Cybersecurity News
Week in security with Tony Anscombe
Security challenges for connected medical devices – Zero-day in Chrome gets patched – How to avoid USB drive security woes
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
23 October 2020
Nvidia Warns Gamers of Severe GeForce Experience Flaws
Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more.
23 October 2020
A Pause to Address 'Ethical Debt' of Facial Recognition
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.23 October 2020
Ransomware Takes Down Network of French IT Giant
Sopra Steria hit with cyber attack that reportedly encrypted parts of their network on Oct. 20 but has remained mostly mum on details.
23 October 2020
Nvidia tackles code execution flaws, data leaks in GeForce Experience
The worst of the bugs is an uncontrolled search path issue with severe, exploitable consequences.23 October 2020
Securing medical devices: Can a hacker break your heart?
Why are connected medical devices vulnerable to attack and how likely are they to get hacked? Here are five digital chinks in the armor.
The post Securing medical devices: Can a hacker break your heart? appeared first on WeLiveSecurity
23 October 2020
Botnet Infects Hundreds of Thousands of Websites
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.22 October 2020
The Now-Defunct Firms Behind 8chan, QAnon
Some of the world's largest Internet firms have taken steps to crack down on disinformation spread by QAnon conspiracy theorists and the hate-filled anonymous message board 8chan. But according to a California-based security researcher, those seeking to de-platform these communities may have overlooked a simple legal solution to that end: Both the Nevada-based web hosting company owned by 8chan's current figurehead and the California firm that provides its sole connection to the Internet are defunct businesses in the eyes of their respective state regulators. In practical terms, what this means is that the legal contracts which granted these companies temporary control over large swaths of Internet address space are now null and void, and American Internet regulators would be well within their rights to cancel those contracts and reclaim the space.22 October 2020
7 Mobile Browsers Vulnerable to Address-Bar Spoofing
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says22 October 2020
Credential-Stuffing Attacks Plague Loyalty Programs
But that's not the only type of web attack cybercriminals have been profiting from.22 October 2020
FBI, CISA: Russian hackers breached US government networks, exfiltrated data
Intrusions blamed on a Russian hacker group known as Energetic Bear.22 October 2020
NSA whistleblower Edward Snowden granted permanent residency in Russia
Edward Snowden has been living in Russia since June 2013.22 October 2020
WordPress Plug-in Updated in Rare Forced Action
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.22 October 2020
8 New and Hot Cybersecurity Certifications for 2020
While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.
22 October 2020
Researcher: I Hacked Trump’s Twitter by Guessing Password
Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported.
22 October 2020
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.22 October 2020
Facebook, News and XSS Underpin Complex Browser Locker Attack
An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam.
22 October 2020
Microsoft Teams Phishing Attack Targets Office 365 Users
Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.
22 October 2020
EU sanctions Russia over 2015 German Parliament hack
Germany had been asking and pushing EU officials for an official statement and sanctions against Russia since earlier this year.22 October 2020
Chrome 86 Aims to Bar Abusive Notification Content
Google said Chrome 86 will automatically block malicious notifications that may be used for phishing or malware.
22 October 2020