Cybersecurity News
Android Users Hit with ‘Undeletable’ Adware
Researcher say that 14.8 percent of Android users who were targeted with mobile malware or adware last year were left with undeletable files.
06 July 2020
Credit-Card Skimmer Seeks Websites Running Microsoft's ASP.NET
The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.06 July 2020
Admins Urged to Patch Critical F5 Flaw Under Active Attack
Security experts and the U.S. Cyber Command are urging admins to update a critical flaw in F5 Networks, which is under active attack.
06 July 2020
Android Adware Tied to Undeletable Malware
Adware on inexpensive Android smartphone can carry additional malware and be undeletable.06 July 2020
Lazarus Group Adds Magecart to the Mix
North Korea-based APT is targeting online payments made by American and European shoppers.
06 July 2020
US Secret Service reports an increase in hacked managed service providers (MSPs)
US Secret Service says hackers are breaching MSPs to orchestrate ransomware attacks, point-of-sale intrusions, and business email compromise (BEC) scams.06 July 2020
Purple Fox EK Adds Microsoft Exploits to Arsenal
Two exploits for Microsoft vulnerabilities have been added to the Purple Fox EK, showing ongoing development.
06 July 2020
The Fed shares insight on how to combat synthetic identity fraud
The Federal Reserve looks at ways to counter what is thought to be the fastest-growing type of financial crime in the country
The post The Fed shares insight on how to combat synthetic identity fraud appeared first on WeLiveSecurity
06 July 2020
Email Sender Identity is Key to Solving the Phishing Crisis
Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.
06 July 2020
How to Assess More Sophisticated IoT Threats
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.06 July 2020
VaultAge Solutions CEO goes into hiding to avoid cryptocurrency investors allegedly scammed out of $13 million
Roughly 2,000 investors have been left out of pocket by the alleged misappropriation of funds.06 July 2020
Yahoo engineer gets no jail time after hacking 6,000 accounts to look for porn
Hacker sentenced to five years probation, with home confinement condition.06 July 2020
USCYBERCOM urgently recommends F5 customers to patch CVE-2020-5902 and 5903 NOW
By William Knowles @c4i Senior Editor InfoSec News July 6, 2020 Just in case you accidentally had your work phone and duty pager in a Faraday bag all July 4th holiday weekend […]06 July 2020
North Korean hackers linked to web skimming (Magecart) attacks, report says
After hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware, North Korean hackers have now set their sights on online stores.06 July 2020
E-Verify’s “SSN Lock” is Nothing of the Sort
One of the most-read advice columns on this site is a 2018 piece called "Plant Your Flag, Mark Your Territory," which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number -- which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online. A reader who was recently the victim of unemployment insurance fraud said he was told he should create an account at the Department of Homeland Security's myE-Verify website, and place a lock on his Social Security number (SSN) to minimize the chances that ID thieves might abuse his identity for employment fraud in the future.04 July 2020
Hackers are trying to steal admin passwords from F5 BIG-IP devices
Threat actors have already started exploiting the F5 BIG-IP mega-bug, three days after it was disclosed.04 July 2020
Infosec community disagrees with changing 'black hat' term due to racial stereotyping
A Google security researcher withdrew from the Black Hat security conference and asked the community to stop using the 'black hat' term.04 July 2020
F5 patches vulnerability that received a CVSS 10 severity score
Remote code execution in F5 BIG-IP devices exposes governments, cloud providers, ISPs, banks, and many Fortune 500 companies to possible intrusions.03 July 2020
Week in security with Tony Anscombe
Brute-force attacks against RDP surge – Is contact tracing the answer to ending the COVID-19 crisis? – Microsoft ships urgent security updates
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
03 July 2020
New Apple macOS Big Sur feature to hamper adware operations
Apple has disabled the ability to silently install macOS profiles from the CLI in macOS 11, a measure that was widely employed by adware and malware gangs.03 July 2020