Cybersecurity News


BumbleBee Opens Exchange Servers in xHunt Spy Campaign

BumbleBee Opens Exchange Servers in xHunt Spy Campaign The BumbleBee web shell allows APT attackers to upload and download files, and move laterally by running commands.
12 January 2021

Microsoft fixes Defender zero-day in January 2021 Patch Tuesday

Microsoft fixes 83 security bugs in the January 2021 Patch Tuesday releases.
12 January 2021

Adobe Fixes 7 Critical Flaws, Blocks Flash Player Content

Adobe Fixes 7 Critical Flaws, Blocks Flash Player Content Adobe issued patches for seven critical arbitrary-code-execution flaws plaguing Windows and MacOS users.
12 January 2021

Europol Reveals Dismantling of ‘Largest’ Underground Marketplace

Europol Reveals Dismantling of ‘Largest’ Underground Marketplace Europol announced a wide-ranging investigation that led to the arrest of the alleged DarkMarket operator and the seizure of the marketplace's infrastructure, including more than 20 servers.
12 January 2021

Security Operations Struggle to Defend Value, Keep Workers

Companies continue to value security operations centers but the economics are increasingly challenging, with high analyst turnover and questions raised over return on investment.
12 January 2021

Bringing Zero Trust to Secure Remote Access

Bringing Zero Trust to Secure Remote Access Demand for secure remote access has skyrocketed during the pandemic. Here Omdia profiles more secure alternatives to virtual private network (VPN) technology.
12 January 2021

Mimecast says hackers abused one of its certificates to access Microsoft accounts

Mimecast, a provider of email management software, said learned of the security incident from Microsoft.
12 January 2021

Ethical Hackers Breach U.N., Access 100,000 Private Records

Ethical Hackers Breach U.N., Access 100,000 Private Records Researchers informed organization of a flaw that exposed GitHub credentials through the organization’s vulnerability disclosure program.
12 January 2021

Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas

It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
12 January 2021

macOS malware used run-only AppleScripts to avoid detection for five years

The macOS.OSAMiner has been active since 2015, primarily infecting users in Asia.
12 January 2021

Post-Backlash, WhatsApp Spells Out Privacy Policy Updates

Post-Backlash, WhatsApp Spells Out Privacy Policy Updates WhatsApp aimed to clear the air about its updated privacy policy after reports of mandatory data sharing with Facebook drove users to Signal and Telegram in troves.
12 January 2021

Operation Spalax: Targeted malware attacks in Colombia

ESET researchers uncover attacks targeting Colombian government institutions and private companies, especially from the energy and metallurgical industries

The post Operation Spalax: Targeted malware attacks in Colombia appeared first on WeLiveSecurity

12 January 2021

Colombian energy, metal firms under fire in new Trojan attack wave

Threat actors have selected three different Trojans to conduct cyberespionage.
12 January 2021

Facebook targets “stop the steal” content ahead of Inauguration Day

Facebook is ramping up content moderation efforts with “new urgency.”
12 January 2021

Third malware strain discovered in SolarWinds supply chain attack

CrowdStrike, one of the two security firms formally investigating the hack, sheds some light on how hackers compromised the SolarWinds Orion app build process.
11 January 2021

Intel's New vPro Processors Aim to Help Defend Against Ransomware

The newest Intel Core vPro mobile platform gives PC hardware a direct role in detecting ransomware attacks.
11 January 2021

IoT Vendor Ubiquiti Suffers Data Breach

Cloud provider hosting "certain" IT systems attacked, company says.
11 January 2021

Aliens and UFOs: A Final Frontier for Social Engineers

Aliens and UFOs: A Final Frontier for Social Engineers The release of a CIA archive on UFOs is exactly the kind of headline-making event that phishing and scam actors long for.
11 January 2021

Millions of Social Profiles Leaked by Chinese Data-Scrapers

Millions of Social Profiles Leaked by Chinese Data-Scrapers A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn.
11 January 2021

Ubiquiti: Change Your Password, Enable 2FA

Ubiquiti, a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders, security cameras and access control systems, is urging customers to change their passwords and enable multi-factor authentication. The company says an incident at a third-party cloud provider may have exposed customer account information and credentials used to remotely manage Ubiquiti gear.
11 January 2021