Cybersecurity News
Attackers Steal Outlook Credentials Via Overlay Screens on Legitimate Sites
A phishing campaign uses overlay screens and email 'quarantine' policies to steal targets' Microsoft Outlook credentials.
04 September 2020
Week in security with Tony Anscombe
ESET research dissects KryptoCibule malware family – Why close unused accounts rather than just remove apps – Microsoft's new deepfake detector
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
04 September 2020
Strategic Cyber Warfare Heats Up
It's "anything goes," according to renowned hacker the Grugq, who drew a bright line between cyberwar and cyber warfare at this week's virtual Disclosure Conference.04 September 2020
The Hidden Security Risks of Business Applications
Today's enterprises depend on mission-critical applications to keep them productive, help better serve customers, and keep up with demand. It's important that they also know the risks.04 September 2020
US election: Two-thirds of typosquatted domains are non-malicious or parked sites
Digital Shadows researchers analyzed 225 typosquatted domains registered using election-related terms such as Trump, Biden, Pence, and others.04 September 2020
WhatsApp Discloses 6 Bugs via Dedicated Security Site
The company committed to more transparency about app flaws, with an advisory page aimed at keeping the community better informed of security vulnerabilities.
04 September 2020
Firefox will add a new drive-by-download protection
Firefox will block automatic downloads initiated from sandboxed iframes -- the technology usually used for web embeds.04 September 2020
Warner Music discloses months-long web skimming incident
Magecart hacker gangs strike again!03 September 2020
Facebook Announces Formal Vulnerability Disclosure Policy for Third-Party Bugs
The social media giant has also launched a new website for sharing information on WhatsApp security.03 September 2020
Evilnum APT Group Employs New Python RAT
The PyVil remote access Trojan enables attackers to exfiltrate data, perform keylogging, take screenshots, and deploy tools for credential theft.03 September 2020
Facebook explains how it will notify third-parties about bugs in their products
Companies have 21 days to acknowledge reports and 90 days to patch vulnerabilities; otherwise, Facebook will go public with bug details.03 September 2020
Facebook to list all WhatsApp security issues on a new dedicated website
New WhatsApp web page will let users and security researchers know when Facebook engineers patched a major security hole.03 September 2020
Typosquatting Intensifies Ahead of US Election
Mistyped URLs can mean more than inconvenience when a candidate's name is involved.03 September 2020
New Email-Based Malware Campaigns Target Businesses
Researchers who found "Salfram" say its campaigns use the same crypter to distribute payloads, including ZLoader, SmokeLoader, and AveMaria.03 September 2020
Fake Data and Fake Information: A Treasure Trove for Defenders
Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.03 September 2020
Attackers Can Exploit Critical Cisco Jabber Flaw With One Message
An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495.
03 September 2020
Google Ups Product-Abuse Bug Bounties
The top award for flaws that allow cybercriminals to abuse legitimate services has increased by 166 percent.
03 September 2020
Microsoft debuts deepfake detection tool
As the US presidential election nears, the company’s new tech should also help assure people that an image or video is authentic
The post Microsoft debuts deepfake detection tool appeared first on WeLiveSecurity
03 September 2020
Python-based Spy RAT Emerges to Target FinTech
The Evilnum APT has added the RAT to its arsenal as part of a big change-up in its TTPs.
03 September 2020
European ISPs report mysterious wave of DDoS attacks
Over the past week, multiple ISPs in Belgium, France, and the Netherlands reported DDoS attacks that targeted their DNS infrastructure.03 September 2020
