Cybersecurity News


Autonomous IT: Less Reacting, More Securing

Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
28 July 2020

FBI warns of disruptive DDoS amplification attacks

The Bureau expects cybercriminals to increasingly abuse new threat vectors for large-scale DDoS attacks

The post FBI warns of disruptive DDoS amplification attacks appeared first on WeLiveSecurity

28 July 2020

As Businesses Move to the Cloud, Cybercriminals Follow Close Behind

In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
28 July 2020

Kaspersky: North Korean hackers are behind the VHD ransomware

North Korean hackers return to actively deploying ransomware after the huge WannaCry debacle.
28 July 2020

Podcast: Security Lessons Learned In Times of Uncertainty

Podcast: Security Lessons Learned In Times of Uncertainty Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, discusses the top threats and lessons learned from the first half of 2020.
28 July 2020

Researchers Warn of High-Severity Dell PowerEdge Server Flaw

Researchers Warn of High-Severity Dell PowerEdge Server Flaw A path traversal vulnerability in the iDRAC technology can allow remote attackers to take over control of server operations.
28 July 2020

New Linux malware uses Dogecoin API to find C&C server addresses

Security researchers discover Doki, a new backdoor malware strain targeting Docker instances.
28 July 2020

Business ID Theft Soars Amid COVID Closures

Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that's spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans and unemployment benefits.
27 July 2020

ShinyHunters Offers Stolen Data on Dark Web

The threat actor offers more than 26 million records from a series of data breaches.
27 July 2020

Ratings for Open Source Projects Aim to Make Software More Secure

Two companies have teamed up to rate open source projects, but can adopting repository ratings help developers make better decisions regarding open source?
27 July 2020

Microsoft Revamps Windows Insider Preview Bug Bounty Program

Microsoft Revamps Windows Insider Preview Bug Bounty Program Researchers can earn up to $100,000 for finding vulnerabilities in Microsoft's revamped Windows Insider Preview bug bounty program.
27 July 2020

Ransomware attack on Garmin thought to be the work of 'Evil Corp'

Ransomware attack on Garmin thought to be the work of 'Evil Corp'

Russian cybercrime gang is believed to be responsible for taking Garmin services offline

A ransomware attack that took the GPS and smartwatch business Garmin entirely offline for more than three days is believed to have been carried out by a Russian cybercriminal gang which calls itself “Evil Corp”.

Garmin began to restore services to customers on Monday morning, after being held hostage for a reported ransom of $10m, although some services were still operating with limited functionality.

Ransomware is the most common form of criminal malware currently in use. Targets are commonly infected through malicious emails, which may trick them into downloading and running the software, or through exploiting vulnerabilities in other software such as Adobe Flash. When the ransomware program is activated, it encrypts the user’s hard drive with a single use encryption key, before flashing up a message asking for ransom, typically in the form of a payment in the cryptocurrency Bitcoin.

Related: Garmin down: how to still get your activities on to Strava

Continue reading...
27 July 2020

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns

Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns Attackers are exploiting a high-severity vulnerability in Cisco's network security software products, which is used by Fortune 500 companies.
27 July 2020

CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware

QSnatch malware, first spotted in late 2019, has grown from 7,000 bots to more than 62,000, according to a join US CISA and UK NCSC security alert.
27 July 2020

Almost 4,000 databases now wiped in ‘Meow’ attacks

The attackers and their motivations remain unknown; however, the incidents yet again highlight the risks of careless data security

The post Almost 4,000 databases now wiped in ‘Meow’ attacks appeared first on WeLiveSecurity

27 July 2020

Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills

Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills The U.S. government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement.
27 July 2020

Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev

OAuth tokens have been abused for intrusions at least two other companies, Dave.com and Flood.io.
27 July 2020

Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job

How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
27 July 2020

Cerberus banking Trojan team breaks up, source code goes to auction

The Android malware’s operator is hoping the code and client list will net them up to $100,000.
27 July 2020

Block/Allow: The Changing Face of Hacker Linguistics

Terms such as "whitelist," "blacklist," "master," and "slave" are being scrutinized again and by a wider range of tech companies than ever before.
27 July 2020