Cybersecurity News
3M Users Targeted by Malicious Facebook, Insta Browser Add-Ons
Researchers identify malware existing in popular add-ons for Facebook, Vimeo, Instagram and others that are commonly used in browsers from Google and Microsoft.
Code42 Incydr Series: Bringing Shadow IT into the light with Code42 Incydr
The massive shift to remote work has turbocharged the shadow IT problem.
Ad-blocker AdGuard deploys world's first DNS-over-QUIC resolver
DNS-over-QUIC, or DoQ, is viewed as a superior, faster, and more private version of the DNS protocol, even DoH and DoT.VPNs, MFA & the Realities of Remote Work
The work-from-home-era is accelerating cloud-native service adoption.This ‘off the shelf’ Tor backdoor malware is now a firm favorite with ransomware operators
SystemBC is making its mark as a popular tool used in high-profile ransomware campaigns.IBM launches experimental homomorphic data encryption environment for the enterprise
Is it possible for fully homomorphic encryption to be a “game-changer” for data privacy? IBM intends to find out.Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia
ESET researchers have uncovered a supply-chain attack on the website of a government in Southeast Asia.
The post Operation SignSight: Supply‑chain attack against a certification authority in Southeast Asia appeared first on WeLiveSecurity
Phobos launches Orbital, a tool for finding attack pathways and entry points into your network
After months of work, teasing, and planning, Phobos Orbital is out of beta and available for trials.Three million users installed 28 malicious Chrome or Edge extensions
Extensions could redirect users to ads, phishing sites, collect user data, or download malware on infected systems.FireEye Identifies Killswitch for SolarWinds Malware as Victims Scramble to Respond
White House National Security Council establishes unified group to coordinate response across federal agencies to the threat.Attackers Leverage IMAP to Infiltrate Email Accounts
Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP.FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay
FBI says ransomware group has been calling victims, threatening to send individuals to their homes if they don't pay the ransom.New IRS Form Fraud Campaign Targets G Suite Users
At least 50,000 executives have been affected so far.US-CERT Reports 17,447 Vulnerabilities Recorded in 2020
This marks the fourth year in a row that a record number of vulnerabilities has been discovered, following 17,306 in 2019.Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.Why the Weakest Links Matter
The recent FireEye and SolarWinds compromises reinforce the fact that risks should be understood, controls should be in place, and care should be taken at every opportunity.Senior Managers Twice as Likely to Share Work Devices With Outsiders
New survey finds top C-suite managers are much shakier on security than their junior counterparts.
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a "killswitch" designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned.Ryuk, Egregor Ransomware Attacks Leverage SystemBC Backdoor
In the past few months researchers have detected hundreds of attempted SystemBC deployments globally, as part of recent Ryuk and Egregor ransomware attacks.
Outing of FSB hit squad highlights Russia's data security problem
Analysis: trade in stolen data is a boon for investigators and a headache for Kremlin
In early 2019, the journalist Andrei Zakharov managed to buy his own phone and banking records in a groundbreaking investigation into Russia’s thriving markets in stolen personal data, in which law enforcement and telecoms employees can be contracted anonymously to dip into their systems and pull out sensitive details on anyone.
A year and a half later, investigators from Bellingcat and the Insider used some of the same tools and clever analysis to out a secret FSB team that had been tasked with killing Alexei Navalny using a novichok nerve agent.
Related: Russian FSB hit squad poisoned Alexei Navalny, report says
Related: 'We got really lucky': how novichok suspects' identities were revealed
Continue reading...