Cybersecurity News


Week in security with Tony Anscombe

FBI cleans up compromised Exchange servers – Data of Clubhouse users scraped and posted online – WhatsApp bug alert

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

16 April 2021

Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period

Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes.
16 April 2021

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.
16 April 2021

Spring cleaning? Don’t forget about your digital footprint

Here are some quick and easy tips to help you clean up your cyber-clutter and keep your digital footprint tidy

The post Spring cleaning? Don’t forget about your digital footprint appeared first on WeLiveSecurity

16 April 2021

Digital Inheritance

What happens to our digital presence when we die or become incapacitated? Many of us have or know we should have a will and checklists of what loved ones need to know in the event of our passing. But what about all of our digital data and online accounts? Consider creating some type of digital will, often called a "Digital Inheritance" plan.
16 April 2021

Software Developer Arrested in Computer Sabotage Case

Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.
15 April 2021

Google Brings 37 Security Fixes to Chrome 90

The latest version of Google Chrome also introduces HTTPS as the browser's default protocol.
15 April 2021

US Formally Attributes SolarWinds Attack to Russian Intelligence Agency

Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.
15 April 2021

Pandemic Pushes Bot Operators to Redirect Efforts

As demand for travel, lodging, and concerts plummeted in 2020, bot traffic moved to more popular activities, such as e-commerce, healthcare, and government sites.
15 April 2021

Biden Races to Shore Up Power Grid Against Hacks

Biden Races to Shore Up Power Grid Against Hacks A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said.
15 April 2021

6 Tips for Managing Operational Risk in a Downturn

Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
15 April 2021

Gafgyt Botnet Lifts DDoS Tricks from Mirai

Gafgyt Botnet Lifts DDoS Tricks from Mirai The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.
15 April 2021

How to Create an Incident Response Plan From the Ground, Up

How to Create an Incident Response Plan From the Ground, Up Security 101: In the wake of an incident, it's important to cover all your bases -- and treat your IR plan as a constantly evolving work in progress.
15 April 2021

One in six people use pet’s name as password

Other common and easily hackable password choices include the names of relatives and sports teams, a UK study reveals

The post One in six people use pet’s name as password appeared first on WeLiveSecurity

15 April 2021

Nation-State Attacks Force a New Paradigm: Patching as Incident Response

IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.
15 April 2021

Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4

There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.
15 April 2021

Attackers Target ProxyLogon Exploit to Install Cryptojacker

Attackers Target ProxyLogon Exploit to Install Cryptojacker Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.
15 April 2021

Secure Your Home Wi-Fi Network

Be aware of all the devices connected to your home network, including baby monitors, gaming consoles, TVs, appliances or even your car. Ensure all those devices are protected by a strong password and/or are running the latest version of their operating system.
15 April 2021

Thycotic & Centrify Merge to Form Cloud Identity Security Firm

The combined entity will expand on both companies' privileged access management tools and expects to debut a new brand this year.
14 April 2021

Security Bug Allows Attackers to Brick Kubernetes Clusters

Security Bug Allows Attackers to Brick Kubernetes Clusters The vulnerability is triggered when a cloud container pulls a malicious image from a registry.
14 April 2021