Cybersecurity News
Designing Firmware Resilience for 3 Top Attack Vectors
Firmware has become an increasingly prevalent target for hackers. Here's how to stop them.The Firefox password manager now tells you when you use leaked passwords
The Firefox password manager also tells you when a website has suffered a security breach.Enterprises throw money at cybersecurity but half of attacks are still a success
Mandiant says that intrusions, policy evasion, and reconnaissance are commonplace in today's enterprise environments.It Was 20 Years Ago Today: Remembering the ILoveYou Virus
The virus infected some 50 million systems worldwide, often rendering them unusable, and cost more than $15 billion to repair.
German authorities charge Russian hacker for 2015 Bundestag hack
The same hacker was previously charged in the US in 2018 for hacking the DNC and WADA.Professional data leakage: How did that security vendor get my personal data?
…and why are they selling it to other security vendors and product testers?
The post Professional data leakage: How did that security vendor get my personal data? appeared first on WeLiveSecurity
New Kaiji malware targets IoT devices via SSH brute-force attacks
Researchers say the malware was coded by a Chinese developer for the sole purpose of launching DDoS attacks.US financial industry regulator warns of widespread phishing campaign
FINRA warns of phishing campaign aimed at stealing members' Microsoft Office or SharePoint passwords.Stay-at-Home Students Offered Lessons to Boost Cybersecurity
Stuck at home with a primary- or secondary-school student? Organizations from professional training groups to national governments are teaming up to offer virtual cybersecurity training for teens -- in some cases, for free.Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems
Researchers warn commercial airplane systems can be spoofed impacting flight safety of nearby aircraft.
SMB Security Catches Up to Large Companies, Data Shows
Small and midsize businesses face issues similar to those of large organizations and have updated security practices to respond with threat hunting, patch management, and dedicated personnel.How InfoSec Pros Can Help Healthcare During the Coronavirus Pandemic
Security pros are banding together to ensure healthcare facilities can focus on saving lives instead of defending against cyber attacks. Here are a few places you can volunteer your services.
Attackers Exploit SaltStack Flaws to Compromise Open Source OS & Blogging Platform
Intruders gained access to core systems at the Android-based LineageOS project and the Ghost platform.Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack
Hackers targeted Ghost on Sunday, in a cryptocurrency mining attack that caused widespread outages.
Zoom Installers Used to Spread WebMonitor RAT
Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play.Government investigates data breach revealing details of 774,000 migrants
Guardian Australia on Sunday revealed SkillSelect app allowed users to see partial names of applicants for skilled visas
The home affairs and employment departments are investigating a data breach revealing the personal details of 774,000 migrants and people aspiring to migrate to Australia, despite playing down the seriousness of the breach.
On Sunday, Guardian Australia revealed the government’s SkillSelect app allowed users to see unique identifiers of applicants for skilled visas, including partial names, which could then be used through searches with multiple filters to reveal other information about applicants.
Related: Immigrants don't take Australian jobs. They create jobs for others | Jock Collins
Continue reading...Academics turn PC power units into speakers to leak secrets from air-gapped systems
POWER-SUPPLaY technique uses "singing capacitor" phenomenon for data exfiltration.Microsoft warns of multiple malspam campaigns carrying malicious disk image files
Microsoft: Threat group uses malware-laced ISO and IMG files to infect companies with a remote access trojan.Oracle: Unpatched Versions of WebLogic App Server Under Active Attack
CVE-2020-2883 was patched in Oracle's April 2020 Critical Patch Update - but proof of concept exploit code was published shortly after.
Ghost blogging platform servers hacked to mine cryptocurrency
Ghost wasn’t the only victim of break-ins over the weekend that exploited critical holes in infrastructure automation software for which patches were available
The post Ghost blogging platform servers hacked to mine cryptocurrency appeared first on WeLiveSecurity
