Cybersecurity News


Edge Poll: Passwordless Plans

How long do you think it will be before your organization gets rid of passwords?
22 April 2021

New CISA Advisories Warn of ICS Vulnerabilities

The vulnerabilities exist in Cscape control system application programming software and the Mitsubishi Electric GOT.
22 April 2021

Prometei Botnet Adds New Twist to Exchange Server Attacks

Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
22 April 2021

Mount Locker Ransomware Aggressively Changes Up Tactics

Mount Locker Ransomware Aggressively Changes Up Tactics The ransomware is upping its danger quotient with new features while signaling a rebranding to "AstroLocker."
22 April 2021

Spotlight on the Cybercriminal Supply Chains

Spotlight on the Cybercriminal Supply Chains In this Threatpost podcast Fortinet’s top researcher outlines what a cybercriminal supply chain is and how much the illicit market is worth.
22 April 2021

Improving the Vulnerability Reporting Process With 5 Steps

Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
22 April 2021

Signal founder: I hacked police phone-cracking tool Cellebrite

Signal founder: I hacked police phone-cracking tool Cellebrite

Moxie Marlinspike accuses surveillance firm of being ‘linked to persecution’ around the world

The CEO of the messaging app Signal claims to have hacked the phone-cracking tools used by police in Britain and around the world to extract information from seized devices.

In an online post, Moxie Marlinspike, the security researcher who founded Signal in 2013, detailed a series of vulnerabilities in the surveillance devices, made by the Israeli company Cellebrite.

Continue reading...
22 April 2021

AirDrop flaws could leak phone numbers, email addresses

You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says

The post AirDrop flaws could leak phone numbers, email addresses appeared first on WeLiveSecurity

22 April 2021

University Suspends Project After Researchers Submitted Vulnerable Linux Patches

A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.
22 April 2021

Name That Toon: Greetings, Earthlings

Name That Toon: Greetings, Earthlings Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
22 April 2021

Payment Security in South Africa: A Discussion with Stakeholders

 

The PCI SSC Security Summit of South Africa, an online event took place this week with more than 315 payment security practitioners from South Africa discussing the latest in payment security and standards. Here we talk with Jeremy King, PCI Security Standards Council VP Regional Head for Europe, Naniki Imelda Ramabi, Chief Risk Officer Payments Association of South Africa (PASA), and Sandro Bucchianeri, Group Chief Security Officer ABSA, about payment security trends, highlights from the Security Summit of South Africa, and industry involvement opportunities for the region.

22 April 2021

10 Free Security Tools at Black Hat Asia 2021

10 Free Security Tools at Black Hat Asia 2021 Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.
22 April 2021

Looking for Greater Security Culture? Ask an 8-Bit Plumber

Looking for Greater Security Culture? Ask an 8-Bit Plumber After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
22 April 2021

Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns

Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns Even if the app is not installed or in use, threat actors can use it to spread malware through email campaigns and take over victims’ machines, new research has found.
22 April 2021

SolarWinds hack analysis reveals 56% boost in command server footprint

Researchers say newly identified targets are likely.
22 April 2021

It’s Easy to Become a Cyberattack Target, but a VPN Can Help

It’s Easy to Become a Cyberattack Target, but a VPN Can Help You might think that cybercrime is more prevalent in less digitally literate countries. However, NordVPN's Cyber Risk Index puts North American and Northern European countries at the top of the target list.
22 April 2021

Who's Your Login?

If only Abbott and Costello were around today.
22 April 2021

New US Justice Department team aims to disrupt ransomware operations

The task force will focus on dealing with the “root causes” of ransomware.
22 April 2021

Rapid7 Acquires Velociraptor Open Source Project

The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.
21 April 2021

4 Innovative Ways Cyberattackers Hunt for Security Bugs

4 Innovative Ways Cyberattackers Hunt for Security Bugs David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved "fixme" flags in developer support groups.
21 April 2021