Cybersecurity News
MFA-Minded Attackers Continue to Figure Out Workarounds
While MFA can improve overall security posture, it's not a "silver bullet" -- and hacks continue.28 September 2020
MFA-Minded Attackers Continue to Figure Out Workarounds
While MFA can improve overall security posture, it's not a "silver bullet" -- and hacks continue.28 September 2020
Suspicious logins & RATs reported after ransomware attack on US govt contractor
Ransomware attack on Tyler Technologies is looking worse by the day.28 September 2020
Students rise up against forced remote spy app usage in colleges, universities
Recent clashes highlight concerns that forcing students to use remote exam monitoring software is an affront to personal privacy.28 September 2020
Google removes 17 Android apps doing WAP billing fraud from the Play Store
The 17 apps were infected with the Joker (Bread) malware, which Google described in January 2020 as one of the most persistent threats it dealt with since 2017.27 September 2020
Bug Bounty FAQ: Top Questions, Expert Answers
Four leading voices in the bug bounty community answer frequently asked questions from bounty hunters, companies and curious cybersecurity professionals.
26 September 2020
KuCoin cryptocurrency exchange hacked for $150 million
KuCoin said an intruder drained all its hot wallets today.26 September 2020
Pastebin adds 'Burn After Read' and 'Password Protected Pastes' to the dismay of the infosec community
The two new features will make it easier to disguise malware operations.26 September 2020
FortiGate VPN Default Config Allows MitM Attacks
The client's default configuration for SSL-VPN has a certificate issue, researchers said.
25 September 2020
6 Things to Know About the Microsoft 'Zerologon' Flaw
Until all domain controllers are updated, the entire infrastructure remains vulnerable, the DHS' CISA warns.25 September 2020
Industrial Cyberattacks Get Rarer but More Complex
The first half of 2020 saw decreases in attacks on most ICS sectors, but oil/gas firms and building automation saw upticks.
25 September 2020
Ring’s Flying In-Home Camera Drone Escalates Privacy Worries
Privacy fears are blasting off after Amazon's Ring division unveiled the new Always Home Cam, a smart home security camera drone.
25 September 2020
Navigating the Asia-Pacific Threat Landscape: Experts Dive In
At next week's virtual Black Hat Asia, threat intelligence pros will discuss the threats local organizations should prioritize and how they can prepare.25 September 2020
Getting Over the Security-to-Business Communication Gap in DevSecOps
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.25 September 2020
Twitter warns of possible API keys leak
Incorrect server settings on the Twitter Developer portal led to browsers caching API keys, account access token and secret.25 September 2020
You can bypass TikTok's MFA by logging in via a browser
Enabling MFA in the TikTok mobile app doesn't apply it for the web dashboard. TikTok promised to fix the issue.25 September 2020
Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks
An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks.
25 September 2020
RASP 101: Staying Safe With Runtime Application Self-Protection
The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here's what to know.
25 September 2020
Week in security with Tony Anscombe
Bug let hijack Firefox browsers on other phones over Wi-Fi – NIST's new tool to help firms understand why staff fall for phishing – Almost 200 arrested in dark web crackdown
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
25 September 2020
WannaCry Has IoT in Its Crosshairs
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.25 September 2020