Cybersecurity News


Malicious Office 365 Apps Are the Ultimate Insiders

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization's own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user's emails and files, both of which are then plundered to launch malware and phishing scams against others.
05 May 2021

Banking Trojan evolves from distribution through porn to phishing schemes

While starting out in Brazil, the malware may now also be present in Europe.
05 May 2021

Ousaban: Private photo collection hidden in a CABinet

Another in our occasional series demystifying Latin American banking trojans

The post Ousaban: Private photo collection hidden in a CABinet appeared first on WeLiveSecurity

05 May 2021

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency

The malware hones in on cryptocurrency funds as well as VPN credentials.
05 May 2021

Newer Generic Top-Level Domains a Security 'Nuisance'

Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use, new report says.
04 May 2021

Apple Issues Patches for Webkit Security Flaws

The vulnerabilities may already be under active attack, Apple says in an advisory.
04 May 2021

Global Phishing Attacks Spawn Three New Malware Strains

Global Phishing Attacks Spawn Three New Malware Strains The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked.
04 May 2021

Planning Our Passwordless Future

Planning Our Passwordless Future All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. (Part one of a two-part series.)
04 May 2021

Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack

Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.
04 May 2021

Raytheon: Supply Chain, Ransomware, Zero Trust Biggest Security Priorities

SPONSORED CONTENT. While organizations may be more vulnerable than ever to supply chain hacks and ransomware, they can look to Zero Trust frameworks to keep their users and data safe, said Jon Check, a senior director in Raytheon's cyber protection solutions business unit. Check also foresees wider use of automation to handle tasks humans in the SOC can't get to.
04 May 2021

More Companies Adopting DevOps & Agile for Security

Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds.
04 May 2021

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others.
04 May 2021

The Wages of Password Re-use: Your Money or Your Life

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom.
04 May 2021

Scripps Health Responds to Cyberattack

The health care system says it has suspended access to patient portals and other applications related to operations at Scripps facilities.
04 May 2021

Can Organizations Secure Remote Workers for the Long Haul?

By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
04 May 2021

Microsoft will soon remove Flash Player from Windows 10 devices

The Patch Tuesday security update due in July should hammer the last nail in the coffin of Adobe Flash Player

The post Microsoft will soon remove Flash Player from Windows 10 devices appeared first on WeLiveSecurity

04 May 2021

Apple Fixes Zero‑Day Security Bugs Under Active Attack

Apple Fixes Zero‑Day Security Bugs Under Active Attack On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine.
04 May 2021

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs

Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009.
04 May 2021

Sneakers, Gaming, Nvidia Cards: Retailers Can Stop Shopping Bots

Sneakers, Gaming, Nvidia Cards: Retailers Can Stop Shopping Bots Jason Kent, hacker in residence at Cequence Security, says most retailers are applying 1970s solutions to the modern (and out-of-control) shopping-bot problem, and offers alternative ideas.
04 May 2021

Three new malware families found in global finance phishing campaign

Doubledrag, Doubledrop, and Doubleback are the work of “experienced” threat actors.
04 May 2021