Cybersecurity News


New Study Calls Common Risk Figure into Question

Many risk models use a commonly quoted number -- $150 per record -- to estimate the cost of an incident. A new study from the Cyentia Institute says misusing that number means that estimates are almost never accurate.
19 March 2020

Cloud Misconfig Mistakes Show Need For DevSecOps

Cloud Misconfig Mistakes Show Need For DevSecOps Unit 42 researchers discuss public cloud misconfiguration issues that are leading to breaches of sensitive data.
19 March 2020

What is the Best Defense Against Phishing Attacks?

What is the Best Defense Against Phishing Attacks? While many view phishing as a small annoyance, this attack method has maintained longevity for a reason and is still the number one cause of data breaches.
19 March 2020

Achieving DevSecOps Requires Cutting Through the Jargon

Establishing a culture where security can work easily with developers starts with making sure they can at least speak the same language.
19 March 2020

Cyber Resilience Benchmarks 2020

Here are four things that separate the leaders from the laggards when fighting cyber threats.
19 March 2020

TA505 Targets HR Departments with Poisoned CVs

Infamous cybercrime organization spotted in attacks that employ legitimate software -- and Google Drive.
19 March 2020

Cisco tackles root privilege vulnerability in SD-WAN software

Three vulnerabilities have been patched in SD-WAN, two of which can lead to root privilege escalation.
19 March 2020

Quantifying Cyber Risk: Why You Must & Where to Start

Quantifying Cyber Risk: Why You Must & Where to Start Quantifying cybersecurity risks can be a critical step in understanding those risks and getting executive support to address them.
19 March 2020

This cryptocurrency miner uses unique, stealthy tactics to hide from prying eyes

A combination of botnet and cryptominer has been utilizing new obfuscation techniques never before made public.
19 March 2020

Stantinko’s new cryptominer features unique obfuscation techniques

ESET researchers bring to light unique obfuscation techniques discovered in the course of analyzing a new cryptomining module distributed by the Stantinko group’s botnet

The post Stantinko’s new cryptominer features unique obfuscation techniques appeared first on WeLiveSecurity

19 March 2020

France warns of new ransomware gang targeting local governments

CERT France says some local governments have been infected with a new version of the Pysa (Mespinoza) ransomware.
19 March 2020

Firefox to remove support for the FTP protocol

Mozilla: "We're doing this for security reasons. FTP is an insecure protocol."
18 March 2020

Skimmer May Have Put NutriBullet Customers' Card Data at Risk for Nearly a Month

Blender maker is the latest victim of Magecart.
18 March 2020

WordPress, Apache Struts Attract the Most Bug Exploits

WordPress, Apache Struts Attract the Most Bug Exploits An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019.
18 March 2020

Azure Red Flag: Microsoft Accidentally Fixes Cloud Config ‘Bug’

Azure Red Flag: Microsoft Accidentally Fixes Cloud Config ‘Bug’ Researchers detail a misconfiguration in Microsoft’s Azure cloud platform that could have given hackers carte blanche access to a targeted company's cloud services.
18 March 2020

Process Injection Tops Attacker Techniques for 2019

Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.
18 March 2020

500,000 Documents Exposed in Open S3 Bucket Incident

The open database exposed highly sensitive financial and business documents related to two financial organizations.
18 March 2020

Trend Micro Fixes Critical Flaws Under Attack

Trend Micro Fixes Critical Flaws Under Attack Fixes are now available for five critical and high-severity Trend Micro flaws, two of which are being actively targeted by attackers.
18 March 2020

Facebook Got Tagged, but not Hard Enough

Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
18 March 2020

TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal

TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal A fresh module aims to compromise remote desktop accounts to access corporate resources.
18 March 2020