Cybersecurity News
Emotet Return Brings New Tactics & Evasion Techniques
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.13 August 2020
High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
The cross-site scripting flaw could enable arbitrary code execution, information disclosure - and even account takeover.
13 August 2020
Signal adds message requests to stop spam and protect user privacy
New feature lets Signal users control who can text or voice call, add them to groups.13 August 2020
Amazon Alexa ‘One-Click’ Attack Can Divulge Personal Data
Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices.
13 August 2020
In one click: Amazon Alexa could be exploited for theft of voice history, PII, skill tampering
Subdomains belonging to the service were found to be harboring CORS errors and vulnerable to XSS attacks.13 August 2020
Mekotio: These aren’t the security updates you’re looking for…
Another in our occasional series demystifying Latin American banking trojans
The post Mekotio: These aren’t the security updates you’re looking for… appeared first on WeLiveSecurity
13 August 2020
FireEye’s bug bounty program goes public
42 vulnerabilities in FireEye domains have, so far, been resolved.13 August 2020
RedCurl cybercrime group has hacked companies for three years
New hacker group discovered; believed to operate out of Russia.13 August 2020
Unique Passwords
Make sure each of your accounts has a separate, unique password. Can't remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.13 August 2020
FireEye Announces New Bug-Bounty Program
The program, administered by Bugcrowd, will pay bounties of up to $2,500 per vulnerability.12 August 2020
Using 'Data for Good' to Control the Pandemic
The tech community should unite to develop and distribute a universal COVID-19 contact-tracing application. Here's why and how.12 August 2020
Women in Payments: Q&A with Robin Trickel
Companies achieve more when a variety of perspectives are represented at the table. In this month’s blog series, Robin Trickel explains why having a culturally different, or non-traditional, background may be the key to success in cybersecurity.
12 August 2020
SANS Security Training Firm Hit with Data Breach
A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.12 August 2020
ReVoLTE attack can decrypt 4G (LTE) calls to eavesdrop on conversations
Academics detail a new attack on 4G encrypted calls. Attack works only when the attacker is on the same base station (mobile tower) as the victim.12 August 2020
What is the cost of a data breach?
The price tag is higher if the incident exposed customer data or if it was the result of a malicious attack, an annual IBM study finds
The post What is the cost of a data breach? appeared first on WeLiveSecurity
12 August 2020
Name That Toon: 'Rise' and Shine
Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
12 August 2020
Citrix Warns of Critical Flaws in XenMobile Server
Citrix said that it anticipates malicious actors "will move quickly to exploit" two critical flaws in its mobile device management software.
12 August 2020
Why & Where You Should You Plant Your Flag
Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.12 August 2020
Threats vs. Thrift: Running Effective AppSec During a Global Crisis
By looking at security testing capacity, staff expertise, and risks throughout the software supply chain, application security teams can improve their overall effectiveness.12 August 2020
Kr00k, KRACK, and the Seams in Wi-Fi, IoT Encryption
Black Hat talk expands on research that uncovered more weaknesses in Wi-Fi chips allowing for the unauthorized decryption of traffic.12 August 2020