Cybersecurity News


HPE Fixes Critical Zero-Day in Server Management Software

HPE Fixes Critical Zero-Day in Server Management Software The bug in HPE SIM makes it easy as pie for attackers to remotely trigger code, no user interaction necessary.
28 May 2021

Siemens Patches Major PLC Flaw that Bypasses Its 'Sandbox' Protection

Researchers from Claroty today detailed the memory vuln they discovered in Siemens SIMATIC S7-1200 and S7-1500 PLCs.
28 May 2021

Week in security with Tony Anscombe

You, too, may be vulnerable to SIM swap attacks – How to defend yourself against rom-cons – Zero day in macOS allowed malware to take secret screenshots

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

28 May 2021

Boss of ATM Skimming Syndicate Arrested in Mexico

Florian "The Shark" Tudor, the alleged ringleader of a prolific ATM skimming gang that has stolen hundreds of millions from tourists visiting Mexico over the past eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court.
28 May 2021

Plug-ins for Code Editors Pose Developer-Security Threat

There are two critical vulnerabilities in plug-ins for the popular Visual Studio Code editor, now patched, but security firm Snyk warns that popular plug-ins could put development environments in jeopardy.
28 May 2021

Most Mobile Apps Can Be Compromised in 15 Minutes or Less

In the name of releasing apps quickly and delivering a smooth user experience, mobile app security is often given short shrift.
28 May 2021

Nobelium Phishing Campaign Poses as USAID

Nobelium Phishing Campaign Poses as USAID Microsoft uncovered the SolarWinds crooks using mass-mail service Constant Contact and posing as a U.S.-based development organization to deliver malicious URLs to more than 150 organizations.
28 May 2021

Building Multilayered Security for Modern Threats

Building Multilayered Security for Modern Threats Justin Jett, director of audit and compliance for Plixer, discusses the elements of a successful advanced security posture.
28 May 2021

Researchers find four new malware tools created to exploit Pulse Secure VPN appliances

There are now at least 16 malware families designed to compromise Pulse Secure VPN products.
28 May 2021

Targeted AnyDesk Ads on Google Served Up Weaponized App

Targeted AnyDesk Ads on Google Served Up Weaponized App Malicious ad campaign was able to rank higher in searches than legitimate AnyDesk ads.
27 May 2021

'Have I Been Pwned' Code Base Now Open Source

Founder Troy Hunt also announces the platform will receive compromised passwords the FBI finds in its investigations.
27 May 2021

BazaLoader Attackers Create Fake Movie Streaming Site to Trick Victims

The BazaLoader infection chain includes a live call center and "customer service" from criminals, researchers report.
27 May 2021

Acronis: Pandemic Hastened Cloud Migration, Prompting New Security Issues

SPONSORED: WATCH NOW -- The COVID-19 pandemic has accelerated an ongoing shift in data away from business data centers to home offices and the cloud, explains Candid Wuest, VP of cyber protection research for Acronis.
27 May 2021

Let's Stop Blaming Employees for Our Data Breaches

Assuming employees want to steal trade secrets pits them against your security teams, creates stress and reduces productivity.
27 May 2021

DHS Orders Pipeline Operators to Report Cyberattacks, Review Security Posture

On the heels of the Colonial Pipeline attack, the US Department of Homeland Security aims to force a reticent industry to improve its ability to detect and respond to cybersecurity attacks.
27 May 2021

How Menlo Uses Isolation to Secure Mobile Devices in the Cloud

SPONSORED: WATCH NOW -- Mobile devices like smartphones and tablets have emerged as popular targets for bad actors looking to break into to cloud-based networks, according to Poornima DeBolle, chief product officer for Menlo Security.
27 May 2021

Prevention Is the Only Cure: The Dangers of Legacy Systems

Prolonged exposure to poorly managed legacy IT devices proves time and time again the familiar adage: What can go wrong will go wrong.
27 May 2021

Fujitsu SaaS Hack Sends Govt. of Japan Scrambling

Fujitsu SaaS Hack Sends Govt. of Japan Scrambling Tech giant disables ProjectWEB cloud-based collaboration platform after threat actors gained access and nabbed files belonging to several state entities.
27 May 2021

Biden’s Cybersecurity Executive Order Puts Emphasis on the Wrong Issues

Biden’s Cybersecurity Executive Order Puts Emphasis on the Wrong Issues David Wolpoff, CTO at Randori, argues that the call for rapid cloud transition Is a dangerous proposition: "Mistakes will be made, creating opportunities for our adversaries.
27 May 2021

ExtraHop Explains How Advanced Threats Dominate Threat Landscape

SPONSORED: WATCH NOW -- How do SOC professionals build a strategy when they lack basic information about how such threats operate? Advanced threats by their very nature create plenty of uncertainty, according to Matt Cauthorn, VP of cloud security for ExtraHop.
27 May 2021