Cybersecurity News


'Next-Gen' Supply Chain Attacks Surge 430%

Attackers are increasingly seeding open source projects with compromised components.
21 August 2020

Researchers Sound Alarm Over Malicious AWS Community AMIs

Researchers Sound Alarm Over Malicious AWS Community AMIs Malicious Community Amazon Machine Images are a ripe target for hackers, say researchers.
21 August 2020

News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More

News Wrap: AWS Cryptojacking Worm, IBM Privacy Lawsuit and More Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more.
21 August 2020

Post-Pandemic Digitalization: Building a Human-Centric Cybersecurity Strategy

COVID-19 won't be the last major disruption of its kind. Instead, it is a glimpse into what may be to come as digitalization continues to affect all aspects of our lives.
21 August 2020

Cryptominer Found Embedded in AWS Community AMI

Cryptominer Found Embedded in AWS Community AMI Researchers advise Amazon Web Services users running Community Amazon Machine Images to verify them for potentially malicious code.
21 August 2020

Former Uber CSO Charged With Paying ‘Hush Money’ in 2016 Breach Cover-Up

Former Uber CSO Charged With Paying ‘Hush Money’ in 2016 Breach Cover-Up Joseph Sullivan allegedly paid off $100K to the hackers responsible for a 2016 data breach, which exposed PII of 57 million passengers and drivers.
21 August 2020

Grandoreiro banking trojan impersonates Spain’s tax agency

Beware the tax bogeyman – there are tax scams aplenty

The post Grandoreiro banking trojan impersonates Spain’s tax agency appeared first on WeLiveSecurity

21 August 2020

MPs criticise privacy watchdog over NHS test-and-trace data

MPs criticise privacy watchdog over NHS test-and-trace data

UK information commissioner ‘must ensure government uses public’s data safely and legally’

A cross-party group of more than 20 MPs has accused the UK’s privacy watchdog of failing to hold the government to account for its failures in the NHS coronavirus test-and-trace programme.

The MPs have urged Elizabeth Denham, the information commissioner, to demand that the government change the programme after it admitted failing to conduct a legally required impact assessment of its privacy implications.

Continue reading...
21 August 2020

University of Utah pays $457,000 to ransomware gang

University officials restored from backups, but they had to pay the ransomware gang to prevent them from leaking student data.
20 August 2020

Instacart discloses security incident caused by two contractors

Instacart says two employees at a third-party support vendor accessed "more shopper profiles than was necessary."
20 August 2020

Smart-Lock Hacks Point to Larger IoT Problems

Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.
20 August 2020

Smart-Lock Hacks Point to Larger IoT Problems

Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.
20 August 2020

Former Uber CSO charged for 2016 hack cover-up

DOJ officials say former Uber CSO Joe Sullivan lied to management about the security breach and paid hush money to the hackers.
20 August 2020

Former Uber CSO Charged in Hack Cover-up

The charges stem from a 2016 attack in which 57 million records were breached.
20 August 2020

IBM Settles Lawsuit Over Weather Channel App Data Privacy

IBM Settles Lawsuit Over Weather Channel App Data Privacy The lawsuit alleged that the IBM-owned Weather Channel mobile app did not let users know it was selling their geolocation data.
20 August 2020

ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks

ATMs from the two companies had bugs that could have allowed card fraudsters to modify the amount of money they deposited on their card, and then abuse the new account balance for illegal cash withdrawals.
20 August 2020

Twitter Hack: The Spotlight that Insider Threats Need

The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.
20 August 2020

IBM Db2 Flaw Gives Attackers Read/Write Access to Shared Memory

Researchers discover a lack of explicit memory protections around the shared memory used by the Db2 trace facility.
20 August 2020

Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government

Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government The group has added a management console and a USB worming function to its main malware, Crimson RAT.
20 August 2020

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws

Microsoft Out-of-Band Security Update Fixes Windows Remote Access Flaws The unscheduled security update addresses two "important"-severity flaws in Windows 8.1 and Windows Server 2012.
20 August 2020