Cybersecurity News
How to Help Spoil the Cybercrime Economy
Cybercrime increasingly is turning into a commodity. Stolen PII data and hijacked cloud accounts especially propel the spread, research shows.11 August 2020
Researcher Publishes Bypass for Patch for vBulletin 0-Day Flaw
Three separate proof-of-concepts on Bash, Python and Ruby posted to outsmart fix issued last year to remedy pre-auth RCE bug.
11 August 2020
17 Essential Stats About the State of Consumer Privacy
These illuminating numbers offer a glimpse into current consumer attitudes and enterprise readiness for protecting their customers' personal data.
11 August 2020
Gamifying Password Training Shows Security Benefits
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.10 August 2020
Hacking It as a CISO: Advice for Security Leadership
A security leader shares tips for adopting a CISO mindset, creating risk management strategies, and "selling infosec" to IT and executives.10 August 2020
Google Fixes Mysterious Audio Recording Blip in Smart Speakers
Google Home devices reportedly recorded noises even without the "Hey Google" prompt due to the inadvertent rollout of a home security system feature.
10 August 2020
Better Business Bureau Warns of New Visa Scam
Visa limitations due to the novel coronavirus have given rise to a wave of scams aimed at visa-seekers.10 August 2020
Can I Use the Same Security Tools on My IT and OT?
You can quit worrying about IT tools in the OT environment.
10 August 2020
Security researcher publishes details and exploit code for a vBulletin zero-day
Proof-of-concept exploit code available in Bash, Python, and Ruby.10 August 2020
Google Chrome Browser Bug Exposes Billions of Users to Data Theft
The vulnerability allows attackers to bypass Content Security Policy (CSP) protections and steal data from website visitors.
10 August 2020
Lock-Pickers Face an Uncertain Future Online
Teaching the hardware hacker the skill of picking locks is evolving because of the pandemic's lockdown.10 August 2020
A mysterious group has hijacked Tor exit nodes to perform SSL stripping attacks
At one point, the group ran almost a quarter of all Tor exit nodes. Group still controls 10% of all Tor exit nodes today.10 August 2020
Q2 DDoS Attacks Triple Year Over Year: Report
Distributed denial-of-service attacks have stayed consistently high throughout 2020, a shift from normal attack trends that researchers attribute to COVID-19.10 August 2020
DDoS Attacks Cresting Amid Pandemic
Attacks were way up year-over-year in the second quarter as people continue to work from home.
10 August 2020
TeamViewer Flaw in Windows App Allows Password-Cracking
Remote, unauthenticated attackers could exploit the TeamViewer flaw to execute code and crack victims' passwords.
10 August 2020
Black Hat 2020: Fixing voting – boiling the ocean?
With the big voting day rapidly approaching, can the security of the election still be shored up? If so, how?
The post Black Hat 2020: Fixing voting – boiling the ocean? appeared first on WeLiveSecurity
10 August 2020
Vulnerability Prioritization: Are You Getting It Right?
Developers must find a way to zero in on the security vulns that present the most risk and quickly address them without slowing down the pace of development.
10 August 2020
Have I Been Pwned to release code base to the open source community
Troy Hunt has made the decision following an unsuccessful attempt to have the platform acquired.10 August 2020
FBI says an Iranian hacking group is attacking F5 networking devices
Sources: Attacks linked to a hacker group known as Fox Kitten (or Parasite), considered Iran's "spear tip" when it comes to cyber-attacks.09 August 2020
Bank of England paid £3m in 'golden goodbyes' over 15 months
Rise in settlements in 2019 included those paid to departing tech security staff shortly before major breach
The Bank of England paid departing staff almost £3m in “golden goodbyes” over 15 months, at the same time as an exodus of workers from its information security team.
Settlement payments to former staff surged to £2.3m in 2019, according to data provided to the Guardian under freedom of information laws. The Bank confirmed that former information security staff received some of the payments.
Continue reading...09 August 2020