Cybersecurity News
Google: Flaws in Apple’s privacy tool could enable tracking
Safari’s anti-tracking feature could apparently give access to users’ browsing habits
The post Google: Flaws in Apple’s privacy tool could enable tracking appeared first on WeLiveSecurity
24 January 2020
Citrix releases new patches to plug critical server vulnerability
Additional versions of Citrix ADC and Citrix Gateway can now be protected against the severe security issue.24 January 2020
Owner of stolen data marketplace Cardplanet pleads guilty
The trading post was a hotbed of stolen US credit card information.24 January 2020
Dark Web
The Dark Web is a network of systems connected to the Internet designed to share information securely and anonymously. These capabilities are abused by cyber criminals to enable their activities, for example selling hacking tools or purchasing stolen information such as credit card data. Be aware that your information could be floating around the Dark Web, making it easier for cyber criminals to create custom attacks targeting you..24 January 2020
The Annoying MacOS Threat That Won't Go Away
In two years, the adware-dropping Shlayer Trojan has spread to infect one in 10 MacOS systems, Kaspersky says.23 January 2020
'CardPlanet' Operator Pleads Guilty in Federal Court
Russian national faced multiple charges in connection with operating the marketplace for stolen credit-card credentials, and a forum for VIP criminals to offer their services.23 January 2020
New York state wants to ban government agencies from paying ransomware demands
Another NY Senate bill would create a cyber security enhancement fund and restricting the use of taxpayer moneys in paying ransoms23 January 2020
DHS Warns of Increasing Emotet Risk
Emotet is considered one of the most damaging banking Trojans, primarily through its ability to carry other malware into an organization.23 January 2020
NSA Offers Guidance on Mitigating Cloud Flaws
A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources.23 January 2020
Critical, Unpatched ‘MDhex’ Bugs Threaten Hospital Devices
The Feds have warned on six vulnerabilities in GE medical equipment that could affect patient monitor alarms and more.
23 January 2020
U.S. Gov Agency Targeted With Malware-Laced Emails
The malicious email campaign included a never-before-seen malware downloader called Carrotball, and may be linked to the Konni Group APT.
23 January 2020
Shlayer, No. 1 Threat for Mac, Targets YouTube, Wikipedia
The malware uses thousands of partner websites to spread malvertising code.
23 January 2020
Deconstructing Web Cache Deception Attacks: They're Bad; Now What?
Expect cache attacks to get worse before they get better. The problem is that we don't yet have a good solution.
23 January 2020
Severe Vulnerabilities Discovered in GE Medical Devices
CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.23 January 2020
MDhex vulnerabilities impact GE patient vital signs monitoring devices
GE Healthcare plans to release patches in Q2 2020.23 January 2020
Someone is uninstalling the Phorpiex malware from infected PCs and telling users to install an antivirus
Malware analysts believe someone has hijacked the Phorpiex botnet from its creator and is sabotaging its operations by alerting users they've been infected.23 January 2020
Cisco Warns of Critical Network Security Tool Flaw
The critical flaw exists in Cisco's administrative management tool, used with network security solutions like firewalls.
23 January 2020
Weathering the Privacy Storm from GDPR to CCPA & PDPA
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.23 January 2020
Ryuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert Says
Attackers 'weaponized' Active Directory to spread the ransomware.23 January 2020
Microsoft exposed 250 million customer support records
Databases containing 14 years’ worth of customer support logs were publicly accessible with no password protection
The post Microsoft exposed 250 million customer support records appeared first on WeLiveSecurity
23 January 2020