Cybersecurity News


Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation

Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
13 January 2021

Understanding TCP/IP Stack Vulnerabilities in the IoT

Understanding TCP/IP Stack Vulnerabilities in the IoT Internet of Things devices are highly susceptible to attacks, breaches, and flaws emanating from issues within the TCP/IP network communications architecture. Here's an overview of what you need to know to mitigate risks.
13 January 2021

Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data

Hackers Leak Stolen Pfizer-BioNTech COVID-19 Vaccine Data On the heels of a cyberattack on the EMA, cybercriminals have now leaked Pfizer and BioNTech COVID-19 vaccine data on the internet.
13 January 2021

Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove

Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove Watering-hole attacks executed by ‘experts’ exploited Chrome, Windows and Android flaws and were carried out on two servers.
13 January 2021

CES 2021: Router swarms invade your home (and know where you are)

New mesh Wi-Fi routers may be the answer to your wireless signal woes, but how about your privacy and security?

The post CES 2021: Router swarms invade your home (and know where you are) appeared first on WeLiveSecurity

13 January 2021

The Data-Centric Path to Zero Trust

Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
13 January 2021

TikTok tightens up privacy controls for young users

The default privacy setting for young users will now be set to private.
13 January 2021

CISOs Prep For COVID-19 Exposure Notification in the Workplace

CISOs Prep For COVID-19 Exposure Notification in the Workplace Security teams are preparing for the inevitable return to the workplace - and the privacy implications of exposure notification apps that companies may need to adopt.
13 January 2021

RG Coins cryptocurrency exchange owner lands 10 years behind bars for money laundering

Prosecutors uncovered fake auctions, scammed customers, and a web of cash-to-cryptocurrency schemes.
13 January 2021

Adobe fixes critical code execution vulnerabilities in 2021's first major patch round

Seven different products have received fixes during January’s security update.
13 January 2021

Microsoft Patch Tuesday, January 2021 Edition

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. Ten of the flaws earned Microsoft's most-dire "critical" rating, meaning they could be exploited by malware or miscreants to seize remote control over unpatched systems with little or no interaction from Windows users.
12 January 2021

More SolarWinds Attack Details Emerge

A third piece of malware is uncovered, but there's still plenty of unknowns about the epic attacks purportedly out of Russia.
12 January 2021

United Nations Security Flaw Exposed 100K Staff Records

Security researchers have disclosed a vulnerability they exploited to access more than 100,000 private employee records.
12 January 2021

Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes

Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes The first Patch Tuesday security bulletin for 2021 from Microsoft includes fixes for one bug under active attack, possibly linked to the massive SolarWinds hacks.
12 January 2021

Microsoft Defender Zero-Day Fixed in First Patch Tuesday of 2021

Microsoft patched 83 bugs, including a Microsoft Defender zero-day and one publicly known elevation of privilege flaw.
12 January 2021

SolarWinds: What Hit Us Could Hit Others

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company's software development labs honing their attack before inserting malicious code into updates that SolarWinds then shipped to thousands of customers. More worrisome, the research suggests the insidious methods used by the intruders to subvert the company's software development pipeline could be repurposed against many other major software providers.
12 January 2021

Google reveals sophisticated Windows & Android hacking operation

The attackers used a combination of Android, Chrome, and Windows vulnerabilities, including both zero-days and n-days exploits.
12 January 2021

How to Boost Executive Buy-In for Security Investments

Linking security budgets to breach-protection outcomes helps executives balance spending against risk and earns CISOs greater respect in the C-suite.
12 January 2021

Data Breach at ‘Resident Evil’ Gaming Company Widens

Data Breach at ‘Resident Evil’ Gaming Company Widens Capcom, the game developer behind Resident Evil, Street Fighter and Dark Stalkers, now says its recent attack compromised the personal data of up to 400,000 gamers.
12 January 2021

Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack

Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack A sophisticated threat actor has hijacked email security connections to spy on targets.
12 January 2021