Cybersecurity News
U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise
Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company's customer base, experts say the incident may be just the first of many such disclosures.Startups Should Do Things That Don't Scale, but Security Isn't One of Them
Emerging businesses that don't embrace scalable security do so at their own peril.How scammers target PayPal users and how you can stay safe
What are some common ploys targeting PayPal users? Here’s what you should watch out for when using the popular payment service.
The post How scammers target PayPal users and how you can stay safe appeared first on WeLiveSecurity
Microsoft, FireEye confirm SolarWinds supply chain attack
Known victims so far include the US Treasury, the US NTIA, and FireEye itself.FireEye confirms SolarWinds supply chain attack
Known victims so far include the US Treasury, the US NTIA, and FireEye itself.PgMiner botnet attacks weakly secured PostgreSQL databases
Only PostgreSQL databases running on Linux servers have been attacked so far.FBI, CISA, MS-ISAC: Cybercriminals Increasingly Attacking K-12 Distance Learning
Ransomware attacks reported against US K-12 schools jumped from 28% in January through July to 57% in August and September.Security Issues in PoS Terminals Open Consumers to Fraud
Point-of-sale terminal vendors Verifone and Ingenico have issued mitigations after researchers found the devices use default passwords.
Adrozek Malware Delivers Fake Ads to 30K Devices a Day
The Adrozek ad-injecting browser modifier malware also extracts device data and steals credentials, making it an even more dangerous threat.
Zero-day in WordPress SMTP plugin abused to reset admin account passwords
A patch has been released earlier this week but many WordPress sites remained unpatched —as usual.Week in security with Tony Anscombe
ESET researchers discovered that chat software called Able Desktop, part of a business management suite popular in Mongolia was used to deliver the HyperBro backdoor (commonly used by LuckyMouse), the Korplug RAT , and a RAT called Tmanger. A Q&A with security researcher Alejandro Hernández, who has unearthed a long list of vulnerabilities in leading online trading platforms that may expose their users to a host of security and privacy
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
PGMiner, Innovative Monero-Mining Botnet, Surprises Researchers
The malware takes aim at PostgreSQL database servers with never-before-seen techniques.
Microsoft Warns of Powerful New Adware
The new adware, dubbed Adrozek, is being distributed by large, well organized threat actors, according to Microsoft research.Feds: K-12 Cyberattacks Dramatically on the Rise
Attackers are targeting students and faculty alike with malware, phishing, DDoS, Zoom bombs and more, the FBI and CISA said.
Facebook Shutters Accounts Used in APT32 Cyberattacks
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks.
7 Security Tips For Gamers
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
'Tis the Season to Confront Third-Party Risk
On any given day it's hard to ensure that outside companies and individuals adhere to an organization's security practices and policies. But when it's the holidays and, oh, a global pandemic, companies need to be extra vigilant.
Penetration Testing: A Road Map for Improving Outcomes
As cybersecurity incidents gain sophistication, to ensure we are assessing security postures effectively, it is critical to copy real-world adversaries' tools, tactics, and procedures during testing activities.Mastercard, Visa cut card payment ties with Pornhub over child abuse, illegal content allegations
Mastercard has terminated services whereas Visa has placed a temporary hold on card payments.Is your trading app putting your money at risk?
A Q&A with security researcher Alejandro Hernández, who has unearthed a long list of vulnerabilities in leading trading platforms that may expose their users to a host of security and privacy risks
The post Is your trading app putting your money at risk? appeared first on WeLiveSecurity