Cybersecurity News


Note to Self: Create Non-Exhaustive List of Competitors

What was the best news you heard so far this month? Mine was learning that KrebsOnSecurity is listed as a restricted competitor by Gartner Inc. [NYSE:IT] -- a $4 billion technology goliath whose analyst reports can move markets and shape the IT industry.
20 April 2021

Foreign Spies Target British Nationals With Fake Social Media Profiles

British security agency MI5 has launched a new education campaign to warn potential victims of the attacks.
20 April 2021

Attackers Compromised Code-Checking Vendor's Tool for Two Months

A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.
20 April 2021

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock

Mozilla Fixes Firefox Flaw That Allowed Spoofing of HTTPS Browser Padlock The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity.
20 April 2021

Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack

Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.
20 April 2021

Paving the way: Inspiring Women in Payments - A Q&A featuring Sarah Lambert

 

Sarah Lambert knows that exposure to technology at an early age can make all the difference in whether young pupils can see themselves in those professions. That’s why she has taken her passion for cybersecurity into local schools in Welwyn Garden City, England, enthusiastically encouraging students to consider all aspects of IT. In this edition of our blog, Sarah describes the wide variety of technological roles that have helped to shape her own career.

20 April 2021

2020 Changed Identity Forever; What's Next?

For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
20 April 2021

7 Old IT Things Every New InfoSec Pro Should Know

7 Old IT Things Every New InfoSec Pro Should Know Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less.
20 April 2021

GEICO Alerts Customers Hackers Stole Driver License Data for Two Months

GEICO Alerts Customers Hackers Stole Driver License Data for Two Months The second-largest auto insurance provider in the U.S. has since fixed the vulnerability that exposed information from its website.
20 April 2021

WhatsApp Pink: Watch out for this fake update

The malware sends automated replies to messages on WhatsApp and other major chat apps

The post WhatsApp Pink: Watch out for this fake update appeared first on WeLiveSecurity

20 April 2021

Beware the Bug Bounty

In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
20 April 2021

Internal Facebook email reveals intent to frame data scraping as ‘normalized, broad industry issue’

Updated: More scraping incidents are "expected" in the future.
20 April 2021

Lazarus hacking group now hides payloads in BMP image files

South Korea continues to be a favored target.
20 April 2021

Facebook cracks down on posts urging violence, mockery ahead of Chauvin verdict in George Floyd case

The company also aims to wipe out content that “praises, celebrates or mocks George Floyd's death.”
20 April 2021

Remote code execution vulnerabilities uncovered in smart air fryer

The impacted vendor has not responded or fixed the security issues.
20 April 2021

Detecting Fraud

Review your bank, credit card and financial statements regularly to identify unauthorized activity. This is one of the most effective ways to quickly detect if your bank account, credit card or identity has been compromised.
20 April 2021

White House Scales Back Response to SolarWinds & Exchange Server Attacks

Lessons learned from the Unified Coordination Groups will be used to inform future response efforts, a government official says.
19 April 2021

Attackers Test Weak Passwords in Purple Fox Malware Attacks

Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.
19 April 2021

Lazarus Group Uses New Tactic to Evade Detection

Attackers conceal malicious code within a BMP file to slip past security tools designed to detect embedded objects within images.
19 April 2021

NitroRansomware Asks for $9.99 Discord Gift Codes, Steals Access Tokens

NitroRansomware Asks for $9.99 Discord Gift Codes, Steals Access Tokens The malware seems like a silly coding lark at first, but further exploration shows it can wreak serious damage in follow-on attacks.
19 April 2021