Cybersecurity News


COVID-19 Creates Opening for OT Security Reform

Operations technology was once considered low risk, at least until the virus came along and re-arranged the threat landscape.
30 September 2020

Phishing Attack Targets Microsoft 365 Users With Netflix & Amazon Lures

Cyberattacker TA2552 primarily targets Spanish speakers with messages that leverage a narrow range of themes and popular brands.
30 September 2020

Facebook Small Business Grants Spark Identity-Theft Scam

Facebook Small Business Grants Spark Identity-Theft Scam The cybercrooks spread the COVID-19 relief scam via Telegram and WhatsApp, and ultimately harvest account credentials and even pics of IDs.
30 September 2020

Windows XP leak confirmed after user compiles the leaked code into a working OS

The Windows XP source code that leaked last week is incomplete, lacking some components, but is authentic.
30 September 2020

GitHub rolls out new Code Scanning security feature to all users

New Code Scanning feature will tell GitHub users when they've added known security flaws in their code
30 September 2020

Linkury adware caught distributing full-blown malware

Linkury (SafeFinder) installations linked to infections with the Socelars and Kpot infostealer trojans.
30 September 2020

Microsoft 365 services back online after hours‑long outage

Microsoft resolves a service disruption that affected Office 365, Outlook.com, Teams and other cloud-based services

The post Microsoft 365 services back online after hours‑long outage appeared first on WeLiveSecurity

30 September 2020

Microsoft Exchange Servers Still Open to Actively Exploited Flaw

Microsoft Exchange Servers Still Open to Actively Exploited Flaw Despite Microsoft issuing patches almost eight months ago, 61 percent of Exchange servers are still vulnerable.
30 September 2020

The Value of the PCI Secure Software Lifecycle Standard for Software Vendors


The PCI Secure Software Lifecycle (Secure SLC) Standard is part of the PCI Software Security Framework, which addresses security for software operating in payment environments. In this blog, we interview PCI Security Standards Council’s VP, Global Head of Programs, Gill Woodcock, about the Secure SLC Standard, what it is, and the value of adoption.

30 September 2020

Attacker Dwell Time: Ransomware's Most Important Metric

How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network
30 September 2020

$15 million business email scam campaign in the US exposed

The FBI is investigating the global campaign in which millions of dollars have been stolen from at least 150 victims.
30 September 2020

This worm phishing campaign is a game-changer in password theft, account takeovers

The security incident highlights the need for multi-factor authentication in the enterprise.
30 September 2020

APT‑C‑23 group evolves its Android spyware

ESET researchers uncover a new version of Android spyware used by the APT-C-23 threat group against targets in the Middle East

The post APT‑C‑23 group evolves its Android spyware appeared first on WeLiveSecurity

30 September 2020

Why Web Browser Padlocks Shouldn’t Be Trusted

Why Web Browser Padlocks Shouldn’t Be Trusted Popular ‘safe browsing’ padlocks are now passe as a majority of bad guys also use them.
29 September 2020

Twitter hires new CISO in industry veteran Rinki Sethi

Sethi previously served in security roles at Rubrik, IBM, Palo Alto Networks, Intuit, and eBay.
29 September 2020

Microsoft: Ransomware & Nation-State Attacks Rise, Get More Sophisticated

Malware-based attacks are out, phishing is in, along with credential stuffing and business email compromise. Microsoft recommends defensive tactics in its new report on rising threats.
29 September 2020

Who’s Behind Monday’s 14-State 911 Outage?

Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft's Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen, two companies that together handle 911 calls for a broad swath of the United States.
29 September 2020

DDoS Attacks Soar in First Half of 2020

Shorter, faster, multivector attacks had a greater impact on victims.
29 September 2020

New Campaign by China-Linked Group Targets US Orgs for First Time

In a least one instance, the Palmerworm APT group was able to remain undetected on a compromised system for nearly six months, according to Symantec.
29 September 2020

Securing Slack: 5 Tips for Safer Messaging, Collaboration

Securing Slack: 5 Tips for Safer Messaging, Collaboration Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.
29 September 2020