Cybersecurity News
IRS COVID-19 Relief Payment Deadlines Anchor Convincing Phish
The upcoming deadlines for applying for coronavirus relief are the lure for a phish that gets around email security gateways by using a legitimate SharePoint page for data-harvesting.
07 October 2020
Beware of ATM Cash-Outs
PCI SSC and ATMIA share guidance and information on protecting against ATM Cash-outs.
07 October 2020
Comcast TV Remote Hack Opens Homes to Snooping
Researchers disclosed the 'WarezTheRemote' attack, affecting Comcast's XR11 voice remote control.
07 October 2020
UK Department For Education fails to meet UK, GDPR data protection standards - with flying colors
A compulsory audit has revealed severe security failings and data management problems.07 October 2020
Hackers exploit Windows Error Reporting service in new fileless attack
The Kraken attack technique abuses WER to avoid detection.07 October 2020
GitLab patches Elasticsearch private group data leak bug
Public group projects made private were still searchable via an API.07 October 2020
ZeroFOX acquires Cyveillance threat intelligence business from LookingGlass
The deal focuses on improving threat intelligence features on the ZeroFOX platform.07 October 2020
US gov’t warns against paying off ransomware attackers
Companies facilitating ransomware payments run the risk of facing stern penalties for violating US regulations
The post US gov’t warns against paying off ransomware attackers appeared first on WeLiveSecurity
06 October 2020
Grindr’s Bug Bounty Pledge Doesn’t Translate to Security
At SAS@Home, Luta Security CEO Katie Moussouris stressed that bug bounty programs aren't a 'silver bullet' for security teams.
06 October 2020
New HEH botnet can wipe routers and IoT devices
The disk-wiping feature is present in the code but has not been used yet.06 October 2020
Male Chastity Device Comes with Massive Security Flaws
Smart sex toy vulnerable to hacks, researchers say -- which could expose users’ most sensitive bits (of data) to cybercriminals.
06 October 2020
Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack
The Magecart spinoff group targeted the wireless service provider in an odd choice of victim.
06 October 2020
Women in Payments: Q&A with Diana Greenhaw
Protecting data is everyone’s responsibility, according to Diana Greenhaw who followed a nontraditional path into the security space. In this month’s blog series, Greenhaw explains why you don’t have to be an information technology expert to work in cybersecurity.
06 October 2020
Chrome 86 released with password-related security improvements
The new Native File System API now also lets websites to interact with any file or folder stored on the user's local disk.06 October 2020
Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors
Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.
06 October 2020
COVID-19 Clinical Trials Slowed After Ransomware Attack
The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest a nation-state actor could be behind the incident.
06 October 2020
APT Attack Injects Malware into Windows Error Reporting
The fileless attack uses a phishing campaign that lures victims with information about a worker’s compensation claim.
06 October 2020
Unpatched Apple T2 Chip Flaw Plagues Macs
A researcher claims that the issue can be exploited by attackers in order to gain root access.
06 October 2020
Had your face stolen lately?
It’s easy to reset your password or PIN after a data breach. But reset your face? Not so much.
The post Had your face stolen lately? appeared first on WeLiveSecurity
06 October 2020
Post Grid WordPress Plugin Flaws Allow Site Takeovers
Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs -- together they have 66,000 installs.
05 October 2020