Cybersecurity News
Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update
An anonymous researcher identified bugs in the software’s kernel and WebKit browser engine that are likely part of an exploit chain.
27 January 2021
LogoKit Group Aims for Simple Yet Effective Phishing
A phishing kit that uses embedded JavaScript targeted the users of more than 300 sites in the past week, aiming to grab credentials for SharePoint, Adobe Document Cloud, and OneDrive.27 January 2021
Fake ICO consultant sentenced for embezzling cryptocurrency now worth $20 million
The US resident pretended to be an expert on investing in cryptocurrencies.27 January 2021
UK association defends ransomware payments in cyber insurance policies
The group has been criticized for “funding” organized crime.27 January 2021
10-years-old Sudo bug lets Linux users gain root-level access
The vulnerability, named "Baron Samedit," impacts most Linux distributions today.26 January 2021
Ransomware Disrupts Operations at Packaging Giant WestRock
Incident is another reminder of how vulnerable OT environments are to attack, security experts say.26 January 2021
Pay-Or-Get-Breached Ransomware Schemes Take Off
In 2020, ransomware attackers moved quickly to adopt so-called "double extortion" schemes, with more than 550 incidents in the fourth quarter alone.26 January 2021
North Korean Attackers Target Security Researchers via Social Media: Google
Google TAG warns the infosec community of unsolicited requests from individuals seeking collaboration on vulnerability research.26 January 2021
Nvidia Squashes High-Severity Jetson DoS Flaw
If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products.
26 January 2021
DanaBot Malware Roars Back into Relevancy
Sophisticated and dangerous, DanaBot has resurfaced after laying dormant for seven months.
26 January 2021
Privacy Teams Helped Navigate the Pivot to Work-from-Home
Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.26 January 2021
Apple fixes another three iOS zero-days exploited in the wild
Fixes come after Apple patched another set of three zero-days last November.26 January 2021
Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks
Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.26 January 2021
23M Gamer Records Exposed in VIPGames Leak
The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.
26 January 2021
BEC Scammers Find New Ways to Navigate Microsoft 365
Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.26 January 2021
Four security vendors disclose SolarWinds-related incidents
Mimecast, Palo Alto Networks, Qualys, and Fidelis confirmed this week they were also targeted during the SolarWinds supply chain attack.26 January 2021
Cartoon Caption Winner: Before I Go ...
And the winner of The Edge's January cartoon caption contest is ...
26 January 2021
Fighting the Rapid Rise of Cyber Warfare in a Changing World
Global cyber warfare is a grim reality, but strong public-private relationships and security frameworks can safeguard people, institutions, and businesses.26 January 2021
Criminal, Domestic Violence Case Info Exposed in Cook County Leak
Cook County, Ill., home to Chicago, has left a database exposed since at least September that contained sensitive criminal and family-court records.
26 January 2021
Nefilim Ransomware Gang Hits Jackpot with Ghost Account
An unmonitored account belonging to a deceased employee allowed Nefilim to exfiltrate data and infiltrate systems for a month, without being noticed.
26 January 2021