Cybersecurity News
Three npm packages found opening shells on Linux, Windows systems
NPM staff: Any computer that has this package installed or running should be considered fully compromised.Massive New Phishing Campaigns Target Microsoft, Google Cloud Users
At least three campaigns are now underway.Phishers Capitalize on Headlines with Breakneck Speed
Marking a pivot from COVID-19 scams, researchers track a single threat actor through the evolution from the pandemic to PayPal, and on to more timely voter scams -- all with the same infrastructure.
Microsoft Fixes RCE Flaws in Out-of-Band Windows Update
The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could enable remote code execution.
Microsoft releases emergency security updates for Windows and Visual Studio
Two remote code execution (RCE) bugs patched in the Windows Codecs library and Visual Studio Code.Biden Campaign Staffers Targeted in Cyberattack Leveraging Anti-Virus Lure, Dropbox Ploy
Google's Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden's presidential campaign.
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.An Uncommon 20 Years of Commonly Enumerating Vulns
Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).
An Uncommon 20 Years of Commonly Enumerating Vulns
Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).
Phishing Lures Shift from COVID-19 to Job Opportunities
Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.
Google says it mitigated a 2.54 Tbps DDoS attack in 2017, largest known to date
Google discloses previously unknown DDoS attack.Week in security with Tony Anscombe
ESET joins global effort to disrupt the infamous Trickbot botnet – Criminals claim to have hijacked thousands of security cameras – Five ways to secure your home office
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Child abductors may use social media to lure victims, FBI warns
School closings and more screen time can ultimately put children at an increased risk of being kidnapped by strangers they met online
The post Child abductors may use social media to lure victims, FBI warns appeared first on WeLiveSecurity
Dickey’s BBQ Breach: Meaty 3M Payment Card Upload Drops on Joker’s Stash
After cybercriminals smoked out 3 million compromised payment cards on the Joker’s Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.
Academia Adopts Mitre ATT&CK Framework
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.Cybercrime Losses Up 50%, Exceeding $1.8B
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.TikTok Launches Bug Bounty Program Amid Security Snafus
The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.
News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More
From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week.
Azure Defender for IoT enters public preview
Azure Defender for IoT can help companies keep track of IoT/OT networks without having to install anything on their smart devices and industrial equipment.BA fined record £20m for customer data breach
Personal details of more than 400,000 customers accessed by hackers in 2018
British Airways has been fined a record £20m for a data breach in which more than 400,000 customers’ personal details were compromised by hackers in 2018.
The fine is the biggest ever issued by the Information Commissioner’s Office (ICO), but a fraction of the £183m fine initially announced last year. This was reduced after investigators accepted BA’s representations about the circumstances of the attack; and was reduced further to take into account the dire financial position of BA since the onset of Covid-19.
Continue reading...