Cybersecurity News


Ubiquiti All But Confirms Breach Response Iniquity

For four days this past week, Internet-of-Things giant Ubiquiti failed to respond to requests for comment on a whistleblower's allegations that the company had massively downplayed a "catastrophic" two-month breach ending in January to save its stock price, and that Ubiquiti's insinuation that a third-party was to blame was a fabrication. I was happy to add their eventual public response to the top of Tuesday's story on the whistleblower's claims, but their statement deserves a post of its own because it actually confirms and reinforces those claims.
04 April 2021

Inside the Ransomware Campaigns Targeting Exchange Servers

Security experts discuss the ransomware campaigns taking aim at Microsoft Exchange Server vulnerabilities patched last month.
02 April 2021

FBI: APTs Actively Exploiting Fortinet VPN Security Holes

FBI: APTs Actively Exploiting Fortinet VPN Security Holes Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon.
02 April 2021

Hackers Demand $40M in Ransom From Florida School District

District officials say they have no intention of paying the ransom
02 April 2021

Call of Duty Cheats Expose Gamers to Malware, Takeover

Call of Duty Cheats Expose Gamers to Malware, Takeover Activision is warning that cyberattackers are disguising malware -- a remote-access trojan (RAT) -- in cheat programs.
02 April 2021

FBI & CISA Warn of Active Attacks on FortiOS Vulnerabilities

A joint advisory warns admins of the likelihood of APT groups exploiting three vulnerabilities in the Fortinet FortiOS.
02 April 2021

From PowerShell to Payload: An Analysis of Weaponized Malware

From PowerShell to Payload: An Analysis of Weaponized Malware John Hammond, security researcher with Huntress, takes a deep-dive into a malware's technical and coding aspects.
02 April 2021

US Tech Dominance Rides on Securing Intellectual Property

A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
02 April 2021

Robinhood Warns Customers of Tax-Season Phishing Scams

Robinhood Warns Customers of Tax-Season Phishing Scams Attackers are impersonating the stock-trading broker using fake websites to steal credentials as well as sending emails with malicious tax files.
02 April 2021

Week in security with Tony Anscombe

PHP source code briefly backdoored – Prevent data loss before it's too late – The perils of owning a smart dishwasher

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

02 April 2021

Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It

Attackers commonly focus on finding users with too much privileged access as their ticket to network compromise. What can companies do?
01 April 2021

80% of Global Enterprises Report Firmware Cyberattacks

80% of Global Enterprises Report Firmware Cyberattacks A vast majority of companies in a global survey from Microsoft report being a victim of a firmware-focused cyberattack, but defense spending lags, but defense spending lags.
01 April 2021

New KrebsOnSecurity Mobile-Friendly Site

Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us over the next few days as we hunt down the gremlins in the gears.
01 April 2021

7 Security Strategies as Employees Return to the Office

7 Security Strategies as Employees Return to the Office More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal.
01 April 2021

Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack

Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack Some legacy models of QNAP network attached storage devices are vulnerable to remote unauthenticated attacks because of two unpatched vulnerabilities.
01 April 2021

Kansas Man Indicted for Hacking, Tampering With Water Utility System

Attacker disabled water-purification operation systems "with intention of harming" the rural water district.
01 April 2021

NIST Publishes Guide for Securing Hotel Property Management Systems

These sensitive systems store guests' personal data and payment-card information.
01 April 2021

Ragnarok Ransomware Hits Boggi Milano Menswear

Ragnarok Ransomware Hits Boggi Milano Menswear The ransomware gang exfiltrated 40 gigabytes of data from the fashion house, including HR and salary details.
01 April 2021

Solving the Leadership Buy-In Impasse With Data

Justify your requirements with real numbers to get support for security investments.
01 April 2021

Building a Fortress: 3 Key Strategies for Optimized IT Security

Building a Fortress: 3 Key Strategies for Optimized IT Security Chris Hass, director of information security and research at Automox, discusses how to shore up cybersecurity defenses and what to prioritize.
01 April 2021