Cybersecurity News


Pastebin adds 'Burn After Read' and 'Password Protected Pastes' to the dismay of the infosec community

The two new features will make it easier to disguise malware operations.
26 September 2020

FortiGate VPN Default Config Allows MitM Attacks

FortiGate VPN Default Config Allows MitM Attacks The client's default configuration for SSL-VPN has a certificate issue, researchers said.
25 September 2020

6 Things to Know About the Microsoft 'Zerologon' Flaw

Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.
25 September 2020

Industrial Cyberattacks Get Rarer but More Complex

Industrial Cyberattacks Get Rarer but More Complex The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks.
25 September 2020

Ring’s Flying In-Home Camera Drone Escalates Privacy Worries

Ring’s Flying In-Home Camera Drone Escalates Privacy Worries Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone.
25 September 2020

Navigating the Asia-Pacific Threat Landscape: Experts Dive In

At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.
25 September 2020

Getting Over the Security-to-Business Communication Gap in DevSecOps

Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
25 September 2020

Twitter warns of possible API keys leak

Incorrect server settings on the Twitter Developer portal led to browsers caching API keys, account access token and secret.
25 September 2020

You can bypass TikTok's MFA by logging in via a browser

Enabling MFA in the TikTok mobile app doesn't apply it for the web dashboard. TikTok promised to fix the issue.
25 September 2020

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks.
25 September 2020

RASP 101: Staying Safe With Runtime Application Self-Protection

RASP 101: Staying Safe With Runtime Application Self-Protection The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know.
25 September 2020

Week in security with Tony Anscombe

Bug let hijack Firefox browsers on other phones over Wi-Fi – NIST's new tool to help firms understand why staff fall for phishing – Almost 200 arrested in dark web crackdown

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

25 September 2020

WannaCry Has IoT in Its Crosshairs

The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
25 September 2020

Who is Tech Investor John Bernard?

John Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared of murdering his wife on their honeymoon in India.
25 September 2020

Verizon, AT&T settle overcharging whistleblower case for $116 million

Updated: The lawsuit alleged that both telecoms giants overcharged government agencies for over a decade.
25 September 2020

Airbnb may be exposing private host inbox messages, bookings and earnings data

Airbnb hosts report that they are able to access inboxes that do not belong to them.
25 September 2020

5 tips for better Google Drive security

As cloud storage solutions are becoming more and more popular, we look at several simple steps you can take to secure your files on Google Drive

The post 5 tips for better Google Drive security appeared first on WeLiveSecurity

25 September 2020

Malware Attacks Declined But Became More Evasive in Q2

Most of the malware used in attacks last quarter were designed to evade signature-based detection tools, WatchGuard says.
24 September 2020

CISA says a hacker breached a federal agency

CISA didn't name the attacker but it published an in-depth incident report detailing the hacker's every step.
24 September 2020

Bluetooth Security Weaknesses Pile Up, While Patching Remains Problematic

Turns out, creating wireless ecosystems for a vast number of different architectures, configurations, and use cases is hard.
24 September 2020