Cybersecurity News
NetWalker Ransomware Gang Hunts for Top-Notch Affiliates
The operators behind the Toll Group attack are taking applications for technically advanced partners.
20 May 2020
Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions
The business email compromise (BEC) gang Scattered Canary has filed more than 200 fraudulent claims for unemployment benefits and for COVID-19 relief funds.
20 May 2020
Offers to Sell Enterprise Network Access Surge on Dark Web
In contrast, Q1 2019 saw more interest in selling and buying access to individual servers.20 May 2020
Bank of America blames PPP applications leak on faulty SBA test server
BofA says SBA test platform allowed others to view details for its customers' PPP loan applications.20 May 2020
Microsoft Warns of Vulnerability Affecting Windows DNS Server
A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.20 May 2020
Coronavirus-Themed Phishing Fears Largely Overblown, Researchers Say
As COVID-19-themed spam rises, phishing-not so much. An analysis of newly registered domains finds that only 2.4% are actually phishing sites aiming to steal credentials.20 May 2020
Verizon DBIR: Web App Attacks and Security Errors Surge
Threatpost talks to Verizon DBIR co-author Gabriel Bassett about the top takeaways from this year's Data Breach Investigations Report.
20 May 2020
Signal to move away from using phone numbers as user IDs
Signal launches profile PINs, the first step in supporting Signal user accounts that are not tied to phone numbers.20 May 2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
20 May 2020
Alleged Hacker Behind Massive ‘Collection 1’ Data Dump Arrested
The threat actor known as ‘Sanix’ had terabytes of stolen credentials at his residence, authorities said.
20 May 2020
‘Flight risk’ employees involved in 60% of insider cybersecurity incidents
The majority of staff planning their exit also take sensitive information with them, research suggests.20 May 2020
Adobe issues out-of-band patch to fix remote code execution flaw in animation software
Information leaks have also been patched up in Premiere Rush, Audition, and Premiere Pro.20 May 2020
These things may be cool, but are they safe?
In the rush to embrace IoT devices, we shouldn’t trade in our privacy and security for the added convenience
The post These things may be cool, but are they safe? appeared first on WeLiveSecurity
20 May 2020
NXNSAttack technique can be abused for large-scale DDoS attacks
New vulnerability in DNS server software can be leveraged for DDoS attacks with an 1620x amplification factor.19 May 2020
Magecart Plants Card Skimmers via Old Magento Plugin Flaw
The FBI has warned ecommerce sites about attacks targeting a more than three-year-old flaw in the Magmi mass importer.19 May 2020
Google Chrome Redesign Puts Security & Privacy in Users' Hands
The Chrome browser will tell users if their browser is up to date, malicious extensions are installed, and/or a password has been compromised.19 May 2020
The Windows 7 Postmortem: What’s at Stake
Nearly a quarter of endpoints still run Windows 7, even though support and security patches have ended.
19 May 2020
Unpatched Open Source Libraries Leave 71% of Apps Vulnerable
PHP and JavaScript developers need to pay close attention because different languages and frameworks have different rates of vulnerability, research finds.19 May 2020
EasyJet Hackers Take Off with Travel Details for 9M Customers
The vacation-centric airline is warning victims about social-engineering attacks.
19 May 2020
Web Application Attacks Double from 2019: Verizon DBIR
Verizon's annual data breach report shows most attackers are external, money remains their top motivator, and web applications and unsecured cloud storage are hot targets.
19 May 2020