Cybersecurity News


Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption

Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
15 September 2020

Windows Exploit Released For Microsoft ‘Zerologon’ Flaw

Windows Exploit Released For Microsoft ‘Zerologon’ Flaw Security researchers and U.S. government authorities alike are urging admins to address Microsoft's critical privilege escalation flaw.
15 September 2020

MITRE releases emulation plan for FIN6 hacking group, more to follow

New MITRE project to provide free emulation plans that mimic major threat actors in order to train and help defenders.
15 September 2020

Simplify Your Privacy Approach to Overcome CCPA Challenges

By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
15 September 2020

MFA Bypass Bugs Opened Microsoft 365 to Attack

MFA Bypass Bugs Opened Microsoft 365 to Attack Vulnerabilities ‘that have existed for years’ in WS-Trust could be exploited to attack other services such as Azure and Visual Studio.
15 September 2020

US reaches $1.5 billion settlement with Daimler over emissions scandal

Daimler must also recall and repair Mercedes-Benz diesel cars that cheat the system.
15 September 2020

Zoom makes 2FA available for all its users

Zoom now supports phone calls, text messages and authentication apps as forms of two-factor authentication  

The post Zoom makes 2FA available for all its users appeared first on WeLiveSecurity

15 September 2020

Department of Veteran Affairs discloses breach impacting 46,000 veterans

Hackers accessed a VA online app and diverted payments meant for healthcare providers.
14 September 2020

Researchers, Companies Slam Mobile Voting Firm Voatz for 'Bad Faith' Attacks

In a letter, almost 70 different security firms and individual researchers criticize Voatz for misrepresenting to the US Supreme Court widely accepted security research practices.
14 September 2020

Magento online stores hacked in largest campaign to date

Almost 2,000 Magento stores have been compromised over the weekend in the largest hacking campaign since 2015.
14 September 2020

Large Cloud Providers Much Less Likely Than Enterprises to Get Breached

Pen-test results also show a majority of organizations have few protections against attackers already on the network.
14 September 2020

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.
14 September 2020

E-Commerce Sites Hit With New Attack on Magento

The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.
14 September 2020

Security Through an Economics Lens: A Guide for CISOs

An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.
14 September 2020

Cloud Leak Exposes 320M Dating-Site Records

Cloud Leak Exposes 320M Dating-Site Records A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.
14 September 2020

Due Diligence That Money Can’t Buy

Most of us automatically put our guard up when someone we don't know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Here's the story of how companies searching for investors to believe in their ideas can run into trouble.
14 September 2020

FBI says credential stuffing attacks are behind some recent bank hacks

The FBI is raising a sign of alarm about the rising number of credential stuffing attacks targeting financial institutions.
14 September 2020

TikTok Fixes Flaws That Opened Android App to Compromise

TikTok Fixes Flaws That Opened Android App to Compromise The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.
14 September 2020

Magecart Attack Impacts More Than 10K Online Shoppers

Magecart Attack Impacts More Than 10K Online Shoppers Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.
14 September 2020

Virginia's Largest School System Hit With Ransomware

Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.
14 September 2020