Cybersecurity News
Evilnum APT Group Employs New Python RAT
The PyVil remote access Trojan enables attackers to exfiltrate data, perform keylogging, take screenshots, and deploy tools for credential theft.03 September 2020
Facebook explains how it will notify third-parties about bugs in their products
Companies have 21 days to acknowledge reports and 90 days to patch vulnerabilities; otherwise, Facebook will go public with bug details.03 September 2020
Facebook to list all WhatsApp security issues on a new dedicated website
New WhatsApp web page will let users and security researchers know when Facebook engineers patched a major security hole.03 September 2020
Typosquatting Intensifies Ahead of US Election
Mistyped URLs can mean more than inconvenience when a candidate's name is involved.03 September 2020
New Email-Based Malware Campaigns Target Businesses
Researchers who found "Salfram" say its campaigns use the same crypter to distribute payloads, including ZLoader, SmokeLoader, and AveMaria.03 September 2020
Fake Data and Fake Information: A Treasure Trove for Defenders
Cybersecurity professionals are using false data to deceive cybercriminals, enabling them to protect networks in new and innovative ways.03 September 2020
Attackers Can Exploit Critical Cisco Jabber Flaw With One Message
An attacker can execute remote code with no user interaction, thanks to CVE-2020-3495.
03 September 2020
Google Ups Product-Abuse Bug Bounties
The top award for flaws that allow cybercriminals to abuse legitimate services has increased by 166 percent.
03 September 2020
Microsoft debuts deepfake detection tool
As the US presidential election nears, the company’s new tech should also help assure people that an image or video is authentic
The post Microsoft debuts deepfake detection tool appeared first on WeLiveSecurity
03 September 2020
Python-based Spy RAT Emerges to Target FinTech
The Evilnum APT has added the RAT to its arsenal as part of a big change-up in its TTPs.
03 September 2020
European ISPs report mysterious wave of DDoS attacks
Over the past week, multiple ISPs in Belgium, France, and the Netherlands reported DDoS attacks that targeted their DNS infrastructure.03 September 2020
Registration Now Open for Software Security Framework New Assessor Training
Registration is now open for Software Security Framework (SSF) New Assessor Training. PCI Security Standards Council (PCI SSC) recently announced the first training dates for its remote, instructor-led Secure Software Assessor and Secure Software Lifecycle Assessor classes, now available on the new eLearning platform.
03 September 2020
NSA Mass Surveillance Program Illegal, U.S. Court Rules
The NSA argued its mass surveillance program stopped terrorist attacks - but a new U.S. court ruling found that this is not, and may have even been unconstitutional.
03 September 2020
5 Ways for Cybersecurity Teams to Work Smarter, Not Harder
Burnout is real and pervasive, but some common sense tools and techniques can help mitigate all that.03 September 2020
India Blocks High-Profile Chinese Apps on Political, Privacy Concerns
Technology minister bans, Baidu, WeChat Work, AliPay and 115 others for capturing using data and transmitting it to servers outside of the country without authorization.
03 September 2020
MIT SCRAM: a new analysis platform for prioritizing enterprise security investments
The platform shows that data analysis can provide actionable insight for enterprise security.03 September 2020
Inter: a ‘low bar’ kit for Magecart credit card skimmer attacks on e-commerce websites
Researchers say that any attacker with a “little cash to burn” can join the attack trend.03 September 2020
Houseparty – should I stay or should I go now?
What’s the benefit of deleting your Houseparty – or any other unused – account, rather than just uninstalling the app?
The post Houseparty – should I stay or should I go now? appeared first on WeLiveSecurity
03 September 2020
WordPress File Manager plugin flaw causing website hijack exploited in the wild
The critical vulnerability has been utilized in hundreds of thousands of attacks.03 September 2020
Former IT director gets jail time for selling government's Cisco gear on eBay
Former Horry County IT security director sentenced to two years in federal prison.03 September 2020