Cybersecurity News
Good Heavens! 10M Impacted in Pray.com Data Exposure
The information exposed in a public cloud bucket included PII, church-donation information, photos and users' contact lists.
20 November 2020
Facebook Messenger Flaw Enabled Spying on Android Callees
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.20 November 2020
How Industrial IoT Security Can Catch Up With OT/IT Convergence
Ransomware can easily make a connection between IT and OT already. How can blue teams do the same?
20 November 2020
Security Pros Push for More Pervasive Threat Modeling
With the release of the "Threat Modeling Manifesto," a group of 16 security professionals hope to prompt more companies to consider the threats to software.20 November 2020
Drupal sites vulnerable to double-extension attacks
The 90s called. They want their vulnerability back.20 November 2020
Week in security with Tony Anscombe
Lazarus takes aim at South Korea via an unusual supply-chain attack – The harsh reality of poor passwords – Bumble bitten by bugs
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
20 November 2020
New Grelos Skimmer Variants Siphon Credit Card Data
Domains related to the new variant of the Grelos web skimmer have compromised dozens of websites so far.
20 November 2020
5 takeaways from the 2020 (ISC)2 Cybersecurity Workforce Study
From the impact of the pandemic on cybersecurity careers to workers’ job satisfaction, the report offers a number of interesting findings
The post 5 takeaways from the 2020 (ISC)<sup>2</sup> Cybersecurity Workforce Study appeared first on WeLiveSecurity
20 November 2020
SAFECode and PCI SSC Discuss the Evolution of Secure Software
When the PCI Security Standards Council (PCI SSC) developed its Software Security Framework (SSF) a few years ago, it relied on the expertise of a Software Security Task Force. As part of this task force, SAFECode, along with other industry partners, played an instrumental role in the development of the framework and its standards.
20 November 2020
Facebook Messenger Bug Allows Spying on Android Users
The company patched a vulnerability that could connected video and audio calls without the knowledge of the person receiving them.
20 November 2020
Convicted SIM Swapper Gets 3 Years in Jail
A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping, a […]20 November 2020
How Cyberattacks Work
Cyberattacks are run like military attacks, in four main phases: reconnaissance, attack, exfiltration, and maintaining position. Understanding this makes fighting back easier.20 November 2020
Two Romanians arrested for running three malware services
The two ran two malware crypter services called CyberSeal and DataProtector, and a malware testing service called CyberScan.20 November 2020
The malware that usually installs ransomware and you need to remove right away
If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems.20 November 2020
Telos Goes Public
Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.19 November 2020
ISP Security: Do We Expect Too Much?
With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. The question becomes, is the security provided by ISPs good enough to be the only security SMBs and remote employees need?
19 November 2020
Iowa Hospital Alerts 60K Individuals Affected by June Data Breach
The data breach began with a compromised employee email account.19 November 2020
Cybercriminals Get Creative With Google Services
Attacks take advantage of popular services, including Google Forms and Google Docs.19 November 2020
Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack
Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.
19 November 2020
German COVID-19 Contact-Tracing Vulnerability Allowed RCE
Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration.
19 November 2020