Cybersecurity News


There's now COVID-19 malware that will wipe your PC and rewrite your MBR

Security researchers have discovered coronavirus-themed malware created to destroy users' computers.
01 April 2020

Attackers Leverage Excel File Encryption to Deliver Malware

Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says.
01 April 2020

Wiper Malware Called “Coronavirus” Spreads Among Windows Victims

Wiper Malware Called “Coronavirus” Spreads Among Windows Victims Like NotPetya, it overwrites the master boot record to render computers "trashed."
01 April 2020

Microsoft is working on mitigating an entire Windows bug class

Researcher set out to find 15 new Windows bugs last year. He found 25, and Microsoft already patched 11.
01 April 2020

Why All Employees Are Responsible for Company Cybersecurity

It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
01 April 2020

Coronavirus ‘Financial Relief’ Phishing Attacks Spike

Coronavirus ‘Financial Relief’ Phishing Attacks Spike A spate of phishing attacks have promised financial relief due to the coronavirus pandemic - but in reality swiped victims' credentials, payment card data and more.
01 April 2020

Critical WordPress Plugin Bug Can Lock Admins Out of Websites

Critical WordPress Plugin Bug Can Lock Admins Out of Websites A second vulnerability could be used to prevent access to almost all of a site’s existing content, by simply redirecting visitors.
01 April 2020

Active Directory Attacks Hit the Mainstream

Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
01 April 2020

Microsoft Alerts Healthcare to Human-Operated Ransomware

Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.
01 April 2020

Two Zoom Zero-Day Flaws Uncovered

Two Zoom Zero-Day Flaws Uncovered The zero-day Zoom flaws could give local, unprivileged attackers root privileges, and allow them to access victims’ microphone and camera.
01 April 2020

Could Work-From-Home Staff be Violating Privacy Laws During Conference Calls?

Could Work-From-Home Staff be Violating Privacy Laws During Conference Calls? If you are lucky enough to be able to do your job from home right now, you should be aware of a few key things.
01 April 2020

Marriott hacked again, 5.2 million guests affected

Bad actors accessed a range of personally identifiable information, including names, dates of birth and a lot more

The post Marriott hacked again, 5.2 million guests affected appeared first on WeLiveSecurity

01 April 2020

The SOC Emergency Room Faces Malware Pandemic

To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.
01 April 2020

LimeRAT malware is being spread through VelvetSweatshop Excel encryption technique

The old tactic is proving fruitful in a new campaign.
01 April 2020

Top Email Protections Fail in Latest COVID-19 Phishing Campaign

Top Email Protections Fail in Latest COVID-19 Phishing Campaign An effective spoofing campaign promises users important information about new coronavirus cases in their local area, scooting past Proofpoint and Microsoft Office 356 ATPs.
01 April 2020

Major Cloud, CDN Providers Join Secure Routing Initiative

Akamai, AWS, Azion, Cloudflare, Facebook, and Netflix are now members of the Mutually Agreed Norms for Routing Security (MANRS) effort.
01 April 2020

A crypto-mining botnet has been hijacking MSSQL servers for almost two years

Vollgar botnet launches brute-force attacks against MSSQL databases to take over servers and install Monero and Vollar cryptocurrency miners.
01 April 2020

Morrisons not liable for massive staff data leak, court rules

Morrisons not liable for massive staff data leak, court rules

UK supreme court says retailer not to blame for actions of employee with grudge

The UK’s highest court has ruled that Morrisons should not be held liable for the criminal act of an employee with a grudge who leaked the payroll data of about 100,000 members of staff.

The supermarket group brought a supreme court challenge in an attempt to overturn previous judgments which gave the go-ahead for compensation claims by thousands of employees whose personal details were posted on the internet.

Continue reading...
01 April 2020

Coronavirus con artists continue to spread infections of their own

The scam machine shows no signs of slowing down, as fraudsters dispense bogus health advice, peddle fake testing kits and issue malware-laced purchase orders

The post Coronavirus con artists continue to spread infections of their own appeared first on WeLiveSecurity

01 April 2020

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com, the world's largest domain name registrar, KrebsOnSecurity has learned. The incident gave the phisher the ability to view and modify key customer records, access that was used to briefly hijack domains for a half-dozen GoDaddy customers, including transaction brokering site escrow.com.
31 March 2020