Cybersecurity News


Malware creates scam online stores on top of hacked WordPress sites

The malware gang also poisoned the victims' XML sitemaps with thousands of scammy entries, lowering the sites' SERP ranking.
23 November 2020

3 Steps CISOs Can Take to Convey Strategy for Budget Presentations

Answering these questions will help CISOs define a plan and take the organization in a positive direction.
23 November 2020

How Retailers Can Fight Fraud and Abuse This Holiday Season

Online shopping will be more popular than ever with consumers... and with malicious actors too.
23 November 2020

GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave

The domain registrar has confirmed that employees became embroiled in wider attacks.
23 November 2020

10 Undergraduate Security Degree Programs to Explore

10 Undergraduate Security Degree Programs to Explore Colleges and universities are ramping up cybersecurity education with a wider range of degree programs and more resources for students to build their infosec careers.
23 November 2020

TikTok patches reflected XSS bug, one-click account takeover exploit

The vulnerabilities impacted the video platform’s website.
23 November 2020

Manchester United football club discloses security breach

Football club said it's not "currently aware of any breach of personal data associated with our fans or customers."
21 November 2020

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world's largest domain name registrar, KrebsOnSecurity has learned.
21 November 2020

Botnets have been silently mass-scanning the internet for unsecured ENV files

Threat actors are looking for API tokens, passwords, and database logins usually stored in ENV files.
21 November 2020

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns.
20 November 2020

VMware Fixes Critical Flaw in ESXi Hypervisor

VMware Fixes Critical Flaw in ESXi Hypervisor The critical and important-severity flaws were found by a team at the China-based Tiunfu Cup hacking challenge.
20 November 2020

Good Heavens! 10M Impacted in Pray.com Data Exposure

Good Heavens! 10M Impacted in Pray.com Data Exposure The information exposed in a public cloud bucket included PII, church-donation information, photos and users' contact lists.
20 November 2020

Facebook Messenger Flaw Enabled Spying on Android Callees

A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
20 November 2020

How Industrial IoT Security Can Catch Up With OT/IT Convergence

How Industrial IoT Security Can Catch Up With OT/IT Convergence Ransomware can easily make a connection between IT and OT already. How can blue teams do the same?
20 November 2020

Security Pros Push for More Pervasive Threat Modeling

With the release of the "Threat Modeling Manifesto," a group of 16 security professionals hope to prompt more companies to consider the threats to software.
20 November 2020

Drupal sites vulnerable to double-extension attacks

The 90s called. They want their vulnerability back.
20 November 2020

Week in security with Tony Anscombe

Lazarus takes aim at South Korea via an unusual supply-chain attack – The harsh reality of poor passwords – Bumble bitten by bugs

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

20 November 2020

New Grelos Skimmer Variants Siphon Credit Card Data

New Grelos Skimmer Variants Siphon Credit Card Data Domains related to the new variant of the Grelos web skimmer have compromised dozens of websites so far.
20 November 2020

5 takeaways from the 2020 (ISC)2 Cybersecurity Workforce Study

From the impact of the pandemic on cybersecurity careers to workers’ job satisfaction, the report offers a number of interesting findings

The post 5 takeaways from the 2020 (ISC)<sup>2</sup> Cybersecurity Workforce Study appeared first on WeLiveSecurity

20 November 2020

SAFECode and PCI SSC Discuss the Evolution of Secure Software


When the PCI Security Standards Council (PCI SSC) developed its Software Security Framework (SSF) a few years ago, it relied on the expertise of a Software Security Task Force. As part of this task force, SAFECode, along with other industry partners, played an instrumental role in the development of the framework and its standards. 

20 November 2020