Cybersecurity News
Microsoft Teams flaw could let attackers hijack accounts
Microsoft plugs a security hole that could have enabled attackers to weaponize a GIF in order to hijack Teams accounts and steal data
The post Microsoft Teams flaw could let attackers hijack accounts appeared first on WeLiveSecurity
27 April 2020
Shade (Troldesh) ransomware shuts down and releases all decryption keys
The Shade ransomware gang have published more than 750,000 decryption keys on GitHub. Kaspersky is working on a decryption app.27 April 2020
Hackers Mount Zero-Day Attacks on Sophos Firewalls
A pre-auth SQL injection bug leading to remote code execution is at the heart of a data-stealing campaign against XG firewalls, using the Asnarok trojan.
27 April 2020
U.S. Universities Hit With ‘Adult Dating’ Spear-Phishing Attack
More than 150,000 emails spreading the Hupigon RAT that use adult dating as a lure have been uncovered, with almost half being sent to U.S. university and college email addresses.
27 April 2020
COVID-19 Quarantine: A Unique Learning Opportunity for Defenders
Use these spare moments at home to master new skills that will help protect your organization and enhance your career.27 April 2020
Israel government tells water treatment companies to change passwords
Israel cyber-security agency reported intrusion attempts last week.27 April 2020
Eight Common OT / Industrial Firewall Mistakes
Firewalls are easy to misconfigure. While the security consequences of such errors may be acceptable for some firewalls, the accumulated risks of misconfigured firewalls in a defense-in-depth OT network architecture are generally unacceptable.
27 April 2020
Germany pivots from centralized coronavirus tracing app to privacy-protecting alternative
The move will likely be applauded by privacy and civil rights groups.27 April 2020
Single Malicious GIF Opened Microsoft Teams to Nasty Attack
Now patched flaw allowed attacker to take over an organization’s entire roster of Microsoft Teams accounts.
27 April 2020
This is how viewing a GIF in Microsoft Teams triggered account hijacking bug
Seeing an animation was enough to be impacted, researchers say.27 April 2020
Hackers are exploiting a Sophos firewall zero-day
Sophos releases emergency patch to fix SQL injection bug exploited in the wild, impacting its XG Firewall product.25 April 2020
Health Prognosis on the Security of IoMT Devices? Not Good
As more so-called Internet of Medical Things devices go online, hospitals and medical facilities face significant challenges in securing them from attacks that could endanger patients' lives.25 April 2020
WHO Confirms Email Credentials Leak
Washington Post had identified the group as one among several whose passwords and emails were dumped online and abused.24 April 2020
SAS@home Virtual Summit Showcases New Threat Intel, Industry Changes
The free online conference, scheduled for April 28-30, will feature top security researchers from across the industry.
24 April 2020
Latest Apple Text-Bomb Crashes iPhones via Message Notifications
Sindhi-language characters can crash iPhones and other iOS/macOS devices if a victim views texts, Twitter posts or messages within various apps containing them.
24 April 2020
MSI Utility Vulnerability Based on Missing Quotation Marks
The lack of quotation marks in the way a service called an application left MSI computers open to persistent privilege escalation attacks.24 April 2020
Symlink race bugs discovered in 28 antivirus products
Most products have patched, researchers said, without naming the ones who skipped.24 April 2020
Apple Downplays Threat Posed by Newly Disclosed Zero-Days in iOS
Bugs don't pose an immediate threat, and there is no evidence they were exploited, as ZecOps claimed earlier this week, Apple says.24 April 2020
Cybercrime Group Steals $1.3M from Banks
A look at how the so-called Florentine Banker Group lurked for two months in a sophisticated business email compromise attack on Israeli and UK financial companies.24 April 2020
Find Your Framework: Thinking Fast and Slow
Economist Daniel Kahneman's classic book has lessons for those in security, especially now.24 April 2020