Cybersecurity News

A Security Practitioner's Guide to Encrypted DNS

Best practices for a shifting visibility landscape.
19 January 2021

Attackers Steal E-Mails, Info from OpenWrt Forum

Attackers Steal E-Mails, Info from OpenWrt Forum Users of the Linux-based open-source firmware—which include developers from commercial router companies--may be targeted by phishing campaigns, administrators warn.
19 January 2021

FireEye releases tool for auditing networks for techniques used by SolarWinds hackers

New Azure AD Investigator is now available via GitHub.
19 January 2021

Livecoin slams its doors shut after failing to recover from hack, financial loss

The exchange suffered an alleged cyberattack last month.
19 January 2021

DNSpooq lets attackers poison DNS cache records

Network administrators urged to apply the latest Dnsmasq updates to prevent the new DNSpooq attacks.
19 January 2021

Fourth malware strain discovered in SolarWinds incident

Symantec said it identified Raindrop, the fourth malware strain used in the SolarWinds breach, after Sunspot, Sunburst, and Teardrop.
19 January 2021

New FreakOut botnet targets Linux systems running unpatched software

The botnet comes with features that can be used for DDoS attacks, ARP poisoning, hidden crypto-mining, launching brute-force attacks, and more.
19 January 2021

US President Trump orders security assessment for Chinese-made drones

Drones sourced from “foreign adversaries” could be removed from federal activities.
19 January 2021

OpenWRT reports data breach after hacker gained access to forum admin account

The OpenWRT wiki, which contains the official download links, was not compromised, the project said.
18 January 2021

Joker’s Stash Carding Market to Call it Quits

Joker's Stash, by some accounts the largest underground shop for selling stolen credit card and identity data, says it's closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers.
18 January 2021

WhatsApp delays privacy policy update after confusion, backlash

Millions of people flock to Signal and Telegram as WhatsApp scrambles to assuage users' concerns

The post WhatsApp delays privacy policy update after confusion, backlash appeared first on WeLiveSecurity

18 January 2021

Medical Device Security: Diagnosis Critical

Medical Device Security: Diagnosis Critical Medical-device security has long been a challenge, suffering the same uphill management battle that the entire sprawling mess of IoT gadgets has faced.
18 January 2021

UK police warn of sextortion attempts in intimate online dating chats

There are people out there trying to take advantage of the only way to date during a pandemic.
18 January 2021

Multiple backdoors and vulnerabilities discovered in FiberHome routers

At least 28 backdoor accounts found in FiberHome FTTH ONT routers.
18 January 2021

GDPR: German laptop retailer fined €10.4m for video-monitoring employees

NBB ( described the GDPR fine "as wrong as it is irresponsible."
17 January 2021

DuckDuckGo surpasses 100 million daily search queries for the first time

DuckDuckGo reaches historic milestone in a week when both Signal and Telegram saw a huge influx of new users.
16 January 2021

Iconic BugTraq security mailing list shuts down after 27 years

BugTraq launched in November 1993 and it was one of the first mailing lists dedicated to disclosing vulnerabilities.
15 January 2021

Joker's Stash, the internet's largest carding forum, is shutting down

Joker's Stash to shut down on February 15, 2021.
15 January 2021

Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show

Tractors, Pod Ice Cream and Lipstick Awarded CES 2021 Worst in Show Expert panel awards dubious honors to 2021 Consumer Electronics Show’s biggest flops, including security and privacy failures.
15 January 2021

Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’

Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’ Starting Feb. 9, Microsoft will enable Domain Controller “enforcement mode” by default to address CVE-2020-1472.
15 January 2021