Cybersecurity News


Nvidia releases security update for high-severity graphics driver vulnerabilities

Exploits include data tampering, denial of service, and privilege escalation.
08 January 2021

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking

Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking Major browsers get an update to fix separate bugs that both allow for remote attacks, which could potentially allow hackers to takeover targeted devices.
08 January 2021

New side-channel attack can recover encryption keys from Google Titan security keys

Attack requires physical access to the devices but Titan and other keys can be cloned if attacks are successful.
07 January 2021

Sealed U.S. Court Records Exposed in SolarWinds Breach

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.
07 January 2021

Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020

Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.
07 January 2021

FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack

CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.
07 January 2021

Biden to Appoint Cybersecurity Advisor to NSC – Report

Biden to Appoint Cybersecurity Advisor to NSC – Report Anne Neuberger will join the National Security Council, according to sources.
07 January 2021

State Dept. to Create New Cybersecurity & Technology Agency

Bureau of Cyberspace Security and Emerging Technologies (CSET) will serve as diplomatic arm for US cybersecurity interests.
07 January 2021

Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws

Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws In all, Nvidia patched flaws tied to 16 CVEs across its graphics drivers and vGPU software, in its first security update of 2021.
07 January 2021

Even Small Nations Have Jumped into the Cyber Espionage Game

While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a "zero-click" iMessage exploit that targeted journalists last year.
07 January 2021

All Aboard the Pequod!

Like countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nation's capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol. For those trying to draw meaning from the experience, might I suggest consulting the literary classic Moby Dick, which simultaneously holds clues about QAnon's origins and offers an apt allegory about a modern-day Captain Ahab and his ill-fated obsessions.
07 January 2021

Ransomware Victims' Data Published via DDoSecrets

Activists behind Distributed Denial of Secrets has shared 1TB of data pulled from Dark Web sites where it was shared by ransomware attackers.
07 January 2021

How the Shady Zero-Day Sales Game Is Evolving

How the Shady Zero-Day Sales Game Is Evolving Zero-day vulns are cold, while access-as-a-service is hot. Here's how black market (and gray market) deals go down.
07 January 2021

Fired Healthcare Exec Stalls Critical PPE Shipment for Months

Fired Healthcare Exec Stalls Critical PPE Shipment for Months A fired Stradis Healthcare employee sought revenge by tampering with shipping data for desperately needed healthcare PPE.
07 January 2021

Ryuk gang estimated to have made more than $150 million from ransomware attacks

Most of the Ryuk gang's "earnings" are being cashed out through accounts at crypto-exchanges Binance and Huobi.
07 January 2021

Threatpost Poll: Weigh in on Ransomware Security

Threatpost Poll: Weigh in on Ransomware Security Provide your views on ransomware and how to deal with it in our anonymous Threatpost poll.
07 January 2021

WhatsApp updates privacy policy to enable sharing more data with Facebook

Many users have until February 8 to accept the new rules – or else lose access to the app

The post WhatsApp updates privacy policy to enable sharing more data with Facebook appeared first on WeLiveSecurity

07 January 2021

New Year, New Ransomware: Babuk Locker Targets Large Corporations

New Year, New Ransomware: Babuk Locker Targets Large Corporations Despite being a mostly run-of-the-mill ransomware strain, Babuk Locker's encryption mechanisms and abuse of Windows Restart Manager sets it apart.
07 January 2021

Cobalt Strike and Metasploit accounted for a quarter of all malware C&C servers in 2020

Security firm Recorded Future said it tracked more than 10,000 malware command and control servers last year, used across more than 80 malware families.
07 January 2021

The 3 Most Common Types of BEC Attacks (And What You Can Do About Them)

Always be skeptical and double check credentials.
07 January 2021