Cybersecurity News
Nim-Based Malware Loader Spreads Via Spear-Phishing Emails
Spear-phishing emails are spreading the NimzaLoader malware loader, which some say may be used to download Cobalt Strike.10 March 2021
2020 was a ‘record-breaking’ year in US school hacks, security failures
New research suggests “cybersecurity risks are now neither hypothetical, nor trivial.”10 March 2021
Digitally Transforming Trusted Transactions Through Biometrics, ML & AI
The pandemic has increased the appetite for e-commerce and contactless payments, and biometrics and artificial intelligence are playing a larger role in securing those transactions.10 March 2021
Call Recorder iPhone App Flaw Uncovered
Researcher finds thousands of recorded calls easily accessible to others.10 March 2021
Breach Exposes Verkada Security Camera Footage at Tesla, Cloudflare
Surveillance footage from companies such as Tesla as well as hospitals, prisons, police departments and schools was accessed in the hack.10 March 2021
Microsoft expands AccountGuard ahead of elections, deepens Yubico partnership
Enhanced identity and access features are on offer in 31 democracies.10 March 2021
Exchange servers under siege from at least 10 APT groups
ESET Research has found LuckyMouse, Tick, Winnti Group, and Calypso, among others, are likely using the recent Microsoft Exchange vulnerabilities to compromise email servers all around the world
The post Exchange servers under siege from at least 10 APT groups appeared first on WeLiveSecurity
10 March 2021
Online health security – when ‘opt out’ isn’t an option
What happens when you try to opt out of e-health to avoid issues in the event of a breach?
The post Online health security – when ‘opt out’ isn’t an option appeared first on WeLiveSecurity
10 March 2021
OVHcloud data centers engulfed in flames
Customers are being urged to launch their own disaster recovery plans.10 March 2021
Microsoft Patch Tuesday, March 2021 Edition
On the off chance you were looking for more security to-dos from Microsoft today...the company released software updates to plug more than 82 security flaws in Windows and other supported software. Ten of these earned Microsoft's "critical" rating, meaning they can be exploited by malware or miscreants with little or no help from users.09 March 2021
Apple’s Device Location-Tracking System Could Expose User Identities
Researchers have identified two vulnerabilities in the company’s crowd-sourced Offline Finding technology that could jeopardize its promise of privacy.09 March 2021
Microsoft Patch Tuesday Updates Fix 14 Critical Bugs
Microsoft's regularly scheduled March Patch Tuesday updates address 89 CVEs overall.09 March 2021
Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day
The monthly rollout follows last week's emergency Microsoft Exchange Server patch covering seven CVEs, four of which are under attack.09 March 2021
Dark Web Markets for Stolen Data See Banner Sales
Despite an explosion in the sheer amount of stolen data available on the Dark Web, the value of personal information is holding steady, according to the 2021 Dark Web price index from Privacy Affairs. That leaves these thriving dirty data dealers in a familiar predicament — they need to lock down their growing businesses for […]09 March 2021
Warning the World of a Ticking Time Bomb
Globally, hundreds of thousand of organizations running Exchange email servers from Microsoft just got mass-hacked, including at least 30,000 victims in the United States. Each hacked server has been retrofitted with a "web shell" backdoor that gives the bad guys total, remote control, the ability to read all email, and easy access to the victim's other computers. Researchers are now racing to identify, alert and help victims, and hopefully prevent further mayhem.09 March 2021
Adobe Critical Code-Execution Flaws Plague Windows Users
The critical flaws exist in Adobe Framemaker, Connect and the Creative Cloud desktop application for Windows.09 March 2021
Linux Foundation Debuts Sigstore Project for Software Signing
Sigstore aims to improve the open source software supply chain by simplifying the process of cryptographic software signing.09 March 2021
Adobe releases batch of security fixes for Framemaker, Creative Cloud, Connect
This month’s security release tackles a handful of vulnerabilities.09 March 2021
Microsoft's March Patch Tuesday: Critical remote code execution flaws, IE zero-day fixed
The fixes follow an unscheduled emergency release for Microsoft Exchange Server.09 March 2021