Cybersecurity News
Microsoft Revamps Windows Insider Preview Bug Bounty Program
Researchers can earn up to $100,000 for finding vulnerabilities in Microsoft's revamped Windows Insider Preview bug bounty program.
Ransomware attack on Garmin thought to be the work of 'Evil Corp'
Russian cybercrime gang is believed to be responsible for taking Garmin services offline
A ransomware attack that took the GPS and smartwatch business Garmin entirely offline for more than three days is believed to have been carried out by a Russian cybercriminal gang which calls itself “Evil Corp”.
Garmin began to restore services to customers on Monday morning, after being held hostage for a reported ransom of $10m, although some services were still operating with limited functionality.
Ransomware is the most common form of criminal malware currently in use. Targets are commonly infected through malicious emails, which may trick them into downloading and running the software, or through exploiting vulnerabilities in other software such as Adobe Flash. When the ransomware program is activated, it encrypts the user’s hard drive with a single use encryption key, before flashing up a message asking for ransom, typically in the form of a payment in the cryptocurrency Bitcoin.
Related: Garmin down: how to still get your activities on to Strava
Continue reading...Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns
Attackers are exploiting a high-severity vulnerability in Cisco's network security software products, which is used by Fortune 500 companies.
CISA says 62,000 QNAP NAS devices have been infected with the QSnatch malware
QSnatch malware, first spotted in late 2019, has grown from 7,000 bots to more than 62,000, according to a join US CISA and UK NCSC security alert.Almost 4,000 databases now wiped in ‘Meow’ attacks
The attackers and their motivations remain unknown; however, the incidents yet again highlight the risks of careless data security
The post Almost 4,000 databases now wiped in ‘Meow’ attacks appeared first on WeLiveSecurity
Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills
The U.S. government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement.
Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev
OAuth tokens have been abused for intrusions at least two other companies, Dave.com and Flood.io.Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.Cerberus banking Trojan team breaks up, source code goes to auction
The Android malware’s operator is hoping the code and client list will net them up to $100,000.Block/Allow: The Changing Face of Hacker Linguistics
Terms such as "whitelist," "blacklist," "master," and "slave" are being scrutinized again and by a wider range of tech companies than ever before.FBI warns of new DDoS attack vectors: CoAP, WS-DD, ARMS, and Jenkins
FBI believes device vendors won't disable these protocols and warns companies to take preventive and protective measures.Apple sued for not taking action against iTunes gift card scams
Plaintiffs in new class-action lawsuit claim Apple is directly benefiting and enabling iTunes gift card scams.Tech unicorn Dave admits to security breach impacting 7.5 million users
Dave user data is now available for download on a public hacking forum.7 Summer Travel Security Tips
With staying safe during the pandemic high priority, it's easy to let your guard down about the security of the devices you take along your travels.
Thinking of a Cybersecurity Career? Read This
Thousand of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here's a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields can better stand out from the crowd.Academics smuggle 234 policy-violating skills on the Alexa Skills Store
Academics said they also identified 52 problematic skills already available on the Alexa store, all targeted at children.Organizations Continue to Struggle With App Vulns
A high percentage of discovered bugs remain unremediated for a long time, a new study shows.Garmin Takes App & Services Offline After Suspected Ransomware Attack
Wearables company Garmin shut down its website, app, call centers, and other services in the aftermath of a security incident.DJI Drone App Riddled With Privacy Issues, Researchers Allege
The DJI GO 4 application open users’ sensitive data up for the taking, researchers allege.