Cybersecurity News
Chrome, Firefox updates fix severe security bugs
Successful exploitation of some of these flaws could allow attackers to take control of vulnerable systems
The post Chrome, Firefox updates fix severe security bugs appeared first on WeLiveSecurity
08 January 2021
A crypto-mining botnet is now stealing Docker and AWS credentials
After if began stealing AWS credentials last summer, the TeamTNT botnet is now also stealing Docker API logins, making the use of firewalls mandatory for all internet-exposed Docker interfaces.08 January 2021
Top 5 'Need to Know' Coding Defects for DevSecOps
Integrating static analysis into the development cycle can prevent coding defects and deliver secure software faster.08 January 2021
FBI Warns of Egregor Attacks on Businesses Worldwide

08 January 2021
Nvidia releases security update for high-severity graphics driver vulnerabilities
Exploits include data tampering, denial of service, and privilege escalation.08 January 2021
Bugs in Firefox, Chrome, Edge Allow Remote System Hijacking

08 January 2021
New side-channel attack can recover encryption keys from Google Titan security keys
Attack requires physical access to the devices but Titan and other keys can be cloned if attacks are successful.07 January 2021
Sealed U.S. Court Records Exposed in SolarWinds Breach
The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the Administrative Office (AO) of the U.S. Courts.07 January 2021
Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020
Research reveals APT groups and cybercriminals employ these offensive security tools as often as red teams.07 January 2021
FireEye's Mandia: 'Severity-Zero Alert' Led to Discovery of SolarWinds Attack
CEO Kevin Mandia shared some details on how his company rooted out the major cyberattack campaign affecting US government and corporate networks.07 January 2021
Biden to Appoint Cybersecurity Advisor to NSC – Report

07 January 2021
State Dept. to Create New Cybersecurity & Technology Agency
Bureau of Cyberspace Security and Emerging Technologies (CSET) will serve as diplomatic arm for US cybersecurity interests.07 January 2021
Nvidia Warns Windows Gamers of High-Severity Graphics Driver Flaws

07 January 2021
Even Small Nations Have Jumped into the Cyber Espionage Game
While the media tends to focus on the Big 5 nation-state cyber powers, commercial spyware has given smaller countries sophisticated capabilities, as demonstrated by a "zero-click" iMessage exploit that targeted journalists last year.07 January 2021
All Aboard the Pequod!
Like countless others, I frittered away the better part of Jan. 6 doomscrolling and watching television coverage of the horrifying events unfolding in our nation's capital, where a mob of President Trump supporters and QAnon conspiracy theorists was incited to lay siege to the U.S. Capitol. For those trying to draw meaning from the experience, might I suggest consulting the literary classic Moby Dick, which simultaneously holds clues about QAnon's origins and offers an apt allegory about a modern-day Captain Ahab and his ill-fated obsessions.07 January 2021
Ransomware Victims' Data Published via DDoSecrets
Activists behind Distributed Denial of Secrets has shared 1TB of data pulled from Dark Web sites where it was shared by ransomware attackers.07 January 2021
How the Shady Zero-Day Sales Game Is Evolving

07 January 2021
Fired Healthcare Exec Stalls Critical PPE Shipment for Months

07 January 2021
Ryuk gang estimated to have made more than $150 million from ransomware attacks
Most of the Ryuk gang's "earnings" are being cashed out through accounts at crypto-exchanges Binance and Huobi.07 January 2021
Threatpost Poll: Weigh in on Ransomware Security

07 January 2021