Cybersecurity News


Prioritizing Application & API Security After the COVID Cloud Rush

As companies hit the gas to accommodate the rapid shift to work-from-home, security fell behind. Now, it's time to close those gaps.
24 March 2021

Hundreds of fleeceware apps earn dubious iOS, Android developers over $400 million

Free trials can cost mobile app users thousands of dollars in the long run.
24 March 2021

SaltStack revises partial patch for command injection, privilege escalation vulnerability

The second fix was reportedly necessary after SaltStack did not participate in coordinated disclosure.
24 March 2021

Purple Fox malware evolves to propagate across Windows machines

The malware’s new worm capabilities have resulted in a rapidly-increasing infection rate.
24 March 2021

Microsoft: 92% of vulnerable exchange servers are now patched, mitigated

The latest telemetry suggests IT admins are taking the threat seriously.
24 March 2021

Anti-Spoofing for Email Gains Adoption, but Enforcement Lags

More organizations adopt sender authentication, but strict quarantining or rejection of unauthenticated messages remains uncommon.
23 March 2021

Inside the Web Shell Used in the Microsoft Exchange Server Attacks

The history and details of China Chopper - a Web shell commonly seen in the widespread Microsoft Exchange Server attacks.
23 March 2021

Disgruntled IT Contractor Sentenced in Retaliatory Office 365 Attack

Former contractor deleted 1,200 user accounts in revenge.
23 March 2021

Organizations Making Little Headway in Addressing Human Risk

Most enterprise security awareness efforts remain half-hearted, a new SANS survey shows.
23 March 2021

Security Analysis Clears TikTok of Censorship, Privacy Accusations  

Security Analysis Clears TikTok of Censorship, Privacy Accusations   TikTok’s source code is in line with industry standards, security researchers say.
23 March 2021

Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail

Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail A former IT contractor is facing jailtime after a retaliatory hack into a company’s network and wiping the majority of its employees’ Microsoft Office 365 accounts.
23 March 2021

MangaDex Site Offline Following Hacking Incident

MangaDex Site Offline Following Hacking Incident A cyberattacker taunted the site about open security vulnerabilities, prompting a code review.
23 March 2021

Almost $2 billion lost to BEC scams in 2020

Nearly half of reported cybercrime losses in 2020 were the result of BEC fraud, according to an FBI report

The post Almost $2 billion lost to BEC scams in 2020 appeared first on WeLiveSecurity

23 March 2021

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration The arts-and-crafts retailer left 138GB of sensitive information open to the public internet.
23 March 2021

Do Cybercriminals Fear Arrest?

Researchers explore how cybercriminals weigh the possibility of arrest and whether it deters criminal activity.
23 March 2021

Phish Leads to Breach at Calif. State Controller

A phishing attack last week gave attackers access to email and files at the California State Controller's Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.
23 March 2021

Disrupting the Cybercriminal Supply Chain

It is time to turn the tables on cybercriminals and use their own tactics against them.
23 March 2021

Podcast: Microsoft Exchange Server Attack Onslaught Continues

Podcast: Microsoft Exchange Server Attack Onslaught Continues Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet’s FortiGuard Labs, gives insight into the surge in attacks against vulnerable Microsoft Exchange servers over the last week.
23 March 2021

Paving the way: Inspiring Women in Payments - A podcast featuring Global Payments

 

In recognition of Women’s History Month, the PCI Security Standards Council is pleased to bring you a special edition of our podcast. In this panel discussion, we examine what it means to be female in the tech world with three women from Global Payments, a leading worldwide provider of payment technology and software solutions.

23 March 2021

Cartoon Caption Winner: In Hot Water

Cartoon Caption Winner: In Hot Water And the winner of The Edge's March cartoon caption contest is ...
23 March 2021