Cybersecurity News
7 Infamous Moments in Adobe Flash's Security History
End-of-life is here: Adobe's support for Flash is gone as of Jan. 1. Here's what we won't miss about the multimedia software platform.
21 December 2020
Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack
The phones of 36 journalists were infected by four APTs, possibly linked to Saudi Arabia or the UAE.
21 December 2020
Simplifying Proactive Defense With Threat Playbooks
Fortinet's Derek Manky talks about how threat playbooks can equip defense teams with the tools they need to fight back against evolving attacker TTPs.
21 December 2020
Dark Web Pricing Skyrockets for Microsoft RDP Servers, Payment-Card Data
Underground marketplace pricing on RDP server access, compromised payment card data and DDoS-For-Hire services are surging.
21 December 2020
Critical Bugs in Dell Wyse Thin Clients Allow Code Execution, Client Takeovers
The bugs rate 10 out of 10 on the vulnerability-severity scale, thanks to the ease of exploitation.
21 December 2020
Hacker Dumps Crypto Wallet Customer Data; Active Attacks Follow
Customer data from a June attack against cryptocurrency wallet firm Ledger is now public and actively being used in attacks.
21 December 2020
Cybersecurity Advent calendar: Stay aware, stay safe!
When it comes to holiday gifts, surprise and wonder are always welcome. When it comes to protecting your security, however, you don’t want to leave anything to chance.
The post Cybersecurity Advent calendar: Stay aware, stay safe! appeared first on WeLiveSecurity
21 December 2020
We Have a National Cybersecurity Emergency -- Here's How We Can Respond
Let's prioritize bipartisan strategic actions that can ensure our national security and strengthen the economy. Here are five ideas for how to do that.21 December 2020
A second hacking group has targeted SolarWinds systems
Some SolarWinds systems were found compromised with malware named Supernova and CosmicGale, unrelated to the recent supply chain attack.21 December 2020
Telemed Poll Uncovers Biggest Risks and Best Practices
What are the riskiest links in the virtual healthcare chain? Threatpost readers weigh in as part of an exclusive telemed poll.
21 December 2020
Zero-click iOS zero-day found deployed against Al Jazeera employees
Zero-day exploited a vulnerability in the iMessages app, patched in iOS 14.20 December 2020
iPhones vulnerable to hacking tool for months, researchers say
Analysis: NSO Group’s Pegasus spyware could allegedly track locations and access passwords
For almost a year, spyware sold by Israel’s NSO Group was allegedly armed with a computer security super-weapon: a zero-footprint, zero-click, zero-day exploit that used a vulnerability in iMessage to seize control of an iPhone at the push of a button.
That means it would have left no visible trace of being placed on target’s phones, could be installed by simply sending a message that the victim didn’t even need to click on, and worked even on phones that were running the then-latest version of iOS, the operating system for iPhones.
Continue reading...20 December 2020
Firefox to ship 'network partitioning' as a new anti-tracking defense
Firefox's "network partitioning" feature to ship in v85, scheduled for January 2021.19 December 2020
Cloud is King: 9 Software Security Trends to Watch in 2021
Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year.
18 December 2020
Apple, Google, Microsoft, and Mozilla ban Kazakhstan's MitM HTTPS certificate
This marks the second time browsers makers had to intervene and block a certificate used by the Kazakhstan government to spy on its citizens.18 December 2020
Microsoft Confirms Its Network Was Breached With Tainted SolarWinds Updates
Attack on thousands of other companies as "moment of reckoning" for governments and industry, company president says.
18 December 2020
FBI Warns of DoppelPaymer Attacks on Critical Infrastructure
The operators behind DoppelPaymer have begun calling victims to pressure them into paying ransom, officials say.18 December 2020
Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims
Examining the backdoor's DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign.
18 December 2020
VMware Flaw a Vector in SolarWinds Breach?
U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks.18 December 2020
FBI & Interpol disrupt Joker's Stash, the internet's largest carding marketplace
Four threat intel firms, Digital Shadows, Intel 471, Gemini Advisory, and Kela, said the disruption was temporary.18 December 2020