Cybersecurity News


Three npm packages found opening shells on Linux, Windows systems

NPM staff: Any computer that has this package installed or running should be considered fully compromised.
17 October 2020

Massive New Phishing Campaigns Target Microsoft, Google Cloud Users

At least three campaigns are now underway.
16 October 2020

Phishers Capitalize on Headlines with Breakneck Speed

Phishers Capitalize on Headlines with Breakneck Speed Marking a pivot from COVID-19 scams, researchers track a single threat actor through the evolution from the pandemic to PayPal, and on to more timely voter scams -- all with the same infrastructure.
16 October 2020

Microsoft Fixes RCE Flaws in Out-of-Band Windows Update

Microsoft Fixes RCE Flaws in Out-of-Band Windows Update The two important-severity flaws in Microsoft Windows Codecs Library and Visual Studio Code could enable remote code execution.
16 October 2020

Microsoft releases emergency security updates for Windows and Visual Studio

Two remote code execution (RCE) bugs patched in the Windows Codecs library and Visual Studio Code.
16 October 2020

Biden Campaign Staffers Targeted in Cyberattack Leveraging Anti-Virus Lure, Dropbox Ploy

Biden Campaign Staffers Targeted in Cyberattack Leveraging Anti-Virus Lure, Dropbox Ploy Google's Threat Analysis Group sheds more light on targeted credential phishing and malware attacks on the staff of Joe Biden's presidential campaign.
16 October 2020

US Counterintelligence Director & Fmr. Europol Leader Talk Election Security

The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.
16 October 2020

An Uncommon 20 Years of Commonly Enumerating Vulns

An Uncommon 20 Years of Commonly Enumerating Vulns Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).
16 October 2020

An Uncommon 20 Years of Commonly Enumerating Vulns

An Uncommon 20 Years of Commonly Enumerating Vulns Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).
16 October 2020

Phishing Lures Shift from COVID-19 to Job Opportunities

Phishing Lures Shift from COVID-19 to Job Opportunities Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.
16 October 2020

Google says it mitigated a 2.54 Tbps DDoS attack in 2017, largest known to date

Google discloses previously unknown DDoS attack.
16 October 2020

Week in security with Tony Anscombe

ESET joins global effort to disrupt the infamous Trickbot botnet – Criminals claim to have hijacked thousands of security cameras – Five ways to secure your home office

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

16 October 2020

Child abductors may use social media to lure victims, FBI warns

School closings and more screen time can ultimately put children at an increased risk of being kidnapped by strangers they met online

The post Child abductors may use social media to lure victims, FBI warns appeared first on WeLiveSecurity

16 October 2020

Dickey’s BBQ Breach: Meaty 3M Payment Card Upload Drops on Joker’s Stash

Dickey’s BBQ Breach: Meaty 3M Payment Card Upload Drops on Joker’s Stash After cybercriminals smoked out 3 million compromised payment cards on the Joker’s Stash marketplace, researchers linked the data to a breach at the popular barbecue franchise.
16 October 2020

Academia Adopts Mitre ATT&CK Framework

Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.
16 October 2020

Cybercrime Losses Up 50%, Exceeding $1.8B

Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
16 October 2020

TikTok Launches Bug Bounty Program Amid Security Snafus

TikTok Launches Bug Bounty Program Amid Security Snafus The move is a distinct change in direction for the app, which has been criticized and even banned for its security practices.
16 October 2020

News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More

News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week.
16 October 2020

Azure Defender for IoT enters public preview

Azure Defender for IoT can help companies keep track of IoT/OT networks without having to install anything on their smart devices and industrial equipment.
16 October 2020

BA fined record £20m for customer data breach

BA fined record £20m for customer data breach

Personal details of more than 400,000 customers accessed by hackers in 2018

British Airways has been fined a record £20m for a data breach in which more than 400,000 customers’ personal details were compromised by hackers in 2018.

The fine is the biggest ever issued by the Information Commissioner’s Office (ICO), but a fraction of the £183m fine initially announced last year. This was reduced after investigators accepted BA’s representations about the circumstances of the attack; and was reduced further to take into account the dire financial position of BA since the onset of Covid-19.

Continue reading...
16 October 2020