Cybersecurity News


Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme

While some ransomware groups have heavily targeted Citrix and Pulse Secure VPNs to breach corporate networks in H1 2020, most ransomware attacks take place because of compromised RDP endpoints.
23 August 2020

Your data is not destined for China, assures TikTok’s UK boss

Your data is not destined for China, assures TikTok’s UK boss

The controversial app’s users are ignoring geopolitical battle over its digital security, says Richard Waterworth

TikTok’s UK chief has strenuously denied the video-sharing app, which Donald Trump has threatened to ban, shares data with China.

Richard Waterworth told the Observer that the UK and European arm of TikTok was growing quickly, despite the “turbulent” geopolitical battle in which the Chinese-born app has found itself.

Continue reading...
23 August 2020

University of Utah Pays in Cyber-Extortion Scheme

Though a ransomware attempt was thwarted, the university paid to prevent the release of student PII.
21 August 2020

Free photos, graphics site Freepik discloses data breach impacting 8.3m users

Freepik is one of the most popular websites on the internet, currently ranked #97 on the Alexa Top 100 sites list.
21 August 2020

FBI, CISA Echo Warnings on ‘Vishing’ Threat

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or "vishing" attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic.
21 August 2020

74 Days From the Presidential Election, Security Worries Mount

With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election.
21 August 2020

FBI and CISA warn of major wave of vishing attacks targeting teleworkers

Hackers are calling employees working from home and tricking them into accessing phishing pages for corporate domains.
21 August 2020

University of Utah Pays $457K After Ransomware Attack

University of Utah Pays $457K After Ransomware Attack The university said that it paid $457,000 to retrieve a decryption key after a ransomware attack encrypted student and faculty data on its servers.
21 August 2020

Week in security with Tony Anscombe

This week, ESET researchers analyze fraud emails from the infamous Grandoreiro banking Trojan, impersonating the Agencia Tributaria, Spain’s tax agency. Our security expert Jake Moore demonstrates how easily it is to clone an Instagram account and lure people to give money; learn how to protect yourself. Finally, have you thought about what will happen to your

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

21 August 2020

'Next-Gen' Supply Chain Attacks Surge 430%

Attackers are increasingly seeding open source projects with compromised components.
21 August 2020

Researchers Sound Alarm Over Malicious AWS Community AMIs

Researchers Sound Alarm Over Malicious AWS Community AMIs Malicious Community Amazon Machine Images are a ripe target for hackers, say researchers.
21 August 2020

News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More

News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more.
21 August 2020

Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy

COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.
21 August 2020

Cryptominer Found Embedded in AWS Community AMI

Cryptominer Found Embedded in AWS Community AMI Researchers advise Amazon Web Services users running Community Amazon Machine Images to verify them for potentially malicious code.
21 August 2020

Former Uber CSO Charged With Paying ‘Hush Money’ in 2016 Breach Cover-Up

Former Uber CSO Charged With Paying ‘Hush Money’ in 2016 Breach Cover-Up Joseph Sullivan allegedly paid off $100K to the hackers responsible for a 2016 data breach, which exposed PII of 57 million passengers and drivers.
21 August 2020

Grandoreiro banking trojan impersonates Spain’s tax agency

Beware the tax bogeyman – there are tax scams aplenty

The post Grandoreiro banking trojan impersonates Spain’s tax agency appeared first on WeLiveSecurity

21 August 2020

MPs criticise privacy watchdog over NHS test-and-trace data

MPs criticise privacy watchdog over NHS test-and-trace data

UK information commissioner ‘must ensure government uses public’s data safely and legally’

A cross-party group of more than 20 MPs has accused the UK’s privacy watchdog of failing to hold the government to account for its failures in the NHS coronavirus test-and-trace programme.

The MPs have urged Elizabeth Denham, the information commissioner, to demand that the government change the programme after it admitted failing to conduct a legally required impact assessment of its privacy implications.

Continue reading...
21 August 2020

University of Utah pays $457,000 to ransomware gang

University officials restored from backups, but they had to pay the ransomware gang to prevent them from leaking student data.
20 August 2020

Instacart discloses security incident caused by two contractors

Instacart says two employees at a third-party support vendor accessed "more shopper profiles than was necessary."
20 August 2020

Smart-Lock Hacks Point to Larger IoT Problems

Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.
20 August 2020