Cybersecurity News


Windows Zero-Day Still Circulating After Faulty Fix

Windows Zero-Day Still Circulating After Faulty Fix The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
24 December 2020

Quarterbacking Vulnerability Remediation

It's time that security got out of the armchair and out on the field.
24 December 2020

HelpSystems Acquires Data Security Firm Vera

The purchase is intended to increase London-based HelpSystems' file collaboration security capabilities.
24 December 2020

Delivering Santa from Third-Party Risk

Delivering Santa from Third-Party Risk 2020 has made even St. Nick susceptible to the risks associated with the coronavirus pandemic. Fortunately, cybersecurity experts are ready to help the merry old elf with advice on reducing risks to his global operations.
24 December 2020

Microsoft, McAfee, Rapid7, and Others Form New Ransomware Task Force

Industry group wants to get a framework in the hands of the new administration's cybersecurity officials by early spring 2021.
23 December 2020

White Ops Announces Its Acquisition

A group including Goldman Sachs Merchant Banking Division, ClearSky Security, and NightDragon has purchased the human verification technology company.
23 December 2020

Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack

Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack The nation-state actor is looking to speed up vaccine development efforts in North Korea.
23 December 2020

Data breach hits 30,000 signed up to workplace pensions provider

Data breach hits 30,000 signed up to workplace pensions provider

Fraud worries as UK company Now:Pensions says ‘third-party contractor’ posted personal details of clients to online public forum

About 30,000 customers of Now:Pensions face an anxious Christmas after a serious data breach at the pensions provider led to their sensitive personal details being posted on the internet.

In an email sent to affected customers, the workplace pensions firm warned that names, postal and email addresses, birth dates and National Insurance numbers all appeared in a public forum online.

Continue reading...
23 December 2020

Lazarus Group Seeks Intelligence Related to COVID-19

Researchers attribute attacks targeting a pharmaceutical company and a government ministry related to COVID-19 response.
23 December 2020

Third-Party APIs: How to Prevent Enumeration Attacks

Third-Party APIs: How to Prevent Enumeration Attacks Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it.
23 December 2020

Hey Alexa, Who Am I Messaging?

Hey Alexa, Who Am I Messaging? Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info.
23 December 2020

Emotet Returns to Hit 100K Mailboxes Per Day

Emotet Returns to Hit 100K Mailboxes Per Day Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.
23 December 2020

Enterprise IoT Security Is a Supply Chain Problem

Organizations that wish to take advantage of the potential benefits of IoT systems in enterprise environments should start evaluating third-party risk during the acquisition process.
23 December 2020

7 ways malware can get into your device

You know that malware is bad, but are you also aware of the various common ways in which it can infiltrate your devices?

The post 7 ways malware can get into your device appeared first on WeLiveSecurity

23 December 2020

DHS warns against using Chinese hardware and digital services

US says Chinese companies are engaging in "PRC government-sponsored data theft."
22 December 2020

SolarWinds Campaign Focuses Attention on 'Golden SAML' Attack Vector

Adversaries that successfully execute attack can achieve persistent anytime, anywhere access to a victim network, security researchers say.
22 December 2020

Emotet Campaign Restarts After Seven-Week Hiatus

Multiple security researchers note the return of an email campaign attempting to spread the malware, which is often used to drop the Ryuk ransomware and Trickbot banking Trojan.
22 December 2020

Microsoft Ups Security of Azure AD, Identity

A roundup of Microsoft's recent security news and updates that focus on protecting identity.
22 December 2020

Holiday Puppy Swindle Has Consumers Howling

Holiday Puppy Swindle Has Consumers Howling Those buying German Shepherd puppies for Bitcoin online are in for a ruff ride.
22 December 2020

Test

Test More than 45 million unique images, such as X-rays and MRI scans, are accessible to anyone on the Internet, security firm says.
22 December 2020