Cybersecurity News


OilRig APT Drills into Malware Innovation with Unique Backdoor

OilRig APT Drills into Malware Innovation with Unique Backdoor The RDAT tool uses email as a C2 channel, with attachments that hide data and commands inside images.
22 July 2020

Apple Security Research Device Program Draws Mixed Reactions

Apple Security Research Device Program Draws Mixed Reactions Apple's Security Research Device program is now open to select researchers - but some are irked by the program's vulnerability disclosure restrictions.
22 July 2020

Twitter Hacking for Profit and the LoLs

The New York Times last week ran an interview with several young men who claimed to have had direct contact with those involved in last week's epic hack against Twitter. These individuals said they were only customers of the person who had access to Twitter's internal employee tools, and were not responsible for the actual intrusion or bitcoin scams that took place that day. But new information suggests that at least two of them operated a service that resold access to Twitter employees for the purposes of modifying or seizing control of prized Twitter profiles.
22 July 2020

CISA Hires Security Experts to Boost COVID-19 Response

The agency brings in expertise from the private sector to improve its technical capabilities and engagement with industry partners.
22 July 2020

North Korea's Lazarus Group Developing Cross-Platform Malware Framework

The APT group, known for its attack on Sony Pictures in 2014, has created an "advanced malware framework" that can launch and manage attacks against systems running Windows, MacOS, and Linux.
22 July 2020

Ripple20's Effects Will Impact IoT Cybersecurity for Years to Come

A series of newly discovered TCP/IP software vulnerabilities pose a threat to millions of IoT devices. Undiscovered since the early 1990s, they highlight the need to improve security in an increasingly precarious IoT supply chain.
22 July 2020

COVID-19-Related Attacks Exploded in the First Half of 2020

COVID-19 as part of a cyberattack increased by more than 3,900% between February and June.
22 July 2020

The InfoSec Barrier to AI

Information security challenges are proving to be a huge barrier for the artificial intelligence ecosystem. Conversely, AI is causing headaches for CISOs. Here's why.
22 July 2020

Lazarus Group Surfaces with Advanced Malware Framework

Lazarus Group Surfaces with Advanced Malware Framework The North Korean APT has been using the framework, called MATA, for a number of purposes, from spying to financial gain.
22 July 2020

Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware

Going Down the Spyware Rabbit Hole with SilkBean Mobile Malware An Android spyware attack was recently discovered that targeted the Uyghur ethnic minority group - since 2013.
22 July 2020

Privacy watchdogs urge videoconferencing services to boost privacy protections

The open letter highlights five security and privacy principles that require heightened attention from videoconferencing services

The post Privacy watchdogs urge videoconferencing services to boost privacy protections appeared first on WeLiveSecurity

22 July 2020

Prometei botnet exploits Windows SMB to mine for cryptocurrency

The new botnet has been quietly operating since March.
22 July 2020

Q&A: How Systemic Racism Weakens Cybersecurity

Q&A: How Systemic Racism Weakens Cybersecurity Cybersecurity policy expert and attorney Camille Stewart explains how to dismantle systemic racism in the industry - and build a more diverse and representative workforce.
22 July 2020

Cybersecurity Lessons from the Pandemic

Cybersecurity Lessons from the Pandemic How does cybersecurity support business and society? The pandemic shows us.
22 July 2020

University of York discloses data breach, staff and student records stolen

Third-party cloud service provider Blackbaud has been blamed.
22 July 2020

Leak Exposes Private Data of Genealogy Service Users

Leak Exposes Private Data of Genealogy Service Users An exposed ElasticSearch server belonging to Software MacKiev put 60,000 users of Ancestry.com’s Family Tree Maker software at risk.
22 July 2020

Fundamentals of Network Traffic Decryption and Risk Management

Visibility into and inspection of inbound encrypted network traffic is essential for sound enterprise network security. Decryption approaches must soon change due to increasing cost and complexity, but alternative technologies are emerging.
22 July 2020

Adobe issues emergency fixes for critical vulnerabilities in Photoshop, Bridge, Prelude

13 vulnerabilities, the majority critical, are being tackled in the out-of-band security update.
22 July 2020

DDoS Botnets Are Entrenched in Asia & Amplification Attacks Set Records

China, Vietnam, and Taiwan are top sources of DDoS botnet activity, but the top data floods use a variety of amplification attacks, a report finds.
21 July 2020

Emotet Returns in Malspam Attacks Dropping TrickBot, QakBot

Emotet Returns in Malspam Attacks Dropping TrickBot, QakBot Emotet has resurfaced after a five-month hiatus, with more than 250,000 malspam messages being sent to email recipients worldwide.
21 July 2020