Cybersecurity News
Google Forms Abused to Phish AT&T Credentials
More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials.
04 November 2020
Hexagon Announces Deal to Acquire PAS Global
The Houston-based PAS Global will operate as part of Hexagon's PPM (formerly Intergraph Process, Power & Marine) division.04 November 2020
Why Paying to Delete Stolen Data is Bonkers
Companies hit by ransomware often face a dual threat: Even if they avoid paying the ransom and can restore things from scratch, about half the time the attackers also threaten to release sensitive stolen data unless the victim pays for a promise to have the data deleted. Leaving aside the notion that victims might have any real expectation the attackers will actually destroy the stolen data, new research suggests a fair number of victims who do pay up may see some or all of the stolen data published anyway.04 November 2020
Prepare for the Unexpected: Costs to Consider in Security Budgets
Organizations that update business models to include cybersecurity as part of a strategic planning process may be able to better withstand unexpected disruptions.04 November 2020
Russian authorities make rare arrest of malware author
Malware dev made the grave error of deploying his malware inside Russia's borders.04 November 2020
Toymaker Mattel Hit by Ransomware Attack
Financial disclosure filings describe a ransomware attack that delivered a weak punch.
04 November 2020
Containers for Data Analysis Are Rife With Vulnerabilities
Old software components and the inclusion of unnecessary code created a massive attack surface area in containers for scientific analysis, researchers say.04 November 2020
VMware Issues Updated Fix For Critical ESXi Flaw
A previous fix for the critical remote code execution bug was "incomplete," according to VMware.
04 November 2020
CSA Moves to Redefine Cloud-Based Intelligence
The new paradigm seeks to understand, integrate, and automate data workflows, and better yet, doesn't require significant investment or more personnel.04 November 2020
Code42 Incydr Series: Why Most Companies Can’t Stop Departing Employee Data Theft
According to Code42’s Data Exposure Report, 63% of employees say they brought data with them from their previous employer to their current employer.
04 November 2020
Police to Livestream Ring Camera Footage of Mississippi Residents
Pilot program again sparks privacy fears from ACLU as Amazon takes its partnership with law enforcement to the next level.
04 November 2020
As Maze retires, clients turn to Sekhmet ransomware spin-off Egregor
The ransomware’s ‘retirement’ has left a hole that Egregor operators may capitalize on.04 November 2020
Police launch pilot program to tap resident Ring camera live streams
The small trial could herald a wider rollout with participating residents in the future.04 November 2020
23,600 hacked databases have leaked from a defunct 'data breach index' site
Site archive of Cit0day.in has now leaked on two hacking forums after the service shut down in September.04 November 2020
Toy maker Mattel discloses ransomware attack
Mattel said the ransomware attack had "no material impact to [its] operations or financial condition."03 November 2020
REvil ransomware gang 'acquires' KPOT malware
Ransomware gang who claims to have earned $100 million buys the source code of the KPOT information stealer trojan for $6,500.03 November 2020
Securing the 2020 Election: 'We're Not Out of the Woods Yet'
Election Day brought instances of misinformation, robocalls, and technical glitches, but officials are more worried about coming days and weeks.03 November 2020
APT Groups Get Innovative -- and More Dangerous -- in Q3
In "curious" trend, more threat actors diversified their tool sets in third quarter than usual.03 November 2020
US voters targeted with robocalls telling them to stay home or vote tomorrow
Robocalls have been reported in Florida, Georgia, Iowa, Kansas, Michigan, Nebraska, New York, New Hampshire, and North Carolina.03 November 2020
Oracle Solaris Zero-Day Attack Revealed
A threat actor is compromising telecommunications companies and targeted financial and professional consulting industries using an Oracle flaw.
03 November 2020