Cybersecurity News
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
The video platform was accused of collecting biometric data without consent.26 February 2021
How $100M in Jobless Claims Went to Inmates
The U.S. Labor Department's inspector general said this week that roughly $100 million in fraudulent unemployment insurance claims were paid in 2020 to criminals who are already in jail. That's a tiny share of the estimated tens of billions of dollars in jobless benefits states have given to identity thieves in the past year. To help reverse that trend, many states are now turning to a little-known private company called ID.me. This post examines some of what that company is seeing in its efforts to stymie unemployment fraud.25 February 2021
Inside Strata's Plans to Solve the Cloud Identity Puzzle
Strata Identity was founded to change businesses' approach to identity management as multicloud environments become the norm.25 February 2021
Microsoft Releases Free Tool for Hunting SolarWinds Malware
Meanwhile, researchers at SecurityScorecard say the "fileless" malware loader in the attack - Teardrop - actually dates back to 2017.25 February 2021
North Korea's Lazarus Group Expands to Stealing Defense Secrets
Several gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says.25 February 2021
Ransomware, Phishing Will Remain Primary Risks in 2021
Attackers have doubled down on ransomware and phishing -- with some tweaks -- while deepfakes and disinformation will become more major threats in the future, according to a trio of threat reports.25 February 2021
Cyberattacks Launch Against Vietnamese Human-Rights Activists
Vietnam joins the ranks of governments using spyware to crack down on human-rights defenders.
25 February 2021
Thousands of VMware Servers Exposed to Critical RCE Bug
Security experts report scanning activity targeting vulnerable vCenter servers after a researcher published proof-of-concept code.25 February 2021
5 Key Steps Schools Can Take to Defend Against Cyber Threats
Educational institutions have become prime targets, but there are things they can do to stay safer.25 February 2021
Chinese cyberspies targeted Tibetans with a malicious Firefox add-on
The Chinese hacking group used the malicious add-on to collect Gmail and Firefox data from their victims.25 February 2021
Facebook ramps up fight against child abuse content
Two new tools will warn users about the risks of searching for and sharing content that exploits children, including the potential legal consequences of doing so
The post Facebook ramps up fight against child abuse content appeared first on WeLiveSecurity
25 February 2021
Health Website Leaks 8 Million COVID-19 Test Results
A teenaged ethical hacker discovered a flawed endpoint associated with a health-department website in the state of Bengal, which exposed personally identifiable information related to test results.
25 February 2021
Malicious Mozilla Firefox Extension Allows Gmail Takeover
The malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data.
25 February 2021
How to Avoid Falling Victim to a SolarWinds-Style Attack
A multilayered, zero-trust security posture provides a better chance of fending off sophisticated supply chain attackers before it's too late.25 February 2021
Cisco Warns of Critical Auth-Bypass Security Flaw
Cisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches.
25 February 2021
This chart shows the connections between cybercrime groups
CrowdStrike puts together a list of connections and how cybercrime groups cooperate with each other.25 February 2021
Cybercriminals Target QuickBooks Databases
Stolen financial files then get sold on the Dark Web, researchers say.24 February 2021
New APT Group Targets Airline Industry & Immigration
LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.24 February 2021
61% of Malware Delivered via Cloud Apps: Report
Researchers report the majority of malware is now delivered via cloud applications - a jump from 48% last year.24 February 2021
Tax Season Ushers in Quickbooks Data-Theft Spike
Quickbooks malware targets tax data for attackers to sell and use in phishing scams.
24 February 2021