Cybersecurity News
Nearly Half of All Malware is Concealed in TLS-Encrypted Communications
Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.21 April 2021
Attackers Heavily Targeting VPN Vulnerabilities
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.21 April 2021
Instagram debuts new tool to stop abusive message salvos made through new accounts
DMs are the next area the firm wants to focus on in controlling abusive behavior.21 April 2021
Swiss Army Knife for Information Security: What Is Comprehensive Protection?

21 April 2021
Novel Email-Based Campaign Targets Bloomberg Clients with RATs

21 April 2021
Zero-day vulnerabilities in SonicWall email security are being actively exploited
The vendor is urging customers to apply patches immediately.21 April 2021
Codecov breach impacted ‘hundreds’ of customer networks: report
Reports suggest the initial hack may have led to a more extensive supply chain attack.21 April 2021
Updating Plugins
Every plugin or add-on you install in your browser can expose you to more danger. Only install the plugins you need and make sure they are always current. If you no longer need a plugin, disable or remove it from your browser via your browser's plugin preferences.21 April 2021
Pulse Secure VPN Flaws Exploited to Target US Defense Sector
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.20 April 2021
Note to Self: Create Non-Exhaustive List of Competitors
What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [NYSE:IT] -- a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.20 April 2021
Foreign Spies Target British Nationals With Fake Social Media Profiles
British security agency MI5 has launched a new education campaign to warn potential victims of the attacks.20 April 2021
Attackers Compromised Code-Checking Vendor's Tool for Two Months
A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.20 April 2021
Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock

20 April 2021
Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack
Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.20 April 2021
Paving the way: Inspiring Women in Payments - A Q&A featuring Sarah Lambert
Sarah Lambert knows that exposure to technology at an early age can make all the difference in whether young pupils can see themselves in those professions. That’s why she has taken her passion for cybersecurity into local schools in Welwyn Garden City, England, enthusiastically encouraging students to consider all aspects of IT. In this edition of our blog, Sarah describes the wide variety of technological roles that have helped to shape her own career.
20 April 2021
2020 Changed Identity Forever; What's Next?
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.20 April 2021
7 Old IT Things Every New InfoSec Pro Should Know

20 April 2021
GEICO Alerts Customers Hackers Stole Driver License Data for Two Months

20 April 2021
WhatsApp Pink: Watch out for this fake update
The malware sends automated replies to messages on WhatsApp and other major chat apps
The post WhatsApp Pink: Watch out for this fake update appeared first on WeLiveSecurity
20 April 2021
Beware the Bug Bounty
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.20 April 2021