Cybersecurity News


Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software

The incident started with a student who didn't want to pay for a license and ended with the loss of research.
06 May 2021

Fantastic passwords and where your children can find them

How witches, wizards and superheroes can help your kids stay safe from cyber-villains, plus other parenting hacks to encourage your children to use secure passwords

The post Fantastic passwords and where your children can find them appeared first on WeLiveSecurity

06 May 2021

Black Hat Asia Speakers Share Secrets About Sandboxes, Smart Doors, and Security

Find video interviews with some of the coolest Black Hat Asia experts right here, as part of the Dark Reading News Desk this week.
06 May 2021

Older Generation

Using technology securely can be overwhelming or confusing, especially for those who did not grow up with it. When helping secure those who are uncomfortable with technology focus on just the basics - 1) be aware of social engineering attacks 2) secure your home network 3) keep your systems updated 4) use strong, unique passwords 5) backup your key personal data
06 May 2021

Attackers Seek New Strategies to Improve Macros' Effectiveness

The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
05 May 2021

New Crypto-Stealer ‘Panda’ Spread via Discord

New Crypto-Stealer ‘Panda’ Spread via Discord PandaStealer is delivered in rigged Excel files masquerading as business quotes, bent on stealing victims' cryptocurrency and other info.
05 May 2021

Anti-Spam WordPress Plugin Could Expose Website User Data

Anti-Spam WordPress Plugin Could Expose Website User Data 'Spam protection, AntiSpam, FireWall by CleanTalk' is installed on more than 100,000 sites -- and could offer up sensitive info to attackers that aren't even logged in.
05 May 2021

Gap Between Security and Networking Teams May Hinder Tech Projects

Professionals in each field describe a poor working relationship between the two teams
05 May 2021

DoD Lets Researchers Target All Publicly Accessible Info Systems

The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
05 May 2021

Wanted: The (Elusive) Cybersecurity 'All-Star'

Wanted: The (Elusive) Cybersecurity 'All-Star' Separate workforce studies by (ISC) 2 and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
05 May 2021

Debating Law Enforcement's Role in the Fight Against Cybercrime

Debating Law Enforcement's Role in the Fight Against Cybercrime The FBI's action to remove Web shells from compromised Microsoft Exchange Servers sparks a broader discussion about officials' response to cyberattacks.
05 May 2021

Raft of Exim Security Holes Allow Linux Mail Server Takeovers

Raft of Exim Security Holes Allow Linux Mail Server Takeovers Remote code execution, privilege escalation to root and lateral movement through a victim's environment are all on offer for the unpatched or unaware.
05 May 2021

Peloton’s Leaky API Spilled Riders’ Private Data

Peloton’s Leaky API Spilled Riders’ Private Data On top of the privacy spill, Peloton is also recalling all treadmills after the equipment was linked to 70 injuries and the death of one child.
05 May 2021

DDoS attack knocks Belgian government websites offline

The attack overwhelmed the systems of a Belgian ISP, leading to widespread service outages and disruptions

The post DDoS attack knocks Belgian government websites offline appeared first on WeLiveSecurity

05 May 2021

Will 2021 Mark the End of World Password Day?

We might be leaving the world of mandatory asterisks and interrobangs behind for good.
05 May 2021

Feds Shut Down Fake COVID-19 Vaccine Phishing Website

Feds Shut Down Fake COVID-19 Vaccine Phishing Website ‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes.
05 May 2021

Malicious Office 365 Apps Are the Ultimate Insiders

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization's own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user's emails and files, both of which are then plundered to launch malware and phishing scams against others.
05 May 2021

Banking Trojan evolves from distribution through porn to phishing schemes

While starting out in Brazil, the malware may now also be present in Europe.
05 May 2021

Ousaban: Private photo collection hidden in a CABinet

Another in our occasional series demystifying Latin American banking trojans

The post Ousaban: Private photo collection hidden in a CABinet appeared first on WeLiveSecurity

05 May 2021

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency

The malware hones in on cryptocurrency funds as well as VPN credentials.
05 May 2021