Cybersecurity News
70,000+ WordPress Sites Affected by Critical Plug-in Flaw
A vulnerability in the wpDiscuz plug-in could let attackers remotely execute code on the servers of affected websites.29 July 2020
Dark Reading Video News Desk Returns to Black Hat
Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!29 July 2020
Critical Bugs in Utilities VPNs Could Cause Physical Damage
Gear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn.
29 July 2020
Kaspersky: New hacker-for-hire mercenary group is targeting European law firms
The Deceptikons group is the second major hacker-for-hire mercenary group exposed this year after Dark Basin.29 July 2020
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.29 July 2020
'BootHole' attack impacts Windows and Linux systems using GRUB2 and Secure Boot
Microsoft, Red Hat, Canonical, SuSE, Oracle, VMWare, Citrix, and many OEMs are expected to release BootHole patches.29 July 2020
Microsoft to remove all SHA-1 Windows downloads next week
Microsoft says file downloads signed with the SHA-1 algorithm are insecure and will be removed on August 3, 2020.29 July 2020
Critical Security Flaw in WordPress Plugin Allows RCE
WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch.
29 July 2020
A View into Feedback from the PCI DSS v4.0 RFC
PCI SSC recently concluded the review of over 3,000 comments submitted for the first PCI DSS v4.0 RFC last year. This RFC set the record for the most industry submitted comments for a single PCI SSC standard and was the first time the industry had reviewed a working draft of PCI DSS.
29 July 2020
How to Decipher InfoSec Job Titles' Mysteries
Figuring out which cybersecurity job you want -- or are qualified for -- can be difficult when words have no consistent meaning in the industry.
29 July 2020
New tool detects shadow admin accounts in AWS and Azure environments
CyberArk releases new SkyArk tool for scanning AWS and Azure infrastructure for misconfigured accounts.29 July 2020
The Future's Biggest Cybercrime Threat May Already Be Here
Current attacks will continue to be refined, and what may seem a weakness now could turn out to be a disaster.29 July 2020
Facial-Recognition Flop: Face Masks Thwart Virus, Stump Security Systems
Algorithms clocked error rates of between 5% to 50% when comparing photos of people wearing digitally created masks with unmasked faces.
29 July 2020
OkCupid: Hackers want your data, not a relationship
Researchers discovered a way to steal the personal and sensitive data of users on the popular dating app.29 July 2020
OkCupid Security Flaw Threatens Intimate Dater Details
Attackers could exploit various flaws in OkCupid's mobile app and webpage to steal victims' sensitive data and even send messages out from their profiles.
29 July 2020
ESET Threat Report Q2 2020
A view of the Q2 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
The post ESET Threat Report Q2 2020 appeared first on WeLiveSecurity
29 July 2020
Today’s ‘mega’ data breaches now cost companies $392 million to recover from
When consumer PII is involved, the cost increases.29 July 2020
Lazarus Group Shifts Gears with Custom Ransomware
The North Korea-linked APT group has developed its own ransomware strain to better conduct financial theft, researchers report.28 July 2020
Lazarus Group Brings APT Tactics to Ransomware
A new ransomware, VHD, was seen being delivered by the nation-state group's multiplatform malware platform, MATA.
28 July 2020
Avon Server Leaks User Info and Administrative Data
An unprotected server has exposed more than 7GB of data from the beauty brand.28 July 2020