Cybersecurity News


Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests

A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.
04 September 2020

Vulnerability Disclosure: Ethical Hackers Seek Best Practices

Vulnerability Disclosure: Ethical Hackers Seek Best Practices Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.
04 September 2020

Ad Fraud: The Multibillion-Dollar Cybercrime CISOs Might Overlook

Ad Fraud: The Multibillion-Dollar Cybercrime CISOs Might Overlook Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.
04 September 2020

Ad Fraud: The Multi-Billion Dollar Cybercrime CISOs Might Overlook

Ad Fraud: The Multi-Billion Dollar Cybercrime CISOs Might Overlook Marketing officers may have accepted ad fraud as a cost of doing business, but infosec pros take heed -- fraud can be a step to more significant attacks. Here's what to know and how to take action.
04 September 2020

Facebook Debuts Third-Party Vulnerability Disclosure Policy

Facebook Debuts Third-Party Vulnerability Disclosure Policy If the social-media behemoth finds a bug in another platform's code, the project has 90 days to remediate before Facebook goes public.
04 September 2020

Attackers Steal Outlook Credentials Via Overlay Screens on Legitimate Sites

Attackers Steal Outlook Credentials Via Overlay Screens on Legitimate Sites A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.
04 September 2020

Week in security with Tony Anscombe

ESET research dissects KryptoCibule malware family – Why close unused accounts rather than just remove apps – Microsoft's new deepfake detector

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

04 September 2020

Strategic Cyber Warfare Heats Up

It's "anything goes," according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.
04 September 2020

The Hidden Security Risks of Business Applications

Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.
04 September 2020

US election: Two-thirds of typosquatted domains are non-malicious or parked sites

Digital Shadows researchers analyzed 225 typosquatted domains registered using election-related terms such as Trump, Biden, Pence, and others.
04 September 2020

WhatsApp Discloses 6 Bugs via Dedicated Security Site

WhatsApp Discloses 6 Bugs via Dedicated Security Site The company committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities.
04 September 2020

Firefox will add a new drive-by-download protection

Firefox will block automatic downloads initiated from sandboxed iframes -- the technology usually used for web embeds.
04 September 2020

Warner Music discloses months-long web skimming incident

Magecart hacker gangs strike again!
03 September 2020

Facebook Announces Formal Vulnerability Disclosure Policy for Third-Party Bugs

The social media giant has also launched a new website for sharing information on WhatsApp security.
03 September 2020

Evilnum APT Group Employs New Python RAT

The PyVil remote access Trojan enables attackers to exfiltrate data, perform keylogging, take screenshots, and deploy tools for credential theft.
03 September 2020

Facebook explains how it will notify third-parties about bugs in their products

Companies have 21 days to acknowledge reports and 90 days to patch vulnerabilities; otherwise, Facebook will go public with bug details.
03 September 2020

Facebook to list all WhatsApp security issues on a new dedicated website

New WhatsApp web page will let users and security researchers know when Facebook engineers patched a major security hole.
03 September 2020

Typosquatting Intensifies Ahead of US Election

Mistyped URLs can mean more than inconvenience when a candidate's name is involved.
03 September 2020

New Email-Based Malware Campaigns Target Businesses

Researchers who found "Salfram" say its campaigns use the same crypter to distribute payloads, including ZLoader, SmokeLoader, and AveMaria.
03 September 2020

Fake Data and Fake Information: A Treasure Trove for Defenders

Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.
03 September 2020