Cybersecurity News
Microsoft Exchange Servers See ProxyLogon Patching Frenzy

24 March 2021
What a Federal Data Privacy Law Would Mean for Consumers
With an array of serious proposals from both sides of the political divide, it looks as though the US may finally have a national privacy law.24 March 2021
How to Protect Our Critical Infrastructure From Attack
Just how worried should we be about a cyber or physical attack on national infrastructure? Chris Price reports on how the pandemic, the growth of remote working, and IoT are putting assets at risk.24 March 2021
Purple Fox Malware Targets Windows Machines With New Worm Capabilities

24 March 2021
Prioritizing Application & API Security After the COVID Cloud Rush
As companies hit the gas to accommodate the rapid shift to work-from-home, security fell behind. Now, it's time to close those gaps.24 March 2021
Hundreds of fleeceware apps earn dubious iOS, Android developers over $400 million
Free trials can cost mobile app users thousands of dollars in the long run.24 March 2021
SaltStack revises partial patch for command injection, privilege escalation vulnerability
The second fix was reportedly necessary after SaltStack did not participate in coordinated disclosure.24 March 2021
Purple Fox malware evolves to propagate across Windows machines
The malware’s new worm capabilities have resulted in a rapidly-increasing infection rate.24 March 2021
Microsoft: 92% of vulnerable exchange servers are now patched, mitigated
The latest telemetry suggests IT admins are taking the threat seriously.24 March 2021
Anti-Spoofing for Email Gains Adoption, but Enforcement Lags
More organizations adopt sender authentication, but strict quarantining or rejection of unauthenticated messages remains uncommon.23 March 2021
Inside the Web Shell Used in the Microsoft Exchange Server Attacks
The history and details of China Chopper - a Web shell commonly seen in the widespread Microsoft Exchange Server attacks.23 March 2021
Disgruntled IT Contractor Sentenced in Retaliatory Office 365 Attack
Former contractor deleted 1,200 user accounts in revenge.23 March 2021
Organizations Making Little Headway in Addressing Human Risk
Most enterprise security awareness efforts remain half-hearted, a new SANS survey shows.23 March 2021
Security Analysis Clears TikTok of Censorship, Privacy Accusations

23 March 2021
Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail

23 March 2021
MangaDex Site Offline Following Hacking Incident

23 March 2021
Almost $2 billion lost to BEC scams in 2020
Nearly half of reported cybercrime losses in 2020 were the result of BEC fraud, according to an FBI report
The post Almost $2 billion lost to BEC scams in 2020 appeared first on WeLiveSecurity
23 March 2021
Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

23 March 2021
Do Cybercriminals Fear Arrest?
Researchers explore how cybercriminals weigh the possibility of arrest and whether it deters criminal activity.23 March 2021
Phish Leads to Breach at Calif. State Controller
A phishing attack last week gave attackers access to email and files at the California State Controller's Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.23 March 2021