-Flyer Program Data Breach

Malaysia Air Downplays Frequent-Flyer Program Data Breach A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals. 
03 March 2021

Home-Office Photos: A Ripe Cyberattack Vector

Home-Office Photos: A Ripe Cyberattack Vector Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk.
03 March 2021

RTM Cybergang Adds New Quoter Ransomware to Crime Spree

RTM Cybergang Adds New Quoter Ransomware to Crime Spree The Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics.
03 March 2021

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow Attackers have weaponized code dependency confusion to target internal apps at tech giants.
03 March 2021

How SolarWinds Busted Up Our Assumptions About Code Signing

With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
03 March 2021

Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets

Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets Full dumps of email boxes, lateral movement and backdoors characterize sophisticated attacks by a Chinese APT - while more incidents spread like wildfire.
03 March 2021

Design, Security, Tech Is the New Stack You Should Be Building

Instead of different departments managing information systems, Ally Financial has combined data, digitization, security, and design into a single "stack" of human resources.
03 March 2021

Ursnif Trojan has targeted over 100 Italian banks

1,700 credentials were stolen from a single payment processor.
03 March 2021

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

The researcher says he could have abused the bug to hijack Microsoft accounts.
03 March 2021

Google patches actively exploited Chrome browser zero-day vulnerability

Upgrading your Chrome build as quickly as possible is recommended.
03 March 2021

Not all cybercriminals are sophisticated

Some perpetrators of online crime and fraud don’t use advanced methods to profit at the expense of unsuspecting victims and to avoid getting caught

The post Not all cybercriminals are sophisticated appeared first on WeLiveSecurity

03 March 2021

SEC charges group for alleged pump-and-dump Airborne Wireless stock scam

SEC claims investors were defrauded out of $45 million.
03 March 2021

How Enterprises are Developing Secure Applications

How Enterprises are Developing Secure Applications Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
03 March 2021

Policy Group Calls for Public-Private Cyber-Defense Program

The proposed National Cyber Response Network would link federal agencies, companies, and local governments, allowing collaboration during a cyberattack.
02 March 2021