Cybersecurity News
Messaging / Smishing Attacks
Cyber attackers can just as easily trick or fool you in messaging apps as they can in email. Be on the look-out for scams or attacks via apps such as Slack, Skype, WhatsApp or event simple text messaging. The most common clues are tremendous sense of urgency or curioustiy.04 March 2020
Let's Encrypt to revoke 3 million certificates on March 4 due to software bug
Let's Encrypt issued 3,048,289 TLS certificates without checking the CAA field for the requesting domain.03 March 2020
Cobalt Ulster Strikes Again With New ForeLord Malware
Threatpost talks to Alex Tilley, senior security researcher with Dell SecureWorks' Counter Threat Unit Research Team, about a recently discovered campaign linked to an Iranian APT.
03 March 2020
Gotta Patch 'Em All? Not Necessarily, Experts Say
When it's impossible to remediate all vulnerabilities in an organization, data can indicate which bugs should be prioritized.03 March 2020
Academics find 30 file upload vulnerabilities in 23 web apps, CMSes, and forums
Impacted projects include WordPress, Concrete5, Composr, SilverStripe, ZenCart, and others.03 March 2020
Let’s Encrypt to Revoke Millions of TLS Certs
On Wednesday millions of Transport Layer Security certificates will be revoked because of a Certificate Authority Authorization bug.
03 March 2020
MediaTek Bug Actively Exploited, Affects Millions of Android Devices
An exploit published by a developer is easy to use and has already been used to build malicious apps that gain root access on Android devices.
03 March 2020
Avoiding the Perils of Electronic Communications
Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.03 March 2020
With New SOL4Ce Lab, Purdue U. and DoE Set Sights on National Security
The cooperative research initiative brings together faculty and students to "focus on problems and cutting-edge ways to solve them."
03 March 2020
NSS Labs Revises Endpoint Security Test Model
New product ratings system comes amid growing shift in the testing market toward more "open and transparent" evaluation of security tools.03 March 2020
Former Microsoft Software Engineer Convicted of Fraud
The 25-year-old was convicted of 18 charges stemming from illegal access to money stored in online gift cards.03 March 2020
Have I Been Pwned No Longer For Sale
Troy Hunt said the popular HIBP will continue to be run as an independent service.
03 March 2020
Brave comes out on top in browser privacy study
By contrast, two web browsers share identifiers that are tied to the device hardware and so persist even across fresh installs
The post Brave comes out on top in browser privacy study appeared first on WeLiveSecurity
03 March 2020
The Case for Limiting Your Browser Extensions
Last week, KrebsOnSecurity reported to health insurance provider Blue Shield of California that its Web site was flagged by multiple security products as serving malicious content. Blue Shield quickly removed the unauthorized code. An investigation determined it was injected by a browser extension installed on the computer of a Blue Shield employee who'd edited the Web site in the past month. The incident is a reminder that browser extensions -- however useful or fun they may seem when you install them -- typically have a great deal of power and can effectively read and/or write all data in your browsing sessions. And as we'll see, it's not uncommon for extension makers to sell or lease their user base to shady advertising firms, or in some cases abandon them to outright cybercriminals.03 March 2020
Chinese Nationals Charged with Laundering $100M in Cryptocurrency
The two defendants allegedly laundered $100 million for the benefit of North Korean threat actors who stole the funds in 2018.03 March 2020
The Cybercrime Pandemic Keeps Spreading
The World Economic Forum says cyberattacks will be one of the top global business risks over the next 10 years.03 March 2020
Chinese security firm says CIA hacked Chinese targets for the past 11 years
Qihoo 360 becomes second Chinese security vendor to blame the CIA for hacks against its civil aviation sector.03 March 2020
DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla
Cyber attack at Visser Precision, which builds custom parts for the aerospace and automotive industries, reveals sensitive company data.
03 March 2020
5 reasons to consider a career in cybersecurity
From competitive salaries to ever-evolving job descriptions, there are myriad reasons why a cybersecurity career could be right for you
The post 5 reasons to consider a career in cybersecurity appeared first on WeLiveSecurity
03 March 2020
Keeping Passwords Simple
We know at times this whole password thing sounds really complicated. Wouldn't be great if there was a brain dead way you could keep passwords simple and secure at the same time? Well, it's not nearly as hard as you think. Here are three tips to keeping passwords super simple while keeping your accounts super secure.03 March 2020