Cybersecurity News
Adobe patches wave of critical bugs in Magento, Acrobat, Reader
Some of the vulnerabilities were reported through a hacking contest.Microsoft warns enterprises of new 'dependency confusion' attack technique
New "dependency confusion" technique, also known as a "substitution attack," allows threat actors to sneak malicious code inside private code repositories by registering internal library names on public package indexes.Microsoft Patch Tuesday, February 2021 Edition
Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. One of the bugs is already being actively exploited, and six of them were publicized prior to today, potentially giving attackers a head start in figuring out how to exploit the flaws.Actively Exploited Windows Kernel EoP Bug Allows Takeover
Microsoft addressed 56 security vulnerabilities for February Patch Tuesday -- including 11 critical and six publicly known. And, it continued to address the Zerologon bug.
Google Play Boots Barcode Scanner App After Ad Explosion
A barcode scanner with 10 million downloads is removed from Google Play marketplace after ad blitz hits phones.
Florida Water Utility Hack Highlights Risks to Critical Infrastructure
The intrusion also shows how redundancy and detection can minimize damage and reduce impact to the population.Microsoft Fixes Windows Zero-Day in Patch Tuesday Rollout
Microsoft's monthly security fixes addressed a Win32k zero-day, six publicly known flaws, and three bugs in the Windows TCP/IP stack.Fears over DNA privacy as 23andMe goes public in deal with Richard Branson
Genetic testing company with 10 million customers’ data has ‘huge cybersecurity implications’
The genetic testing company 23andMe will go public through a partnership with a firm backed by the billionaire Richard Branson, in a deal that has raised fresh privacy questions about the information of millions of customers.
Launched in 2006, 23andMe sells tests to determine consumers’ genetic ancestry and risk of developing certain illnesses, using saliva samples sent in by mail.
Related: Your DNA is a valuable asset, so why give it to ancestry websites for free? | Laura Spinney
Continue reading...Attackers Exploit Critical Adobe Flaw to Target Windows Users
A critical vulnerability in Adobe Reader has been exploited in "limited attacks."
Microsoft February 2021 Patch Tuesday fixes 56 bugs, including Windows zero-day
Microsoft also warns about three nasty vulnerabilities in the Windows TCP/IP stack.SentinelOne Buys Data Analytics Company Scalyr
Cloud-based big data platform boosts extended detection and response (XDR) offering.How Neurodiversity Can Strengthen Cybersecurity Defense
Team members from different backgrounds, genders, ethnicities, and neurological abilities are best equipped to tackle today's security challenges.Microsoft & Facebook Were Phishers' Favorite Brands in 2020
Cloud services was the most impersonated industry, followed by financial services, e-commerce, and social media, researchers report.Request for Comments: PTS HSM Security Requirements v4.0
PTS Vendors who are Participating Organizations and PCI Recognized labs are invited to review and provide feedback on the draft PCI PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Security Requirements during a 30 day request for comments (RFC) period running from 9 February 2021 through 11 March.
Hacker attempts to poison Florida city’s water supply
While the incursion was thwarted in time, cyberattacks targeting critical infrastructure are a major cause for concern
The post Hacker attempts to poison Florida city’s water supply appeared first on WeLiveSecurity
Web hosting provider shuts down after cyberattack
Two other UK web hosting providers also suffered similar hacks over the weekend, although it's unconfirmed if the attacks are related.Android Devices Hunted by LodaRAT Windows Malware
The LodaRAT - known for targeting Windows devices - has been discovered also targeting Android devices in a new espionage campaign.
Cyberpunk 2077 Publisher Hit with Hack, Threats and Ransomware
CD Projekt Red was hit with a cyberattack, and the attackers are threatening to release source code for Witcher 3, corporate documents and more.
SolarWinds Attack Reinforces Importance of Principle of Least Privilege
Taking stock of least-privilege policies will go a long way toward hardening an organization's overall security posture.Fighting Fileless Malware, Part 2: Countermeasures
Why do fileless attacks persist? Let's break down the strengths and weaknesses of the existing mitigations.
