1. Nmap Online
  2. Cybersecurity News

Cybersecurity News

iPhones vulnerable to hacking tool for months, researchers say

iPhones vulnerable to hacking tool for months, researchers say

Analysis: NSO Group’s Pegasus spyware could allegedly track locations and access passwords

For almost a year, spyware sold by Israel’s NSO Group was allegedly armed with a computer security super-weapon: a zero-footprint, zero-click, zero-day exploit that used a vulnerability in iMessage to seize control of an iPhone at the push of a button.

That means it would have left no visible trace of being placed on target’s phones, could be installed by simply sending a message that the victim didn’t even need to click on, and worked even on phones that were running the then-latest version of iOS, the operating system for iPhones.

Continue reading...
20 December 2020

Firefox to ship 'network partitioning' as a new anti-tracking defense

Firefox's "network partitioning" feature to ship in v85, scheduled for January 2021.
19 December 2020

Cloud is King: 9 Software Security Trends to Watch in 2021

Cloud is King: 9 Software Security Trends to Watch in 2021 Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year.
18 December 2020

Apple, Google, Microsoft, and Mozilla ban Kazakhstan's MitM HTTPS certificate

This marks the second time browsers makers had to intervene and block a certificate used by the Kazakhstan government to spy on its citizens.
18 December 2020

Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates

Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates Attack on thousands of other companies as "moment of reckoning" for governments and industry, company president says.
18 December 2020

FBI Warns of DoppelPaymer Attacks on Critical Infrastructure

The operators behind DoppelPaymer have begun calling victims to pressure them into paying ransom, officials say.
18 December 2020

Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims

Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims Examining the backdoor's DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign.
18 December 2020

VMware Flaw a Vector in SolarWinds Breach?

U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks.
18 December 2020

FBI & Interpol disrupt Joker's Stash, the internet's largest carding marketplace

Four threat intel firms, Digital Shadows, Intel 471, Gemini Advisory, and Kela, said the disruption was temporary.
18 December 2020

Week in security with Tony Anscombe

Supply‑chain attack against a certification authority in Southeast Asia. Holiday online… Safely! Scammers targeting PayPal users. Week in security with Tony Anscombe

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

18 December 2020

Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies

Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned.
18 December 2020

Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download

Cyberpunk 2077 Headaches Grow: New Spyware Found in Fake Android Download Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues.
18 December 2020

Insider Threats: What Are They, Really?

Insider Threats: What Are They, Really? "Insider threat" or "human error" shows up a lot as the major cause of data breaches across all types of reports out there. But often it's not defined, or it's not clearly defined, so people conjure up their own definition.
18 December 2020

5 Key Takeaways from the SolarWinds Breach

5 Key Takeaways from the SolarWinds Breach New details continue to emerge each day, and there may be many more lessons to learn from what could be among the largest cyberattacks ever.
18 December 2020

2021 Cybersecurity Predictions: The Intergalactic Battle Begins

There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.
18 December 2020

NSA warns of federated login abuse for local-to-cloud attacks

The US National Security Agency describes two techniques abused in recent attacks for escalating attacks from local networks to cloud infrastructure.
18 December 2020

Microsoft says it identified 40+ victims of the SolarWinds hack

Microsoft says 80% of the victims it identified were located in the United States.
17 December 2020

Microsoft was also breached in recent SolarWinds supply chain hack, report

Report claims that after hackers breached Microsoft, they used Microsoft's own products to attack other companies.
17 December 2020

Malicious Browser Extensions for Social Media Infect Millions of Systems

At least 28 third-party add-ons for top social media sites, including Facebook and Vimeo, redirect users to phishing sites and steal data.
17 December 2020

How to Increase Your Security Posture with Fewer Resources

How to Increase Your Security Posture with Fewer Resources Plixer's Justin Jett, Compliance & Audit director, discusses how to do more with less when your security resources are thin.
17 December 2020