Cybersecurity News
Jenkins servers can be abused for DDoS attacks
DDoS attacks can reach an amplification factor of 100, but servers will crash very quickly.11 February 2020
Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019.11 February 2020
Macs See More Adware, Unwanted Apps Than PCs
The latest data from Malwarebytes show the average Mac sees almost twice as many bad apps as Windows systems, but actual malware continues to be scarce.11 February 2020
What Are Some Basic Ways to Protect My Global Supply Chain?
Assessing supply chains is one of the more challenging third-party risk management endeavors organizations can take on.
11 February 2020
What Are Some Foundational Ways to Protect My Global Supply Chain?
Assessing supply chains is one of the more challenging third-party risk management endeavors organizations can take on.
11 February 2020
Adobe Addresses Critical Flash, Framemaker Flaws
Overall, Adobe patched flaws tied to 42 CVEs as part of its regularly scheduled updates.
11 February 2020
CIA's Secret Ownership of Crypto AG Enabled Extensive Espionage
Crypto AG made millions selling encryption devices to more than 120 countries, which unknowingly transmitted intel back to the CIA.11 February 2020
Keeping a Strong Security Metrics Framework Strong
Don't just report metrics -- analyze, understand, monitor, and adjust them. These 10 tips will show you how.11 February 2020
Emotet trojan evolves to spread via WiFi connections
Security firm discovers what appears to be one of Emotet's most dangerous modules.11 February 2020
Enterprise companies struggle to control security certificates, cryptographic keys
Certificate authority misuse, MiTM attacks, and problems with cryptographic key handling are now of serious concern to enterprise firms.11 February 2020
KBOT virus takes out system files with no hope of recovery
In a blast from the past, KBOT has been deemed the first “living” virus detected in recent years.11 February 2020
Dell Patches SupportAssist Flaw That Allows Arbitrary Code Execution
The uncontrolled search path vulnerability allows a local user to use DLLs to escalate privileges and affects Windows PCs.
11 February 2020
Outlaw hacking group kills existing cryptocurrency miners in enterprise server attacks
A recent update also revealed a pivot towards corporate systems with weak patch management practices.11 February 2020
Automaton takes center stage in enterprise cyberattacks
Massive repositories of stolen data are being weaponized in an attempt to compromise corporate networks.11 February 2020
Competing in esports: 3 things to watch out for
If you’re looking to become a pro gamer, there are risks you shouldn’t play down
The post Competing in esports: 3 things to watch out for appeared first on WeLiveSecurity
11 February 2020
CEO Fraud
CEO Fraud / BEC is a type of targeted attack. It commonly involves a cyber criminally pretending to be your boss, then tricking or fooling you into sending the criminal highly sensitive information or initiating a wire transfer. Be highly suspicious of any emails demanding immediate action and/or asking you to bypass any security procedures.11 February 2020
U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack
The U.S. Justice Department today unsealed indictments against four Chinese officers of the People's Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.10 February 2020
FBI warns about ongoing attacks against software supply chain companies
Exclusive: FBI alerts US private sectors about attacks aimed at their supply chain software providers.10 February 2020
How North Korea's Senior Leaders Harness the Internet
Researchers learn how North Korea is expanding its Internet use in order to generate revenue and bypass international sanctions.10 February 2020
Some Democrats Lead Trump in Campaign Domain-Security Efforts
Sanders and Trump campaigns lack proper DMARC security enforcement, study finds.10 February 2020