Cybersecurity News


Fast-Moving DDoS Botnet Exploits Unpatched ZyXel RCE Bug

Fast-Moving DDoS Botnet Exploits Unpatched ZyXel RCE Bug The rapidly evolving Hoaxcalls botnet is exploiting an unpatched vulnerability in the ZyXEL Cloud CNM SecuManager in a bid to widen its spread.
22 April 2020

Apple iOS Zero-Day Vulnerabilities Exploited in Targeted Attacks

One of the flaws is remotely exploitable with no user interaction needed, ZecOps says.
22 April 2020

NSA Issues Guidance for Combating Web Shell Malware

The US intelligence agency teamed up with Australian Signals Directorate in newly released information on how to protect Web servers from the malware.
22 April 2020

5 Ways to Prove Security's Worth in the Age of COVID-19

5 Ways to Prove Security's Worth in the Age of COVID-19 Tightened budgets are placing jobs at risk, but security pros say they're armed with ways to demonstrate that what they're doing merits keeping them employed.
22 April 2020

11 Tips for Protecting Active Directory While Working from Home

To improve the security of your corporate's network, protect the remote use of AD credentials.
22 April 2020

Security researcher identifies new APT group mentioned in 2017 Shadow Brokers leak

Shadow Brokers data dump yields another one of its secrets
22 April 2020

Learning From the Honeypot: A Researcher and a Duplicitous Docker Image

Learning From the Honeypot: A Researcher and a Duplicitous Docker Image When Larry Cashdollar set up a honeypot in a Docker image, he found behavior that was more enlightening than he had imagined.
22 April 2020

Apple Patches Two iOS Zero-Days Abused for Years

Apple Patches Two iOS Zero-Days Abused for Years Researchers revealed two zero-day security vulnerabilities affecting Apple's stock Mail app on iOS devices.
22 April 2020

Connected Home Hubs Open Houses to Full Remote Takeover

Connected Home Hubs Open Houses to Full Remote Takeover Users should update their firmware for three popular smart-home hubs.
22 April 2020

Making the Case for Process Documentation in Cyber Threat Intel

Standard language and processes, not to mention more efficient dissemination of findings and alerts all make documenting your security processes a must
22 April 2020

LA County Hit with DoppelPaymer Ransomware Attack

LA County Hit with DoppelPaymer Ransomware Attack The DoppelPaymer ransomware group is claiming that it launched a cyberattack against Torrance - and is now leaking the LA city's data online.
22 April 2020

Apple investigating report of a new iOS exploit being used in the wild

Cyber-security firm ZecOps said today it detected attacks against high-profile targets using a new iOS email exploit.
22 April 2020

Updated Guidance: Responding to a Data Breach


PCI Security Standards Council recently updated the guidance document: Responding to a Cardholder Data Breach. This guide is intended to help merchants and service providers with incident response preparation. This guide also describes how and when a Payment Card Industry Forensic Investigator (PFI) should be engaged to assist.

22 April 2020

Microsoft Issues Out-Of-Band Security Update For Office, Paint 3D

Microsoft Issues Out-Of-Band Security Update For Office, Paint 3D The flaws exist in Autodesk's FBX library, integrated in Microsoft's Office, Office 365 ProPlus and Paint 3D applications.
22 April 2020

8 Steps to Enhance Government Agencies' Security Posture

Given the heterogeneous architectures of critical state and local systems, it's imperative we learn from the security exposures of other critical infrastructure and pledge to be better
22 April 2020

SBA Security Incident May Affect Nearly 8,000 Businesses

Business owners who applied for federal disaster loans may have had information exposed to other applicants, the Small Business Administration reports.
22 April 2020

Poll: Worried About Losing Your Job?

With the unemployment rate surging due to COVID-19, are you concerned your job is in jeopardy?
22 April 2020

Small Businesses Tapping COVID-19 Loans Hit with Data Exposure

Small Businesses Tapping COVID-19 Loans Hit with Data Exposure The SBA said sensitive information about applicants may have been revealed to others applying for disaster loan program funds.
22 April 2020

This is what happens to cryptocurrency paid out in sextortion campaigns

Researchers have followed the trail of dirty coins generated through extorting sextortion spam victims.
22 April 2020

Hackers have breached 60 ad servers to load their own malicious ads

Why buy legitimate ad slots to deliver malvertising when you can just hack the server instead.
22 April 2020