Cybersecurity News


DoJ's Microsoft 365 Email Accounts Compromised in SolarWinds Attacks

Three percent of email accounts were breached, the Department of Justice reports.
06 January 2021

Feds Issue Recommendations for Maritime Cybersecurity

Feds Issue Recommendations for Maritime Cybersecurity Report outlines deep cybersecurity challenges for the public/private seagoing sector.
06 January 2021

Friction Affliction: How to Balance Security With User Experience

Friction Affliction: How to Balance Security With User Experience There's a fine line between protecting against suspicious, malicious, or unwanted activity and making users jump through hoops to prove themselves.
06 January 2021

SolarWinds fallout: DOJ says hackers accessed its Microsoft O365 email server

The US Department of Justice is one of the rare SolarWinds victims where hackers escalated the hack to a second phase and moved to access internal email inboxes, the agency said today.
06 January 2021

Request for Comments: SPoC Unsupported Operating Systems Annex

 

From 6 January 2021 to 4 February 2021, PCI SSC stakeholders can participate in a Request for Comments (RFC) on the new SPoC Unsupported Operating Systems Annex draft.

06 January 2021

Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw

Cybercriminals Ramp Up Exploits Against Serious Zyxel Flaw More than 100,000 Zyxel networking products could be vulnerable to a hardcoded credential vulnerability (CVE-2020-29583) potentially allowing cybercriminal device takeover.
06 January 2021

Nissan source code leaked online after Git repo misconfiguration

Nissan was allegedly running a Bitbucket Git server with the default credentials of admin/admin.
06 January 2021

Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack

Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack The widespread compromise affecting key government agencies is ongoing, according to the U.S. government.
06 January 2021

How to Protect Your Organization's Digital Footprint

As the digital risk landscape evolves and grows, organizations must stay vigilant against online threats.
06 January 2021

6 Open Source Tools for Your Security Team

6 Open Source Tools for Your Security Team Open source tools can be great additions to your cloud security arsenal. Here are a half-dozen to get you started.
06 January 2021

Dark Web Forum Activity Surged 44% in Early COVID Months

Researchers analyzed the activity of five popular English- and Russian-speaking Dark Web forums and discovered exponential membership growth.
05 January 2021

RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework

RCE ‘Bug’ Found and Disputed in Popular PHP Scripting Framework Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.
05 January 2021

China's APT Groups May Be Looking to Cash In

Two campaigns have resulted in encrypted drives and ransom notes, suggesting that some China-linked nation-state advanced persistent threat groups have added financial gain as a motive, researchers say.
05 January 2021

Cyberattacks on Healthcare Spike 45% Since November

Cyberattacks on Healthcare Spike 45% Since November The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike.
05 January 2021

SolarWinds Hit With Class-Action Lawsuit Following Orion Breach

SolarWinds shareholders accuse the company of lying about its security practices ahead of the disclosure of a massive security incident.
05 January 2021

FBI, CISA, NSA & ODNI Cite Russia in Joint Statement on 'Serious' SolarWinds Attacks

The attacks appear to be an "intelligence-gathering" mission, the agencies said.
05 January 2021

US government formally blames Russia for SolarWinds hack

Joint statement from the FBI, CISA, ODNI, and NSA says SolarWinds hack was "likely Russian in origin."
05 January 2021

Stolen employee credentials put leading gaming firms at risk

It’s hardly fun and games for top gaming companies and their customers as half a million employee credentials turn up for sale on the dark web

The post Stolen employee credentials put leading gaming firms at risk appeared first on WeLiveSecurity

05 January 2021

Telegram Triangulation Pinpoints Users’ Exact Locations

Telegram Triangulation Pinpoints Users’ Exact Locations The "People Nearby" feature in the secure messaging app can be abused to unmask a user's precise location, a researcher said.
05 January 2021

Google Warns of Critical Android Remote Code Execution Bug

Google Warns of Critical Android Remote Code Execution Bug Google's Android security update addressed 43 bugs overall affecting Android handsets, including Samsung phones.
05 January 2021