Cybersecurity News


North Korean hackers linked to web skimming (Magecart) attacks, report says

After hacking banks and cryptocurrency exchanges, orchestrating ATM cash-outs, and deploying ransomware, North Korean hackers have now set their sights on online stores.
06 July 2020

E-Verify’s “SSN Lock” is Nothing of the Sort

One of the most-read advice columns on this site is a 2018 piece called "Plant Your Flag, Mark Your Territory," which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration, the IRS and others before crooks do it for you. A key concept here is that these services only allow one account per Social Security number -- which for better or worse is the de facto national identifier in the United States. But KrebsOnSecurity recently discovered that this is not the case with all federal government sites built to help you manage your identity online. A reader who was recently the victim of unemployment insurance fraud said he was told he should create an account at the Department of Homeland Security's myE-Verify website, and place a lock on his Social Security number (SSN) to minimize the chances that ID thieves might abuse his identity for employment fraud in the future.
04 July 2020

Hackers are trying to steal admin passwords from F5 BIG-IP devices

Threat actors have already started exploiting the F5 BIG-IP mega-bug, three days after it was disclosed.
04 July 2020

Infosec community disagrees with changing 'black hat' term due to racial stereotyping

A Google security researcher withdrew from the Black Hat security conference and asked the community to stop using the 'black hat' term.
04 July 2020

F5 patches vulnerability that received a CVSS 10 severity score

Remote code execution in F5 BIG-IP devices exposes governments, cloud providers, ISPs, banks, and many Fortune 500 companies to possible intrusions.
03 July 2020

Week in security with Tony Anscombe

Brute-force attacks against RDP surge – Is contact tracing the answer to ending the COVID-19 crisis? – Microsoft ships urgent security updates

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

03 July 2020

New Apple macOS Big Sur feature to hamper adware operations

Apple has disabled the ability to silently install macOS profiles from the CLI in macOS 11, a measure that was widely employed by adware and malware gangs.
03 July 2020

E.U. Authorities Crack Encryption of Massive Criminal and Murder Network

E.U. Authorities Crack Encryption of Massive Criminal and Murder Network Four-year investigation shuts down EncroChat and busts 746 alleged criminals for planning murders, selling drugs and laundering money.
03 July 2020

Hundreds arrested after police crack encrypted chat network

European police infiltrate EncroChat, go on to crack down on crime kingpins and seize guns, drugs, cars and millions in cash

The post Hundreds arrested after police crack encrypted chat network appeared first on WeLiveSecurity

03 July 2020

Introducing 'Secure Access Service Edge'

The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.
03 July 2020

Ring Doorbell’s Police Partnerships Questioned Over Racial Bias

Ring Doorbell’s Police Partnerships Questioned Over Racial Bias Amazon has placed a moratorium on police use of its facial recognition platform - but a congressman asked if that extends to its Ring smart doorbell in a new inquiry.
03 July 2020

Cybersecurity's Lament: There are No Cooks in Space

Cybersecurity's Lament: There are No Cooks in Space Cybersecurity staff are on edge for the same reason that there are no cooks on the ISS: Organizations are carefully watching expenses for jobs that don't require dedicated team members.
03 July 2020

LinkedIn says iOS clipboard snooping after every key press is a bug, will fix

The new clipboard access detection and warning feature in iOS 14 exposes another app.
03 July 2020

National Security Agency releases Securing IPsec Virtual Private Networks

By William Knowles @c4iSenior EditorInfoSec NewsJuly 3, 2020 On the heels of the tweet from USCYBERCOM earlier in the week advising users of Palo Alto Networks to patch all devices affected by […]
03 July 2020

Roblox accounts hacked with pro-Trump messages

Hackers are taking Roblox credentials leaked on Pastebin, accessing accounts, and leaving the same "Ask your parents to vote for Trump this year" message on thousands of Roblox profiles.
02 July 2020

Building Security Strategies in Sub-Saharan Africa: Trends and Concerns

Security experts discuss the rise in cybercrime affecting sub-Saharan Africa and the necessary changes to improve security.
02 July 2020

BIG-IP Vulnerabilities Could be Big Trouble for Customers

Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
02 July 2020

BG-IP Vulnerabilities Could be Big Trouble for Customers

Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
02 July 2020

Making Sense of EARN IT & LAED Bills' Implications for Crypto

After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
02 July 2020

Anatomy of a Long-Con Phish

Anatomy of a Long-Con Phish A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.
02 July 2020