Cybersecurity News
Major News Events
When a major news event happens, cyber criminals will take advantage of the incident and send phishing emails with a subject line related to the event. These phishing emails often include a link to malicious websites, an infected attachment or are a scam designed to trick you out of your money.Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network
China-based Spiral group is believed to be behind year-long ttack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell.The Edge Pro Tip: Brush Up on Web Shells
While neither new nor novel, Web shells are making an impact with a surge of Exchange attacks.
Edge Poll: Passwordless Plans
How long do you think it will be before your organization gets rid of passwords?New CISA Advisories Warn of ICS Vulnerabilities
The vulnerabilities exist in Cscape control system application programming software and the Mitsubishi Electric GOT.Prometei Botnet Adds New Twist to Exchange Server Attacks
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.Mount Locker Ransomware Aggressively Changes Up Tactics
The ransomware is upping its danger quotient with new features while signaling a rebranding to "AstroLocker."
Spotlight on the Cybercriminal Supply Chains
In this Threatpost podcast Fortinet’s top researcher outlines what a cybercriminal supply chain is and how much the illicit market is worth.
Improving the Vulnerability Reporting Process With 5 Steps
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.Signal founder: I hacked police phone-cracking tool Cellebrite
Moxie Marlinspike accuses surveillance firm of being ‘linked to persecution’ around the world
The CEO of the messaging app Signal claims to have hacked the phone-cracking tools used by police in Britain and around the world to extract information from seized devices.
In an online post, Moxie Marlinspike, the security researcher who founded Signal in 2013, detailed a series of vulnerabilities in the surveillance devices, made by the Israeli company Cellebrite.
Continue reading...AirDrop flaws could leak phone numbers, email addresses
You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says
The post AirDrop flaws could leak phone numbers, email addresses appeared first on WeLiveSecurity
University Suspends Project After Researchers Submitted Vulnerable Linux Patches
A Linux maintainer pledges to stop taking code submissions from the University of Minnesota after a research team purposely submitted vulnerabilities to show software supply chain weaknesses.Name That Toon: Greetings, Earthlings
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Payment Security in South Africa: A Discussion with Stakeholders
The PCI SSC Security Summit of South Africa, an online event took place this week with more than 315 payment security practitioners from South Africa discussing the latest in payment security and standards. Here we talk with Jeremy King, PCI Security Standards Council VP Regional Head for Europe, Naniki Imelda Ramabi, Chief Risk Officer Payments Association of South Africa (PASA), and Sandro Bucchianeri, Group Chief Security Officer ABSA, about payment security trends, highlights from the Security Summit of South Africa, and industry involvement opportunities for the region.
10 Free Security Tools at Black Hat Asia 2021
Researchers are set to demonstrate a plethora of tools for conducting pen tests, vulnerability assessments, data forensics, and a wide range of other use cases.
Looking for Greater Security Culture? Ask an 8-Bit Plumber
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
Telegram Platform Abused in ‘ToxicEye’ Malware Campaigns
Even if the app is not installed or in use, threat actors can use it to spread malware through email campaigns and take over victims’ machines, new research has found.
SolarWinds hack analysis reveals 56% boost in command server footprint
Researchers say newly identified targets are likely.It’s Easy to Become a Cyberattack Target, but a VPN Can Help
You might think that cybercrime is more prevalent in less digitally literate countries. However, NordVPN's Cyber Risk Index puts North American and Northern European countries at the top of the target list.