Cybersecurity News


Typosquatting Intensifies Ahead of US Election

Mistyped URLs can mean more than inconvenience when a candidate's name is involved.
03 September 2020

New Email-Based Malware Campaigns Target Businesses

Researchers who found "Salfram" say its campaigns use the same crypter to distribute payloads, including ZLoader, SmokeLoader, and AveMaria.
03 September 2020

Fake Data and Fake Information: A Treasure Trove for Defenders

Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.
03 September 2020

Attackers Can Exploit Critical Cisco Jabber Flaw With One Message

Attackers Can Exploit Critical Cisco Jabber Flaw With One Message An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495.
03 September 2020

Google Ups Product-Abuse Bug Bounties

Google Ups Product-Abuse Bug Bounties The top award for flaws that allow cybercriminals to abuse legitimate services has increased by 166 percent.
03 September 2020

Microsoft debuts deepfake detection tool

As the US presidential election nears, the company’s new tech should also help assure people that an image or video is authentic

The post Microsoft debuts deepfake detection tool appeared first on WeLiveSecurity

03 September 2020

Python-based Spy RAT Emerges to Target FinTech

Python-based Spy RAT Emerges to Target FinTech The Evilnum APT has added the RAT to its arsenal as part of a big change-up in its TTPs.
03 September 2020

European ISPs report mysterious wave of DDoS attacks

Over the past week, multiple ISPs in Belgium, France, and the Netherlands reported DDoS attacks that targeted their DNS infrastructure.
03 September 2020

Registration Now Open for Software Security Framework New Assessor Training


Registration is now open for Software Security Framework (SSF) New Assessor Training. PCI Security Standards Council (PCI SSC) recently announced the first training dates for its remote, instructor-led Secure Software Assessor and Secure Software Lifecycle Assessor classes, now available on the new eLearning platform.

03 September 2020

NSA Mass Surveillance Program Illegal, U.S. Court Rules

NSA Mass Surveillance Program Illegal, U.S. Court Rules The NSA argued its mass surveillance program stopped terrorist attacks - but a new U.S. court ruling found that this is not, and may have even been unconstitutional.
03 September 2020

5 Ways for Cybersecurity Teams to Work Smarter, Not Harder

Burnout is real and pervasive, but some common sense tools and techniques can help mitigate all that.
03 September 2020

India Blocks High-Profile Chinese Apps on Political, Privacy Concerns

India Blocks High-Profile Chinese Apps on Political, Privacy Concerns Technology minister bans, Baidu, WeChat Work, AliPay and 115 others for capturing using data and transmitting it to servers outside of the country without authorization.
03 September 2020

MIT SCRAM: a new analysis platform for prioritizing enterprise security investments

The platform shows that data analysis can provide actionable insight for enterprise security.
03 September 2020

Inter: a ‘low bar’ kit for Magecart credit card skimmer attacks on e-commerce websites

Researchers say that any attacker with a “little cash to burn” can join the attack trend.
03 September 2020

Houseparty – should I stay or should I go now?

What’s the benefit of deleting your Houseparty – or any other unused – account, rather than just uninstalling the app?

The post Houseparty – should I stay or should I go now? appeared first on WeLiveSecurity

03 September 2020

WordPress File Manager plugin flaw causing website hijack exploited in the wild

The critical vulnerability has been utilized in hundreds of thousands of attacks.
03 September 2020

Former IT director gets jail time for selling government's Cisco gear on eBay

Former Horry County IT security director sentenced to two years in federal prison.
03 September 2020

The Joys of Owning an ‘OG’ Email Account

When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable for day-to-day communications because it tends to bury emails you do want to receive. But there is also a puzzling side to all this noise: Random people tend to use your account as if it were theirs, and often for some fairly sensitive services online.
02 September 2020

Most IoT Hardware Dangerously Easy to Crack

Manufacturers need to invest more effort into protecting root-level access to connected devices, security researcher says.
02 September 2020

55% of Cybersquatted Domains Are Malicious or Potentially Fraudulent

The largest online companies, such as Apple and PayPal, and banks are being targeted by cybersquatters, who are also taking advantage of the pandemic, a study finds.
02 September 2020