Cybersecurity News


Inside North Korea's Rapid Evolution to Cyber Superpower

Researchers examine North Korea's rapid evolution from destructive campaigns to complex and efficient cyber operations.
01 December 2020

Malicious or Vulnerable Docker Images Widespread, Firm Says

A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious.
01 December 2020

Misconfigured Docker Servers Under Attack by Xanthe Malware

Misconfigured Docker Servers Under Attack by Xanthe Malware The never-before-seen Xanthe cryptomining botnet has been targeting misconfigured Docker APIs.
01 December 2020

SASE 101: Why All the Buzz?

SASE 101: Why All the Buzz? Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.
01 December 2020

Android Messenger App Still Leaking Photos, Videos

Android Messenger App Still Leaking Photos, Videos The GO SMS Pro app has been downloaded 100 million times; now, underground forums are actively sharing images stolen from GO SMS servers.
01 December 2020

Cayman Islands Bank Records Exposed in Open Azure Blob

Cayman Islands Bank Records Exposed in Open Azure Blob An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.
01 December 2020

Malicious npm packages caught installing remote access trojans

JavaScript and Node.js developers who installed the jdb.js and db-json.js packages were infected with the njRAT malware.
01 December 2020

The Cybersecurity Skills Gap: It Doesn't Have to Be This Way

Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
01 December 2020

Cyberattackers could trick scientists into producing dangerous substances

Without ever setting foot in the lab, a threat actor could dupe DNA researchers into creating pathogens, according to a study describing "an end-to-end cyber-biological attack"

The post Cyberattackers could trick scientists into producing dangerous substances appeared first on WeLiveSecurity

01 December 2020

Call Fraud Operator Ordered to Pay $9M to Victims

Indian national will serve 20 years in prison for running a large call center fraud operation.
01 December 2020

FBI warns of email forwarding rules being abused in recent hacks

FBI: "The web-based client's forwarding rules often do not sync with the desktop client, limiting the rules' visibility to cyber security administrators."
01 December 2020

Zoom Impersonation Attacks Aim to Steal Credentials

Zoom Impersonation Attacks Aim to Steal Credentials The Better Business Bureau warns of phishing messages with the Zoom logo that tell recipients they have a missed meeting or suspended account.
01 December 2020

Electronic Medical Records Cracked Open by OpenClinic Bugs

Electronic Medical Records Cracked Open by OpenClinic Bugs Four security vulnerabilities in an open-source medical records management platform allow remote code execution, patient data theft and more.
01 December 2020

Ivanti Acquires MobileIron & Pulse Secure

The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.
01 December 2020

Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World

SPONSORED: As most of the world shifted to remote work in 2020, cybercriminals upped their game, devising ways to use the fears and anxieties of organizations and end users against them. Sophos Principal Research Scientist Chester Wisniewski discusses the fast-changing attacker behaviors outlined in the Sophos 2021 Threat Report, and how IT professionals need to update their approach to protect against more sophisticated threats.
01 December 2020

Microsoft removes 18 malicious Edge extensions for injecting ads into web pages

Some extensions mimicked official apps while others copied popular Chrome extensions.
01 December 2020

Can't Afford a Full-time CISO? Try the Virtual Version

A vCISO can align a company's information security program to business strategy and budgeting guidance to senior management.
01 December 2020

Former NSS Labs CEO Launches New Security Testing Organization

Member-based CyberRatings.org to offer free to tiered paid access to tested security product and services ratings.
01 December 2020

Bomb Threat, DDoS Purveyor Gets Eight Years

A 22-year-old North Carolina man has been sentenced to nearly eight years in prison for conducting bomb threats against thousands of schools in the U.S. and United Kingdom, launching distributed denial-of-service (DDoS) attacks, and for possessing sexually explicit images of minors.
01 December 2020

Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout

Magecart Attack Convincingly Hijacks PayPal Transactions at Checkout New credit-card skimmer uses postMessage to make malicious process look authentic to victims to steal payment data.
01 December 2020