Cybersecurity News


APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.
11 September 2020

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
11 September 2020

3 Secure Moments: A Tranquil Trio of Security Haiku

3 Secure Moments: A Tranquil Trio of Security Haiku Placid poems to quiet the infosec pro's harried mind. (Or placid, by infosec standards.)
11 September 2020

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.
11 September 2020

APT Groups Set Sights on Linux Targets: Inside the Trend

Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
11 September 2020

Ransomware Hits US District Court in Louisiana

The ransomware attack has exposed internal documents from the court and knocked its website offline.
11 September 2020

Week in security with Tony Anscombe

ESET researchers have discovered and analyzed CDRThief, a malware that targets Voice over IP (VoIP) softswitches. Righard Zwienenberg deep in the lead-offering business and invites us to take steps to mitigate this problem. Finally, an overview of the TikTok pairing feature, which gives parents greater control over how their children interact with the app All

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

11 September 2020

WordPress Plugin Flaw Allows Attackers to Forge Emails

WordPress Plugin Flaw Allows Attackers to Forge Emails The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
11 September 2020

Spear-Phishers Leverage Office 365 Ecosystem to Validate Stolen Creds in Real Time

New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in.
11 September 2020

Fraud Prevention During the Pandemic

When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.
11 September 2020

Adult site users targeted with malicious ads redirecting to exploit kits, malware

Adult ad networks abused in last hurrah attacks before Flash and IE near EOL.
11 September 2020

IRS offers grants for software to trace privacy-focused cryptocurrency trades

Grants of up to $625,000 will be issued in exchange for cryptocurrency tracking technologies.
11 September 2020

ThreatConnect acquires enterprise risk management firm Nehemiah Security

ThreatConnect aims to create a full security lifestyle solutions portfolio suitable for enterprise players.
11 September 2020

Porn site users targeted with malicious ads redirecting to exploit kits, malware

Adult ad networks abused in last hurrah attacks before Flash and IE near EOL.
11 September 2020

Cyber-Risks Explode With Move to Telehealth Services

The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.
10 September 2020

US Sanctions Russian Attackers for 2020 Election Interference

The move comes as Microsoft publishes research on attack groups and activity attempting to target the Biden and Trump campaigns.
10 September 2020

6 Lessons IT Security Can Learn From DevOps

6 Lessons IT Security Can Learn From DevOps DevOps has taken over enterprise software development. The discipline has lessons for IT security -- here are a quick half-dozen.
10 September 2020

Two Years on from GDPR: Has It Driven Growth in Cybersecurity Insurance?

Whilst GDPR has put the spotlight on data privacy and cyber issues, there are other more prominent trends that are driving a greater take-up of cyber insurance, says Ben Maidment, Class Underwriter - Cyber, Physical & Technology at Brit Insurance.
10 September 2020

ThreatConnect Buys Nehemiah Security

Threat intelligence firm adds Nehemiah's Risk Quantifier to its platform.
10 September 2020

Microsoft Warns of Cyberattacks on Trump, Biden Election Campaigns

Microsoft Warns of Cyberattacks on Trump, Biden Election Campaigns Just months before the U.S. presidential election, hackers from Russia, China and Iran are ramping up phishing and malware attacks against campaign staffers.
10 September 2020