Cybersecurity News


Postmortem on U.S. Census Hack Exposes Cybersecurity Failures

Postmortem on U.S. Census Hack Exposes Cybersecurity Failures Government says cybersecurity failures were many within failed January hack of U.S. Census Bureau systems.
19 August 2021

Are you, the customer, the one paying the ransomware demand?

Ransomware payments may have greater implications than you thought – and not just for the company that gave in to the attackers’ demands

The post Are you, the customer, the one paying the ransomware demand? appeared first on WeLiveSecurity

19 August 2021

Bogus Cryptomining Apps Infest Google Play

Bogus Cryptomining Apps Infest Google Play The apps attempt to swindle users into buying in-app upgrades or clicking on masses of ads.
18 August 2021

T-Mobile: >40 Million Customers’ Data Stolen

T-Mobile: >40 Million Customers’ Data Stolen Attackers stole tens of millions of current, former or prospective customers' personal data, the company confirmed. It's providing 2 years of free ID protection.
18 August 2021

T-Mobile: Breach Exposed SSN/DOB of 40M+ People

T-Mobile warned Monday that a data breach has exposed the names, date of birth, Social Security number and driver's license/ID information of more than 40 million current, former or prospective customers. The acknowledgment came less than 48 hours after millions of the stolen T-Mobile customer records went up for sale in the cybercrime underground.
18 August 2021

Health authorities in 40 countries targeted by COVID‑19 vaccine scammers

Fraudsters impersonate vaccine manufacturers and authorities overseeing vaccine distribution efforts, INTERPOL warns

The post Health authorities in 40 countries targeted by COVID‑19 vaccine scammers appeared first on WeLiveSecurity

18 August 2021

Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks

Memory Bugs in BlackBerry’s QNX Embedded OS Open Devices to Attacks The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices.
18 August 2021

Kerberos Authentication Spoofing: Don’t Bypass the Spec

Kerberos Authentication Spoofing: Don’t Bypass the Spec Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.
18 August 2021

Unpatched Fortinet Bug Allows Firewall Takeovers

Unpatched Fortinet Bug Allows Firewall Takeovers The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch at the end of the month.
18 August 2021

HolesWarm Malware Exploits Unpatched Windows, Linux Servers   

HolesWarm Malware Exploits Unpatched Windows, Linux Servers    The botnet cryptominer has already compromised 1,000-plus clouds since June.
18 August 2021

The Overlooked Security Risks of The Cloud

The Overlooked Security Risks of The Cloud Nate Warfield, CTO of Prevaliion, discusses the top security concerns for those embracing virtual machines, public cloud storage and cloud strategies for remote working.
17 August 2021

Back-to-Basics: Secure Remote Access

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on securing remote access.

17 August 2021

LockBit 2.0 Ransomware Proliferates Globally

LockBit 2.0 Ransomware Proliferates Globally Fresh attacks target companies' employees, promising millions of dollars in exchange for valid account credentials for initial access.
17 August 2021

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop

Bug in Millions of Flawed IoT Devices Lets Attackers Eavesdrop A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.
17 August 2021

Nearly 2 million records from terrorist watchlist exposed online

The secret list was exposed online for three weeks, allowing anyone to access it without any kind of authentication

The post Nearly 2 million records from terrorist watchlist exposed online appeared first on WeLiveSecurity

17 August 2021

Terrorist Watchlist Exposed Online with Nearly 1.9M Records

Terrorist Watchlist Exposed Online with Nearly 1.9M Records A researcher discovered a data cache from the FBI’s Terrorist Screening Center left online without a password or authentication requirement.
17 August 2021

Apple: CSAM Image-Detection Backdoor ‘Narrow’ in Scope

Apple: CSAM Image-Detection Backdoor ‘Narrow’ in Scope Computing giant tries to reassure users that the tool won’t be used for mass surveillance.
17 August 2021

How to Reduce Exchange Server Downtime in Case of a Disaster?

How to Reduce Exchange Server Downtime in Case of a Disaster? Exchange downtime can have serious implications on businesses. Thus, it’s important to maintain backups and implement best practices for Exchange servers that can help restore the Exchange server when a disaster strikes with minimal impact and downtime.
17 August 2021

Dumpster diving is a filthy business

One man’s trash is another man’s treasure – here’s why you should think twice about what you toss in the recycling bin

The post Dumpster diving is a filthy business appeared first on WeLiveSecurity

17 August 2021

Phishing Costs Nearly Quadrupled Over 6 Years

Phishing Costs Nearly Quadrupled Over 6 Years Lost productivity & mopping up after the costly attacks that follow phishing – BEC & ransomware in particular – eat up most costs, not payouts to crooks.
17 August 2021