Cybersecurity News


30M Dell Devices at Risk for Remote BIOS Attacks, RCE

30M Dell Devices at Risk for Remote BIOS Attacks, RCE Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.
24 June 2021

One-click account takeover vulnerabilities in Atlassian domains patched

Research was conducted in light of the increasing threat of supply-chain attacks.
24 June 2021

79% of Third-Party Libraries in Apps Are Never Updated

A lack of contextual information and concerns over application disruption among contributing factors.
23 June 2021

VMs Help Ransomware Attackers Evade Detection, But It's Uncommon

Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.
23 June 2021

Microsoft Tracks New BazaCall Malware Campaign

Attackers use emails to prompt victims to call a fraudulent call center, where attackers instruct them to download a malicious file.
23 June 2021

New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies

Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.
23 June 2021

 New Training: Work from Home Security Awareness

 

The COVID-19 pandemic has forever changed how companies and employees view working from home. It is estimated that 25-30% of the workforce will be working from home multiple days a week by the end of 2021. In the rush to set up remote work environments, its possible organizations and workers overlooked cybersecurity best practices. To help bridge this knowledge gap, PCI SSC has created a low cost 45-minute training to educate organizations and remote workers on the basics of working from home in a secure manner. We talk with Travis Powell, Director of Training Programs, to learn more about this new training and the importance of prioritizing security in the remote workforce.

23 June 2021

Survey Seeks to Learn How 2020 Changed Security

Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.
23 June 2021

Iran Media Websites Seized by U.S. in Disinformation Campaign

Iran Media Websites Seized by U.S. in Disinformation Campaign DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign.
23 June 2021

When Will Cybersecurity Operations Adopt the Peter Parker Principle?

When Will Cybersecurity Operations Adopt the Peter Parker Principle? Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.
23 June 2021

Pandemic-Bored Attackers Pummeled Gaming Industry

Pandemic-Bored Attackers Pummeled Gaming Industry Akamai's 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020.
23 June 2021

Brave launches its own, privacy‑focused search engine

The Brave Search engine takes on Google, promising to let users surf the web without leaving a trace

The post Brave launches its own, privacy‑focused search engine appeared first on WeLiveSecurity

23 June 2021

Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access

Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.
23 June 2021

REvil Ransomware Code Ripped Off by Rivals

REvil Ransomware Code Ripped Off by Rivals The LV ransomware operators likely used a hex editor to repurpose a REvil binary almost wholesale, for their own nefarious purposes.
23 June 2021

Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021

Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.
23 June 2021

ChaChi: a new GoLang Trojan used in attacks against US schools

The malware has found a role to play in ransomware strikes.
23 June 2021

How Cyber Sleuths Cracked an ATM Shimmer Gang

In 2015, police departments worldwide started finding ATMs compromised with advanced new "shimming" devices made to clone data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn't decrypt the data on the devices. This is a story of ingenuity and happenstance, and how one former Secret Service agent helped crack a code that revealed the contours of a global organized crime ring.
23 June 2021

Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE

Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts -- with no patches in sight.
23 June 2021

SonicWall ‘Botches’ October Patch for Critical VPN Bug

SonicWall ‘Botches’ October Patch for Critical VPN Bug Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.
23 June 2021

How to tell if a website is safe

It can be difficult to tell a legitimate website apart from an unsafe one – follow these steps to identify and protect yourself from bad websites

The post How to tell if a website is safe appeared first on WeLiveSecurity

23 June 2021