Cybersecurity News
Open Source Security's Top Threat and What To Do About It
With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.14 September 2020
More Printers Could Mean Security Problems for Home-Bound Workers
Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.14 September 2020
Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency
Cyber-attacks on cloud systems spiked 250% from 2019 to 2020.14 September 2020
US citizen charged with running diamond Ponzi scheme, cryptocurrency scam
The operator claimed to have $25 million in diamond ‘stock’.14 September 2020
Zerologon attack lets hackers take over enterprise networks
If you're managing enterprise Windows Servers, don't skip on the August 2020 Patch Tuesday.14 September 2020
DeFi SushiSwap creator returns $14m in ETH to project after causing coin crash
Chef Nomi says they are sorry for wreaking havoc by cashing out $14 million without warning.14 September 2020
New BlindSide attack uses speculative execution to bypass ASLR
New BlindSide technique abuses the CPU's internal performance-boosting feature to bypass OS security protection.14 September 2020
A Real-World Tool for Organizing, Integrating Third-Party Tools
Omdia Cybersecurity Accelerator analyst Eric Parizo describes how a security product integration framework (SPIF) can unify best-of-breed architectures.13 September 2020
Leaky server exposes users of dating site network
Personal details of hundreds of thousands of dating site users were temporarily exposed online earlier this month.13 September 2020
Researcher kept a major Bitcoin bug secret for two years to prevent attacks
The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.12 September 2020
APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

11 September 2020
Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

11 September 2020
3 Secure Moments: A Tranquil Trio of Security Haiku

11 September 2020
It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

11 September 2020
APT Groups Set Sights on Linux Targets: Inside the Trend
Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.11 September 2020
Ransomware Hits US District Court in Louisiana
The ransomware attack has exposed internal documents from the court and knocked its website offline.11 September 2020
Week in security with Tony Anscombe
ESET researchers have discovered and analyzed CDRThief, a malware that targets Voice over IP (VoIP) softswitches. Righard Zwienenberg deep in the lead-offering business and invites us to take steps to mitigate this problem. Finally, an overview of the TikTok pairing feature, which gives parents greater control over how their children interact with the app All
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
11 September 2020
WordPress Plugin Flaw Allows Attackers to Forge Emails

11 September 2020
Spear-Phishers Leverage Office 365 Ecosystem to Validate Stolen Creds in Real Time
New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in.11 September 2020
Fraud Prevention During the Pandemic
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.11 September 2020