Cybersecurity News
Attackers Can Exploit Critical Cisco Jabber Flaw With One Message
An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495.
03 September 2020
Google Ups Product-Abuse Bug Bounties
The top award for flaws that allow cybercriminals to abuse legitimate services has increased by 166 percent.
03 September 2020
Microsoft debuts deepfake detection tool
As the US presidential election nears, the company’s new tech should also help assure people that an image or video is authentic
The post Microsoft debuts deepfake detection tool appeared first on WeLiveSecurity
03 September 2020
Python-based Spy RAT Emerges to Target FinTech
The Evilnum APT has added the RAT to its arsenal as part of a big change-up in its TTPs.
03 September 2020
European ISPs report mysterious wave of DDoS attacks
Over the past week, multiple ISPs in Belgium, France, and the Netherlands reported DDoS attacks that targeted their DNS infrastructure.03 September 2020
Registration Now Open for Software Security Framework New Assessor Training
Registration is now open for Software Security Framework (SSF) New Assessor Training. PCI Security Standards Council (PCI SSC) recently announced the first training dates for its remote, instructor-led Secure Software Assessor and Secure Software Lifecycle Assessor classes, now available on the new eLearning platform.
03 September 2020
NSA Mass Surveillance Program Illegal, U.S. Court Rules
The NSA argued its mass surveillance program stopped terrorist attacks - but a new U.S. court ruling found that this is not, and may have even been unconstitutional.
03 September 2020
5 Ways for Cybersecurity Teams to Work Smarter, Not Harder
Burnout is real and pervasive, but some common sense tools and techniques can help mitigate all that.03 September 2020
India Blocks High-Profile Chinese Apps on Political, Privacy Concerns
Technology minister bans, Baidu, WeChat Work, AliPay and 115 others for capturing using data and transmitting it to servers outside of the country without authorization.
03 September 2020
MIT SCRAM: a new analysis platform for prioritizing enterprise security investments
The platform shows that data analysis can provide actionable insight for enterprise security.03 September 2020
Inter: a ‘low bar’ kit for Magecart credit card skimmer attacks on e-commerce websites
Researchers say that any attacker with a “little cash to burn” can join the attack trend.03 September 2020
Houseparty – should I stay or should I go now?
What’s the benefit of deleting your Houseparty – or any other unused – account, rather than just uninstalling the app?
The post Houseparty – should I stay or should I go now? appeared first on WeLiveSecurity
03 September 2020
WordPress File Manager plugin flaw causing website hijack exploited in the wild
The critical vulnerability has been utilized in hundreds of thousands of attacks.03 September 2020
Former IT director gets jail time for selling government's Cisco gear on eBay
Former Horry County IT security director sentenced to two years in federal prison.03 September 2020
The Joys of Owning an ‘OG’ Email Account
When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable for day-to-day communications because it tends to bury emails you do want to receive. But there is also a puzzling side to all this noise: Random people tend to use your account as if it were theirs, and often for some fairly sensitive services online.02 September 2020
Most IoT Hardware Dangerously Easy to Crack
Manufacturers need to invest more effort into protecting root-level access to connected devices, security researcher says.02 September 2020
55% of Cybersquatted Domains Are Malicious or Potentially Fraudulent
The largest online companies, such as Apple and PayPal, and banks are being targeted by cybersquatters, who are also taking advantage of the pandemic, a study finds.02 September 2020
Facebook & Twitter Remove Russian Accounts Spreading Disinformation
The Russia-backed Internet Research Agency has returned with new strategies to sway voters ahead of the 2020 presidential election.02 September 2020
Google removes Android app that was used to spy on Belarusian protesters
App mimicked a popular anti-government news site and collected location and device owner details.02 September 2020
U.S. Agencies Must Adopt Vulnerability-Disclosure Policies by March 2021
U.S. agencies must implement vulnerability-disclosure policies by March 2021, according to a new CISA mandate.
02 September 2020