Cybersecurity News
30M Dell Devices at Risk for Remote BIOS Attacks, RCE
Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.
One-click account takeover vulnerabilities in Atlassian domains patched
Research was conducted in light of the increasing threat of supply-chain attacks.79% of Third-Party Libraries in Apps Are Never Updated
A lack of contextual information and concerns over application disruption among contributing factors.VMs Help Ransomware Attackers Evade Detection, But It's Uncommon
Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.Microsoft Tracks New BazaCall Malware Campaign
Attackers use emails to prompt victims to call a fraudulent call center, where attackers instruct them to download a malicious file.New DNS Name Server Hijack Attack Exposes Businesses, Government Agencies
Researchers found a "novel" class of DNS vulnerabilities in AWS Route53 and other DNS-as-a-service offerings that leak sensitive information on corporate and government customers, with one simple registration step.New Training: Work from Home Security Awareness
The COVID-19 pandemic has forever changed how companies and employees view working from home. It is estimated that 25-30% of the workforce will be working from home multiple days a week by the end of 2021. In the rush to set up remote work environments, its possible organizations and workers overlooked cybersecurity best practices. To help bridge this knowledge gap, PCI SSC has created a low cost 45-minute training to educate organizations and remote workers on the basics of working from home in a secure manner. We talk with Travis Powell, Director of Training Programs, to learn more about this new training and the importance of prioritizing security in the remote workforce.
Survey Seeks to Learn How 2020 Changed Security
Respondents to a new Dark Reading/Omdia survey will be entered into a drawing for a Black Hat Black Card.Iran Media Websites Seized by U.S. in Disinformation Campaign
DoJ uses sanctions laws to shut down an alleged Iranian government malign influence campaign.
When Will Cybersecurity Operations Adopt the Peter Parker Principle?
Having a prevention mindset means setting our prevention capabilities to "prevent" instead of relying on detection and response.
Pandemic-Bored Attackers Pummeled Gaming Industry
Akamai's 2020 gaming report shows that cyberattacks on the video game industry skyrocketed, shooting up 340 percent in 2020.
Brave launches its own, privacy‑focused search engine
The Brave Search engine takes on Google, promising to let users surf the web without leaving a trace
The post Brave launches its own, privacy‑focused search engine appeared first on WeLiveSecurity
Critical Palo Alto Cyber-Defense Bug Allows Remote ‘War Room’ Access
Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.
REvil Ransomware Code Ripped Off by Rivals
The LV ransomware operators likely used a hex editor to repurpose a REvil binary almost wholesale, for their own nefarious purposes.
Expecting the Unexpected: Tips for Effectively Mitigating Ransomware Attacks in 2021
Cybercriminals continually innovate to thwart security protocols, but organizations can take steps to prevent and mitigate ransomware attacks.ChaChi: a new GoLang Trojan used in attacks against US schools
The malware has found a role to play in ransomware strikes.How Cyber Sleuths Cracked an ATM Shimmer Gang
In 2015, police departments worldwide started finding ATMs compromised with advanced new "shimming" devices made to clone data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn't decrypt the data on the devices. This is a story of ingenuity and happenstance, and how one former Secret Service agent helped crack a code that revealed the contours of a global organized crime ring.Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts -- with no patches in sight.
SonicWall ‘Botches’ October Patch for Critical VPN Bug
Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.
How to tell if a website is safe
It can be difficult to tell a legitimate website apart from an unsafe one – follow these steps to identify and protect yourself from bad websites
The post How to tell if a website is safe appeared first on WeLiveSecurity