Cybersecurity News


Raft of Exim Security Holes Allow Linux Mail Server Takeovers

Raft of Exim Security Holes Allow Linux Mail Server Takeovers Remote code execution, privilege escalation to root and lateral movement through a victim's environment are all on offer for the unpatched or unaware.
05 May 2021

Peloton’s Leaky API Spilled Riders’ Private Data

Peloton’s Leaky API Spilled Riders’ Private Data On top of the privacy spill, Peloton is also recalling all treadmills after the equipment was linked to 70 injuries and the death of one child.
05 May 2021

DDoS attack knocks Belgian government websites offline

The attack overwhelmed the systems of a Belgian ISP, leading to widespread service outages and disruptions

The post DDoS attack knocks Belgian government websites offline appeared first on WeLiveSecurity

05 May 2021

Will 2021 Mark the End of World Password Day?

We might be leaving the world of mandatory asterisks and interrobangs behind for good.
05 May 2021

Feds Shut Down Fake COVID-19 Vaccine Phishing Website

Feds Shut Down Fake COVID-19 Vaccine Phishing Website ‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes.
05 May 2021

Malicious Office 365 Apps Are the Ultimate Insiders

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization's own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user's emails and files, both of which are then plundered to launch malware and phishing scams against others.
05 May 2021

Banking Trojan evolves from distribution through porn to phishing schemes

While starting out in Brazil, the malware may now also be present in Europe.
05 May 2021

Ousaban: Private photo collection hidden in a CABinet

Another in our occasional series demystifying Latin American banking trojans

The post Ousaban: Private photo collection hidden in a CABinet appeared first on WeLiveSecurity

05 May 2021

Panda Stealer dropped in Excel files, spreads through Discord to steal user cryptocurrency

The malware hones in on cryptocurrency funds as well as VPN credentials.
05 May 2021

Newer Generic Top-Level Domains a Security 'Nuisance'

Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use, new report says.
04 May 2021

Apple Issues Patches for Webkit Security Flaws

The vulnerabilities may already be under active attack, Apple says in an advisory.
04 May 2021

Global Phishing Attacks Spawn Three New Malware Strains

Global Phishing Attacks Spawn Three New Malware Strains The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked.
04 May 2021

Planning Our Passwordless Future

Planning Our Passwordless Future All the talk that passwords could one day go away seemed too good to be true, yet the scales are finally started to tip to a passwordless reality. (Part one of a two-part series.)
04 May 2021

Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack

Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.
04 May 2021

Raytheon: Supply Chain, Ransomware, Zero Trust Biggest Security Priorities

SPONSORED CONTENT. While organizations may be more vulnerable than ever to supply chain hacks and ransomware, they can look to Zero Trust frameworks to keep their users and data safe, said Jon Check, a senior director in Raytheon's cyber protection solutions business unit. Check also foresees wider use of automation to handle tasks humans in the SOC can't get to.
04 May 2021

More Companies Adopting DevOps & Agile for Security

Measures of programming speed, security, and automation have all significantly increased in the past year, GitLab's latest survey finds.
04 May 2021

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs

Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others.
04 May 2021

The Wages of Password Re-use: Your Money or Your Life

When normal computer users fall into the nasty habit of recycling passwords, the result is most often some type of financial loss. When cybercriminals develop the same habit, it can eventually cost them their freedom.
04 May 2021

Scripps Health Responds to Cyberattack

The health care system says it has suspended access to patient portals and other applications related to operations at Scripps facilities.
04 May 2021

Can Organizations Secure Remote Workers for the Long Haul?

By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
04 May 2021