Cybersecurity News


Google Play Apps Remain Vulnerable to High-Severity Flaw

Google Play Apps Remain Vulnerable to High-Severity Flaw Patches for a flaw (CVE-2020-8913) in the Google Play Core Library have not been implemented by several popular Google Play apps, including Cisco Teams and Edge.
03 December 2020

This phishing group is targeting COVID-19 vaccine supply chains

Clues indicate state-sponsored hackers may be to blame.
03 December 2020

Mysterious phishing campaign targets organizations in COVID-19 vaccine cold chain

Targets include EU directorates, companies making vaccine shipping containers, a website development firm linked to vaccine supply chains.
03 December 2020

8% of all Google Play apps vulnerable to old security bug

Devs have not updated a crucial library inside their apps, leaving users exposed to dangerous attacks. Some of the vulnerable apps include Microsoft's Edge browser, Grindr, OKCupid, and Cisco Teams.
03 December 2020

New TrickBot version can tamper with UEFI/BIOS firmware

New TrickBot feature scares security researchers.
03 December 2020

Compounder Finance DeFi project allegedly pulls the rug from under investors, $11 million stolen

One investor is offering a $100,000 bounty leading to the unmasking of the thief, or thieves, involved.
03 December 2020

Cybersecurity Trends 2021: Staying secure in uncertain times

ESET experts look back at some of the key themes that defined the cybersecurity landscape in the year that’s ending and give their takes on what to expect in 2021

The post Cybersecurity Trends 2021: Staying secure in uncertain times appeared first on WeLiveSecurity

03 December 2020

Open Source Flaws Take Years to Find But Just a Month to Fix

Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
02 December 2020

Cybersecurity in the Biden Administration: Experts Weigh In

Security pros and former government employees share their expectations and concerns for the new administration - and their hope for a "return to normal."
02 December 2020

Spotify Wrapped 2020 Rollout Marred by Pop Star Hacks

Spotify Wrapped 2020 Rollout Marred by Pop Star Hacks Spotify pages for Dua Lipa, Lana Del Rey, Future and others were defaced by an attacker pledging his love for Taylor Swift and Trump.
02 December 2020

FBI: BEC Scammers Could Abuse Email Auto-Forwarding

Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.
02 December 2020

Think-Tanks Under Attack by Foreign APTs, CISA Warns

Think-Tanks Under Attack by Foreign APTs, CISA Warns The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors.
02 December 2020

Loyal Employee ... or Cybercriminal Accomplice?

Loyal Employee ... or Cybercriminal Accomplice? Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.
02 December 2020

Xerox DocuShare Bugs Allowed Data Leaks

Xerox DocuShare Bugs Allowed Data Leaks CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes.
02 December 2020

Automated Pen Testing: Can It Replace Humans?

These tools have come a long way, but are they far enough along to make human pen testers obsolete?
02 December 2020

Security Slipup Exposes Health Records & Lab Results

NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.
02 December 2020

Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks

Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks In a recent cyberattack against an E.U. country's Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents.
02 December 2020

Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data

Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data The post-COVID-19 surge in the criticality level of medical infrastructure, coupled with across-the-board digitalization, will be big drivers for medical-sector cyberattacks next year.
02 December 2020

Account Hijacking Site OGUsers Hacked, Again

For at least the third time in its existence, OGUsers -- a forum overrun with people looking to buy, sell and trade access to compromised social media accounts -- has been hacked.
02 December 2020

Microsoft Revamps ‘Invasive’ M365 Feature After Privacy Backlash

Microsoft Revamps ‘Invasive’ M365 Feature After Privacy Backlash The Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts.
02 December 2020