---

Login with Facebook Bug Earns $20K Bounty

The cross-site scripting vulnerability could have allowed trivial account takeover.

---

Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia

ESET researchers dissect a backdoor deployed in attacks against multiple government agencies and major organizations operating in two critical infrastructure sectors in Asia

The post Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia appeared first on WeLiveSecurity

---

COVID-19 blamed for 238% surge in cyberattacks against banks

Disarray caused by the pandemic has become a breeding ground for financially-motivated attacks.

---

A cybercrime store is selling access to more than 43,000 hacked servers

The MagBo portal provides access hacked servers, with some belonging to local and state government, hospitals, and financial organizations.

---

Microsoft adds initial support for DNS-over-HTTPS (DoH) in Windows Insiders

DoH support now available in current Windows 10 Insiders Fast Ring distributions.

---

New Cyber-Espionage Framework Dubbed Ramsay

The framework is designed to collect and exfiltrate sensitive documents from air-gapped networks.

---

Organizations Conduct App Penetration Tests More Frequently - and Broadly

Compliance is no longer the primary motivator. AppSec is, Cobalt.io says.

---

Texas Courts Won’t Pay Up in Ransomware Attack

Texas appellate courts and judicial agencies’ websites and computer servers were shut down after a ransomware attack.

---

Leaked NHS Docs Reveal Roadmap, Concerns Around Contact-Tracing App

Future features include plenty of self-reporting options, and officials' fears the data could be misused.

---

US formally accuses China of hacking US entities working on COVID-19 research

DHS CISA and the FBI issue joint statement on recent Chinese cyber-attacks against COVID-19-related targets.

---

Biometrics in the Great Beyond

A thumbprint may be a good authentication factor for the living, but are you prepared to access mission-critical data and devices after an employee's death?

---

The Problem with Automating Data Privacy Technology

Managing complex and nuanced consumer rights requests presents a unique challenge for enterprises in today's regulated world of GDPR and CCPA. Here's why.

---

Attackers Routinely Use Older Vulnerabilities to Exploit Businesses, US Cyber Agency Warns

Security issues in Microsoft products dominate the US government's top 10 list of commonly exploited vulnerabilities, but Apache Struts, Adobe Flash, and Drupal are also routinely targeted.

---

PrintDemon vulnerability impacts all Windows versions

PrintDemon vulnerability impacts Windows versions released as far back as 1996. Patches available.

---

Ransomware, Data Breach Follow Phishing Attack at Magellan Health

The healthcare company has informed affected employees of a data breach on a single corporate server.

---

Ramsay Malware Targets Air-Gapped Networks

The cyber-espionage toolkit is under active development.

---

Healthcare Giant Magellan Struck with Ransomware, Data Breach

Logins, personal information and tax info were all exfiltrated ahead of the ransomware attack, thanks to a phishing email.

---

CyberArk Acquires Idaptive for Identity-as-a-Service Tech

The $70 million deal is intended to help CyberArk strengthen its portfolio with secure and SaaS-based identity management.

---

More Tips for Staying Safe While Working from Home

While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.

---

How Unconventional Professional Backgrounds Can Strengthen a Cybersecurity Team

Getting over the cybersecurity skills gap takes creativity, flexibility, and a willingness to go "off-script" when it comes to picking out candidates.