Cybersecurity News


Three Top Russian Cybercrime Forums Hacked

Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums' user databases, including email and Internet addresses and hashed passwords.
04 March 2021

Why We Need More Blue Team Voices at the Table

The red team draws attention, but the blue team has the expertise to keep networks secure day in and day out.
04 March 2021

Accellion zero-day claims a new victim in cybersecurity company Qualys

A hotfix was applied, but not before some customer files may have been compromised.
04 March 2021

CISA issues emergency directive to agencies: deal with Microsoft Exchange zero-days now

Patch now, or disconnect Microsoft Exchange services from the internet.
04 March 2021

Maza Russian cybercriminal forum suffers data breach

Forums can be areas to swap illicit tools and data, but they can also be the targets of cyberattackers in their turn.
04 March 2021

Cybersecurity risks and challenges facing the financial industry

A primer on various threats looming over financial companies and the steps that the organizations can take to counter them

The post Cybersecurity risks and challenges facing the financial industry appeared first on WeLiveSecurity

04 March 2021

Intel: More Than 90% of Our Vulnerabilities Found via Research

Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.
03 March 2021

More Details Emerge on the Microsoft Exchange Server Attacks

The attacks are more widespread than initially reported, researchers say, and a look at why the Microsoft Exchange Server zero-days patched this week are so dangerous.
03 March 2021

Intel: Paid Research Caught More Than 90% of Our Vulnerabilities

Internal research and external bug-bounty programs combined to discover the vast majority of reported security issues in the company's software.
03 March 2021

Okta to Buy Rival Auth0

The deal, valued at $6.5 billion, will bring together competitors in the identity management space.
03 March 2021

Unpatched Bug in WiFi Mouse App Opens PCs to Attack

Unpatched Bug in WiFi Mouse App Opens PCs to Attack Wireless mouse-utility lacks proper authentication and opens Windows systems to attack.
03 March 2021

CISA to Federal Agencies: Immediately Patch or 'Disconnect' Microsoft Exchange Servers

The US Department of Homeland Security agency's new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.
03 March 2021

Google Patches Actively-Exploited Flaw in Chrome Browser

Google Patches Actively-Exploited Flaw in Chrome Browser A flaw (CVE-2021-21166) in the Audio component of Google Chrome is fixed in a new update being pushed out to Windows, Mac and Linux users.
03 March 2021

Malaysia Air Downplays Frequent-Flyer Program Data Breach

Malaysia Air Downplays Frequent-Flyer Program Data Breach A third-party IT provider exposed valuable airline data that experts say could be a goldmine for cybercriminals. 
03 March 2021

Home-Office Photos: A Ripe Cyberattack Vector

Home-Office Photos: A Ripe Cyberattack Vector Threat actors can use personal information gleaned from images to craft targeted scams, putting personal and corporate data at risk.
03 March 2021

RTM Cybergang Adds New Quoter Ransomware to Crime Spree

RTM Cybergang Adds New Quoter Ransomware to Crime Spree The Russian-speaking RTM threat group is targeting organizations in an ongoing campaign that leverages a well-known banking trojan, brand new ransomware strain and extortion tactics.
03 March 2021

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow Attackers have weaponized code dependency confusion to target internal apps at tech giants.
03 March 2021

How SolarWinds Busted Up Our Assumptions About Code Signing

With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
03 March 2021

Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets

Microsoft Exchange Zero-Day Attackers Spy on U.S. Targets Full dumps of email boxes, lateral movement and backdoors characterize sophisticated attacks by a Chinese APT - while more incidents spread like wildfire.
03 March 2021

Design, Security, Tech Is the New Stack You Should Be Building

Instead of different departments managing information systems, Ally Financial has combined data, digitization, security, and design into a single "stack" of human resources.
03 March 2021