Cybersecurity News
Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme
While some ransomware groups have heavily targeted Citrix and Pulse Secure VPNs to breach corporate networks in H1 2020, most ransomware attacks take place because of compromised RDP endpoints.Your data is not destined for China, assures TikTok’s UK boss
The controversial app’s users are ignoring geopolitical battle over its digital security, says Richard Waterworth
TikTok’s UK chief has strenuously denied the video-sharing app, which Donald Trump has threatened to ban, shares data with China.
Richard Waterworth told the Observer that the UK and European arm of TikTok was growing quickly, despite the “turbulent” geopolitical battle in which the Chinese-born app has found itself.
Continue reading...University of Utah Pays in Cyber-Extortion Scheme
Though a ransomware attempt was thwarted, the university paid to prevent the release of student PII.Free photos, graphics site Freepik discloses data breach impacting 8.3m users
Freepik is one of the most popular websites on the internet, currently ranked #97 on the Alexa Top 100 sites list.FBI, CISA Echo Warnings on ‘Vishing’ Threat
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or "vishing" attacks targeting companies. The advisory came less than 24 hours after KrebsOnSecurity published an in-depth look at a crime group offering a service that people can hire to steal VPN credentials and other sensitive data from employees working remotely during the Coronavirus pandemic.74 Days From the Presidential Election, Security Worries Mount
With pandemic measures continuing and political divisions deepening, security experts express concern about the security and integrity of the November election.FBI and CISA warn of major wave of vishing attacks targeting teleworkers
Hackers are calling employees working from home and tricking them into accessing phishing pages for corporate domains.University of Utah Pays $457K After Ransomware Attack
The university said that it paid $457,000 to retrieve a decryption key after a ransomware attack encrypted student and faculty data on its servers.
Week in security with Tony Anscombe
This week, ESET researchers analyze fraud emails from the infamous Grandoreiro banking Trojan, impersonating the Agencia Tributaria, Spain’s tax agency. Our security expert Jake Moore demonstrates how easily it is to clone an Instagram account and lure people to give money; learn how to protect yourself. Finally, have you thought about what will happen to your
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
'Next-Gen' Supply Chain Attacks Surge 430%
Attackers are increasingly seeding open source projects with compromised components.Researchers Sound Alarm Over Malicious AWS Community AMIs
Malicious Community Amazon Machine Images are a ripe target for hackers, say researchers.
News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More
Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more.
Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy
COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.Cryptominer Found Embedded in AWS Community AMI
Researchers advise Amazon Web Services users running Community Amazon Machine Images to verify them for potentially malicious code.
Former Uber CSO Charged With Paying ‘Hush Money’ in 2016 Breach Cover-Up
Joseph Sullivan allegedly paid off $100K to the hackers responsible for a 2016 data breach, which exposed PII of 57 million passengers and drivers.
Grandoreiro banking trojan impersonates Spain’s tax agency
Beware the tax bogeyman – there are tax scams aplenty
The post Grandoreiro banking trojan impersonates Spain’s tax agency appeared first on WeLiveSecurity
MPs criticise privacy watchdog over NHS test-and-trace data
UK information commissioner ‘must ensure government uses public’s data safely and legally’
A cross-party group of more than 20 MPs has accused the UK’s privacy watchdog of failing to hold the government to account for its failures in the NHS coronavirus test-and-trace programme.
The MPs have urged Elizabeth Denham, the information commissioner, to demand that the government change the programme after it admitted failing to conduct a legally required impact assessment of its privacy implications.
Continue reading...