Cybersecurity News


Zerologon attack lets hackers take over enterprise networks

If you're managing enterprise Windows Servers, don't skip on the August 2020 Patch Tuesday.
14 September 2020

DeFi SushiSwap creator returns $14m in ETH to project after causing coin crash

Chef Nomi says they are sorry for wreaking havoc by cashing out $14 million without warning.
14 September 2020

New BlindSide attack uses speculative execution to bypass ASLR

New BlindSide technique abuses the CPU's internal performance-boosting feature to bypass OS security protection.
14 September 2020

A Real-World Tool for Organizing, Integrating Third-Party Tools

Omdia Cybersecurity Accelerator analyst Eric Parizo describes how a security product integration framework (SPIF) can unify best-of-breed architectures.
13 September 2020

Leaky server exposes users of dating site network

Personal details of hundreds of thousands of dating site users were temporarily exposed online earlier this month.
13 September 2020

Researcher kept a major Bitcoin bug secret for two years to prevent attacks

The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.
12 September 2020

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.
11 September 2020

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
11 September 2020

3 Secure Moments: A Tranquil Trio of Security Haiku

3 Secure Moments: A Tranquil Trio of Security Haiku Placid poems to quiet the infosec pro's harried mind. (Or placid, by infosec standards.)
11 September 2020

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.
11 September 2020

APT Groups Set Sights on Linux Targets: Inside the Trend

Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
11 September 2020

Ransomware Hits US District Court in Louisiana

The ransomware attack has exposed internal documents from the court and knocked its website offline.
11 September 2020

Week in security with Tony Anscombe

ESET researchers have discovered and analyzed CDRThief, a malware that targets Voice over IP (VoIP) softswitches. Righard Zwienenberg deep in the lead-offering business and invites us to take steps to mitigate this problem. Finally, an overview of the TikTok pairing feature, which gives parents greater control over how their children interact with the app All

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

11 September 2020

WordPress Plugin Flaw Allows Attackers to Forge Emails

WordPress Plugin Flaw Allows Attackers to Forge Emails The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
11 September 2020

Spear-Phishers Leverage Office 365 Ecosystem to Validate Stolen Creds in Real Time

New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in.
11 September 2020

Fraud Prevention During the Pandemic

When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.
11 September 2020

Adult site users targeted with malicious ads redirecting to exploit kits, malware

Adult ad networks abused in last hurrah attacks before Flash and IE near EOL.
11 September 2020

IRS offers grants for software to trace privacy-focused cryptocurrency trades

Grants of up to $625,000 will be issued in exchange for cryptocurrency tracking technologies.
11 September 2020

ThreatConnect acquires enterprise risk management firm Nehemiah Security

ThreatConnect aims to create a full security lifestyle solutions portfolio suitable for enterprise players.
11 September 2020

Porn site users targeted with malicious ads redirecting to exploit kits, malware

Adult ad networks abused in last hurrah attacks before Flash and IE near EOL.
11 September 2020