Cybersecurity News
The Most Pressing Concerns Facing CISOs Today
Building security into the software development life cycle creates more visibility, but CISOs still need stay on top of any serious threats on the horizon, even if they are largely unknown.19 January 2021
Google Chrome 88 released with no Flash support, bringing an end to an era
Besides removing Flash, Google has also removed support for FTP links (ftp://) as well.19 January 2021
SolarWinds Malware Arsenal Widens with Raindrop
The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks.
19 January 2021
Linux Devices Under Attack by New FreakOut Malware
The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks.
19 January 2021
A Security Practitioner's Guide to Encrypted DNS
Best practices for a shifting visibility landscape.19 January 2021
Attackers Steal E-Mails, Info from OpenWrt Forum
Users of the Linux-based open-source firmware—which include developers from commercial router companies--may be targeted by phishing campaigns, administrators warn.
19 January 2021
FireEye releases tool for auditing networks for techniques used by SolarWinds hackers
New Azure AD Investigator is now available via GitHub.19 January 2021
Livecoin slams its doors shut after failing to recover from hack, financial loss
The exchange suffered an alleged cyberattack last month.19 January 2021
DNSpooq lets attackers poison DNS cache records
Network administrators urged to apply the latest Dnsmasq updates to prevent the new DNSpooq attacks.19 January 2021
Fourth malware strain discovered in SolarWinds incident
Symantec said it identified Raindrop, the fourth malware strain used in the SolarWinds breach, after Sunspot, Sunburst, and Teardrop.19 January 2021
New FreakOut botnet targets Linux systems running unpatched software
The botnet comes with features that can be used for DDoS attacks, ARP poisoning, hidden crypto-mining, launching brute-force attacks, and more.19 January 2021
US President Trump orders security assessment for Chinese-made drones
Drones sourced from “foreign adversaries” could be removed from federal activities.19 January 2021
OpenWRT reports data breach after hacker gained access to forum admin account
The OpenWRT wiki, which contains the official download links, was not compromised, the project said.18 January 2021
Joker’s Stash Carding Market to Call it Quits
Joker's Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it's closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.18 January 2021
WhatsApp delays privacy policy update after confusion, backlash
Millions of people flock to Signal and Telegram as WhatsApp scrambles to assuage users' concerns
The post WhatsApp delays privacy policy update after confusion, backlash appeared first on WeLiveSecurity
18 January 2021
Medical Device Security: Diagnosis Critical
Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced.
18 January 2021
UK police warn of sextortion attempts in intimate online dating chats
There are people out there trying to take advantage of the only way to date during a pandemic.18 January 2021
Multiple backdoors and vulnerabilities discovered in FiberHome routers
At least 28 backdoor accounts found in FiberHome FTTH ONT routers.18 January 2021
GDPR: German laptop retailer fined €10.4m for video-monitoring employees
NBB (notebooksbilliger.de) described the GDPR fine "as wrong as it is irresponsible."17 January 2021
DuckDuckGo surpasses 100 million daily search queries for the first time
DuckDuckGo reaches historic milestone in a week when both Signal and Telegram saw a huge influx of new users.16 January 2021
