Cybersecurity News


Microsoft patches actively exploited Windows kernel flaw

This month’s relatively humble bundle of security updates fixes 56 vulnerabilities, including a zero-day bug and 11 flaws rated as critical

The post Microsoft patches actively exploited Windows kernel flaw appeared first on WeLiveSecurity

10 February 2021

Zero Trust in the Real World

Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.
10 February 2021

Intel Squashes High-Severity Graphics Driver Flaws

Intel Squashes High-Severity Graphics Driver Flaws Intel is warning on security bugs across its graphics drivers, server boards, compute modules and modems.
10 February 2021

Paving the way: Inspiring Women in Payments - A podcast featuring Angel Grant

 

When she’s not perfecting her lock-picking skills, Angel Grant is busy building a diverse team who have the right attributes for the dynamic world of technology. In this edition of our podcast series, Angel explains that since your future job probably doesn’t exist yet, the keys to success are your transferrable skills.

10 February 2021

Multivector Attacks Demand Security Controls at the Messaging Level

As a Google-identified attack reveals, security teams need to look beyond VPNs and network infrastructure to the channels where social engineering takes place.
10 February 2021

Authorities arrest SIM swapping gang that targeted celebrities

Eight men were arrested in England and Scotland as part of an investigation into a series of SIM swapping attacks targeting US celebrities.
10 February 2021

The time for Insider Risk Management is now: Code42 2021 Data Exposure Report Reveals a Perfect Storm

The time for Insider Risk Management is now: Code42 2021 Data Exposure Report Reveals a Perfect Storm The Code42 2021 Data Exposure Report highlights the need to adopt a new approach to data security and invest in modern Insider Risk technology.
10 February 2021

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple

Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tools to exploit dependencies in organizations internal applications.
10 February 2021

Investor data breach 'fatigue' reduces Wall Street punishment for cybersecurity failures

As data breaches are now common, acceptance now lessens the impact on share prices.
10 February 2021

Adobe patches wave of critical bugs in Magento, Acrobat, Reader

Some of the vulnerabilities were reported through a hacking contest.
10 February 2021

Microsoft warns enterprises of new 'dependency confusion' attack technique

New "dependency confusion" technique, also known as a "substitution attack," allows threat actors to sneak malicious code inside private code repositories by registering internal library names on public package indexes.
10 February 2021

Microsoft Patch Tuesday, February 2021 Edition

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws.
09 February 2021

Actively Exploited Windows Kernel EoP Bug Allows Takeover

Actively Exploited Windows Kernel EoP Bug Allows Takeover Microsoft addressed 56 security vulnerabilities for February Patch Tuesday -- including 11 critical and six publicly known. And, it continued to address the Zerologon bug.
09 February 2021

Google Play Boots Barcode Scanner App After Ad Explosion

Google Play Boots Barcode Scanner App After Ad Explosion A barcode scanner with 10 million downloads is removed from Google Play marketplace after ad blitz hits phones.
09 February 2021

Florida Water Utility Hack Highlights Risks to Critical Infrastructure

The intrusion also shows how redundancy and detection can minimize damage and reduce impact to the population.
09 February 2021

Microsoft Fixes Windows Zero-Day in Patch Tuesday Rollout

Microsoft's monthly security fixes addressed a Win32k zero-day, six publicly known flaws, and three bugs in the Windows TCP/IP stack.
09 February 2021

Fears over DNA privacy as 23andMe goes public in deal with Richard Branson

Fears over DNA privacy as 23andMe goes public in deal with Richard Branson

Genetic testing company with 10 million customers’ data has ‘huge cybersecurity implications’

The genetic testing company 23andMe will go public through a partnership with a firm backed by the billionaire Richard Branson, in a deal that has raised fresh privacy questions about the information of millions of customers.

Launched in 2006, 23andMe sells tests to determine consumers’ genetic ancestry and risk of developing certain illnesses, using saliva samples sent in by mail.

Related: Your DNA is a valuable asset, so why give it to ancestry websites for free? | Laura Spinney

Continue reading...
09 February 2021

Attackers Exploit Critical Adobe Flaw to Target Windows Users

Attackers Exploit Critical Adobe Flaw to Target Windows Users A critical vulnerability in Adobe Reader has been exploited in "limited attacks."
09 February 2021

Microsoft February 2021 Patch Tuesday fixes 56 bugs, including Windows zero-day

Microsoft also warns about three nasty vulnerabilities in the Windows TCP/IP stack.
09 February 2021

SentinelOne Buys Data Analytics Company Scalyr

Cloud-based big data platform boosts extended detection and response (XDR) offering.
09 February 2021