Cybersecurity News


Nearly Half of All Malware is Concealed in TLS-Encrypted Communications

Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.
21 April 2021

Attackers Heavily Targeting VPN Vulnerabilities

Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.
21 April 2021

Instagram debuts new tool to stop abusive message salvos made through new accounts

DMs are the next area the firm wants to focus on in controlling abusive behavior.
21 April 2021

Swiss Army Knife for Information Security: What Is Comprehensive Protection?

Swiss Army Knife for Information Security: What Is Comprehensive Protection? A vendor develops the series logically so that the tools do not just cover individual needs, but complement each other. For example, the concept of SearchInform is to ensure control of threats at all levels of the information network: from hardware and software to file systems and databases, from user actions on a PC to their activity on the Internet.
21 April 2021

Novel Email-Based Campaign Targets Bloomberg Clients with RATs

Novel Email-Based Campaign Targets Bloomberg Clients with RATs Attacks dubbed ‘Fajan’ by researchers are specifically targeted and appear to be testing various threat techniques to find ones with the greatest impact.
21 April 2021

Zero-day vulnerabilities in SonicWall email security are being actively exploited

The vendor is urging customers to apply patches immediately.
21 April 2021

Codecov breach impacted ‘hundreds’ of customer networks: report

Reports suggest the initial hack may have led to a more extensive supply chain attack.
21 April 2021

Updating Plugins

Every plugin or add-on you install in your browser can expose you to more danger. Only install the plugins you need and make sure they are always current. If you no longer need a plugin, disable or remove it from your browser via your browser's plugin preferences.
21 April 2021

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.
20 April 2021

Note to Self: Create Non-Exhaustive List of Competitors

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [NYSE:IT] -- a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.
20 April 2021

Foreign Spies Target British Nationals With Fake Social Media Profiles

British security agency MI5 has launched a new education campaign to warn potential victims of the attacks.
20 April 2021

Attackers Compromised Code-Checking Vendor's Tool for Two Months

A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.
20 April 2021

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity.
20 April 2021

Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack

Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.
20 April 2021

Paving the way: Inspiring Women in Payments - A Q&A featuring Sarah Lambert

 

Sarah Lambert knows that exposure to technology at an early age can make all the difference in whether young pupils can see themselves in those professions. That’s why she has taken her passion for cybersecurity into local schools in Welwyn Garden City, England, enthusiastically encouraging students to consider all aspects of IT. In this edition of our blog, Sarah describes the wide variety of technological roles that have helped to shape her own career.

20 April 2021

2020 Changed Identity Forever; What's Next?

For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
20 April 2021

7 Old IT Things Every New InfoSec Pro Should Know

7 Old IT Things Every New InfoSec Pro Should Know Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less.
20 April 2021

GEICO Alerts Customers Hackers Stole Driver License Data for Two Months

GEICO Alerts Customers Hackers Stole Driver License Data for Two Months The second-largest auto insurance provider in the U.S. has since fixed the vulnerability that exposed information from its website.
20 April 2021

WhatsApp Pink: Watch out for this fake update

The malware sends automated replies to messages on WhatsApp and other major chat apps

The post WhatsApp Pink: Watch out for this fake update appeared first on WeLiveSecurity

20 April 2021

Beware the Bug Bounty

In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
20 April 2021