Cybersecurity News


Clubhouse chats streamed to third‑party website

The incident raises concerns about the privacy and security of conversations taking place on the platform

The post Clubhouse chats streamed to third‑party website appeared first on WeLiveSecurity

23 February 2021

Flash version distributed in China after EOL is installing adware

Security researchers say the Chinese Flash app is behaving lide adware and opening browser windows to show ads.
23 February 2021

Google's Password Checkup feature coming to Android

The Password Checkup feature will tell Android users when one of their passwords has been exposed in an online data breach.
23 February 2021

Finnish IT Giant Hit with Ransomware Cyberattack

Finnish IT Giant Hit with Ransomware Cyberattack A major Finnish IT provider has been hit with a ransomware attack that has forced the company to turn off some services and infrastructure in a disruption to customers, while it takes recovery measures. Norwegian business journal E24 reported the attack on Espoo, Finland-based TietoEVRY on Tuesday, claiming to have spoken with Geir Remman, a […]
23 February 2021

Checkout Skimmers Powered by Chip Cards

Easily the most sophisticated skimming devices made for hacking terminals at retail self-checkout lanes are a new breed of PIN pad overlay combined with a flexible, paper-thin device that fits inside the terminal's chip reader slot. What enables these skimmers to be so slim? They draw their power from the low-voltage current that gets triggered when a chip-based card is inserted. As a result, they do not require external batteries, and can remain in operation indefinitely.
23 February 2021

Security + Fraud Protection: Your One-Two Punch Against Cyberattacks

Security + Fraud Protection: Your One-Two Punch Against Cyberattacks When siloed functions unite in the face of cyberthreats, organizations can continue, uninterrupted, along their paths to digital transformation.
23 February 2021

CVSS as a Framework, Not a Score

CVSS as a Framework, Not a Score The venerable system has served us well but is now outdated. Not that it's time to throw the system away -- use it as a framework to measure risk using modern, context-based methods.
23 February 2021

10K Microsoft Email Users Hit in FedEx Phishing Attack

10K Microsoft Email Users Hit in FedEx Phishing Attack Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express - but that really steal their credentials.
23 February 2021

Qualcomm, Sophos ink deal to secure 5G Snapdragon PCs

Sophos will provide endpoint protection for always on, always connected PCs.
23 February 2021

Clubhouse chatroom app closes down site rebroadcasting content

Clubhouse chatroom app closes down site rebroadcasting content

Incident prompts fears for latest Silicon Valley craze’s ability to guarantee users’ security and privacy

Clubhouse, the audio-chatroom app that has emerged as the latest craze to consume Silicon Valley, has shut down a site that was rebroadcasting the platform’s content, renewing concerns over the service’s ability to provide security and privacy for its users.

The app, currently available only on iPhones, allows users to quickly and easily set up and discover panel-style discussions, with a small group of speakers and potentially thousands of listeners in each room. It has been strictly limited since its launch in April, with users requiring an invitation before they can create an account. It initially gained popularity in the tech and venture capitalist community of the San Francisco Bay area.

Continue reading...
23 February 2021

IBM issues patches for Java Runtime, Planning Analytics Workspace, Kenexa LMS

The worst bugs could lead to malicious code execution and application crashes.
23 February 2021

Keybase patches bug that kept pictures in cleartext storage on Mac, Windows clients

Keybase failed to wipe clean cached pictures even after deletion.
23 February 2021

Chinese-Affiliated APT31 Cloned & Used NSA Hacking Tool

APT31 cloned and reused a Windows-based hacking tool for years before Microsoft patched the vulnerability, researchers report.
22 February 2021

Cybercrime Groups More Prolific, Focus on Healthcare in 2020

Almost four of every five attacks attributed in 2020 were conducted by cybercriminal groups, a significant jump from 2019, with attacks on healthcare or using the pandemic rising fast.
22 February 2021

TDoS Attacks Take Aim at Emergency First-Responder Services

TDoS Attacks Take Aim at Emergency First-Responder Services The FBI has warned that telephony denial-of-service attacks are taking aim at emergency dispatch centers, which could make it impossible to call for police, fire or ambulance services.
22 February 2021

Accellion Data Breach Resulted in Extortion Attempts Against Multiple Victims

FireEye Mandiant says it discovered data stolen via flaw in Accellion FTA had landed on a Dark Web site associated with a known Russia-based threat group.
22 February 2021

FireEye links 0-day attacks on FTA servers & extortion campaign to FIN11 group

FireEye: Hackers breached companies running FTA servers, stole private files, and are now publishing data on the Clop ransomware leak site.
22 February 2021

Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report

Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report APT31, a Chinese-affiliated threat group, copied a Microsoft Windows exploit previously used by the Equation Group, said researchers.
22 February 2021

Researcher Reports Vulnerability in Apple iCloud Domain

A stored cross-site scripting vulnerability in the iCloud website reportedly earned a security researcher $5,000.
22 February 2021

Sequoia Capital Suffers Data Breach

The attack began with a successful phishing email.
22 February 2021