Cybersecurity News
Zerologon attack lets hackers take over enterprise networks
If you're managing enterprise Windows Servers, don't skip on the August 2020 Patch Tuesday.14 September 2020
DeFi SushiSwap creator returns $14m in ETH to project after causing coin crash
Chef Nomi says they are sorry for wreaking havoc by cashing out $14 million without warning.14 September 2020
New BlindSide attack uses speculative execution to bypass ASLR
New BlindSide technique abuses the CPU's internal performance-boosting feature to bypass OS security protection.14 September 2020
A Real-World Tool for Organizing, Integrating Third-Party Tools
Omdia Cybersecurity Accelerator analyst Eric Parizo describes how a security product integration framework (SPIF) can unify best-of-breed architectures.13 September 2020
Leaky server exposes users of dating site network
Personal details of hundreds of thousands of dating site users were temporarily exposed online earlier this month.13 September 2020
Researcher kept a major Bitcoin bug secret for two years to prevent attacks
The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.12 September 2020
APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins
The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.11 September 2020
Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.11 September 2020
3 Secure Moments: A Tranquil Trio of Security Haiku
Placid poems to quiet the infosec pro's harried mind. (Or placid, by infosec standards.)11 September 2020
It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure
Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.11 September 2020
APT Groups Set Sights on Linux Targets: Inside the Trend
Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.11 September 2020
Ransomware Hits US District Court in Louisiana
The ransomware attack has exposed internal documents from the court and knocked its website offline.11 September 2020
Week in security with Tony Anscombe
ESET researchers have discovered and analyzed CDRThief, a malware that targets Voice over IP (VoIP) softswitches. Righard Zwienenberg deep in the lead-offering business and invites us to take steps to mitigate this problem. Finally, an overview of the TikTok pairing feature, which gives parents greater control over how their children interact with the app All
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
11 September 2020
WordPress Plugin Flaw Allows Attackers to Forge Emails
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.11 September 2020
Spear-Phishers Leverage Office 365 Ecosystem to Validate Stolen Creds in Real Time
New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in.11 September 2020
Fraud Prevention During the Pandemic
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.11 September 2020
Adult site users targeted with malicious ads redirecting to exploit kits, malware
Adult ad networks abused in last hurrah attacks before Flash and IE near EOL.11 September 2020
IRS offers grants for software to trace privacy-focused cryptocurrency trades
Grants of up to $625,000 will be issued in exchange for cryptocurrency tracking technologies.11 September 2020
ThreatConnect acquires enterprise risk management firm Nehemiah Security
ThreatConnect aims to create a full security lifestyle solutions portfolio suitable for enterprise players.11 September 2020
Porn site users targeted with malicious ads redirecting to exploit kits, malware
Adult ad networks abused in last hurrah attacks before Flash and IE near EOL.11 September 2020