Cybersecurity News
Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs
Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.
14 September 2020
E-Commerce Sites Hit With New Attack on Magento
The campaign targeted sites running Magento Version 1, a version of the e-commerce software that is past end-of-life.14 September 2020
Security Through an Economics Lens: A Guide for CISOs
An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.14 September 2020
Cloud Leak Exposes 320M Dating-Site Records
A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.
14 September 2020
Due Diligence That Money Can’t Buy
Most of us automatically put our guard up when someone we don't know promises something too good to be true. But when the too-good-to-be-true thing starts as our idea, sometimes that instinct fails to kick in. Here's the story of how companies searching for investors to believe in their ideas can run into trouble.14 September 2020
FBI says credential stuffing attacks are behind some recent bank hacks
The FBI is raising a sign of alarm about the rising number of credential stuffing attacks targeting financial institutions.14 September 2020
TikTok Fixes Flaws That Opened Android App to Compromise
The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.
14 September 2020
Magecart Attack Impacts More Than 10K Online Shoppers
Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.
14 September 2020
Virginia's Largest School System Hit With Ransomware
Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.14 September 2020
Benefits of Becoming a Participating Organization
It is great that your organization takes securing payment data seriously. Now is the time to take the next step forward and make a difference by becoming a PCI SSC Participating Organization, (PO). POs play a key role in both influencing the ongoing development of PCI Security Standards and programs, and in helping ensure that PCI Security Standards are implemented globally to secure payment data.
14 September 2020
CISA: Chinese state hackers are exploiting F5, Citrix, Pulse Secure, and Exchange bugs
CISA says attacks have started a year ago and some have been successful.14 September 2020
Open Source Security's Top Threat and What To Do About It
With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.14 September 2020
More Printers Could Mean Security Problems for Home-Bound Workers
Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.14 September 2020
Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency
Cyber-attacks on cloud systems spiked 250% from 2019 to 2020.14 September 2020
US citizen charged with running diamond Ponzi scheme, cryptocurrency scam
The operator claimed to have $25 million in diamond ‘stock’.14 September 2020
Zerologon attack lets hackers take over enterprise networks
If you're managing enterprise Windows Servers, don't skip on the August 2020 Patch Tuesday.14 September 2020
DeFi SushiSwap creator returns $14m in ETH to project after causing coin crash
Chef Nomi says they are sorry for wreaking havoc by cashing out $14 million without warning.14 September 2020
New BlindSide attack uses speculative execution to bypass ASLR
New BlindSide technique abuses the CPU's internal performance-boosting feature to bypass OS security protection.14 September 2020
A Real-World Tool for Organizing, Integrating Third-Party Tools
Omdia Cybersecurity Accelerator analyst Eric Parizo describes how a security product integration framework (SPIF) can unify best-of-breed architectures.13 September 2020
Leaky server exposes users of dating site network
Personal details of hundreds of thousands of dating site users were temporarily exposed online earlier this month.13 September 2020