Cybersecurity News
Las Vegas Suffers Cyberattack on First Day of CES
The attack, still under investigation, hit early in the morning of Jan. 7.08 January 2020
Drake Lyrics Used as Calling Card in Malware Attack
A hacker who apparently likes the musician Drake leaves lyrics from the artist's song In My Feelings behind in an attack that delivers malware Lokibot or Azorult.
08 January 2020
Developers Still Don't Properly Handle Sensitive Data
The top classes of vulnerabilities for 2019 indicate that developers still don't correctly sanitize inputs, nor protect passwords and keys as they should.08 January 2020
Operation Goldfish Alpha reduces cryptojacking across Southeast Asia by 78%
Interpol and CERT teams from 10 Southeast Asian countries crack down on hacked MikroTik routers.08 January 2020
Mozilla patches Firefox zero-day reported by Qihoo 360
Chinese security firm claims there's also an accompanying Internet Explorer zero-day.08 January 2020
Google's Project Zero Policy Change Mandates 90-Day Disclosure
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.08 January 2020
Man Sentenced in ATM Skimming Conspiracy
A Romanian national has been sentenced to 5 years in prison after racking up almost $400,000 in an ATM skimming scheme.
08 January 2020
Google Ditches Patch-Time Bug Disclosure in Favor of 90-Day Policy
Project Zero vulnerability disclosures will now happen at 90 days, even if a patch becomes available before then.
08 January 2020
CES – Taking a smart city for a test drive
No one has a road map for securing a connected city – but there should be a whole atlas of such maps
The post CES – Taking a smart city for a test drive appeared first on WeLiveSecurity
08 January 2020
CES – Taking a smart city for a test drive
No one has a road map for securing a connected city – but there should be a whole atlas of such maps
The post CES – Taking a smart city for a test drive appeared first on WeLiveSecurity
08 January 2020
In App Development, Does No-Code Mean No Security?
No-code and low-code development platforms are part of application development, but there are keys to making sure that they don't leave security behind with traditional coding.
08 January 2020
TikTok Bugs Put Users' Videos, Personal Data At Risk
Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.08 January 2020
The "Art of Cloud War" for Business-Critical Data
How business executives' best intentions may be negatively affecting security and risk mitigation strategies -- and exposing weaknesses in organizational defenses.08 January 2020
Telegram opens lid on TON project amid SEC spat: ‘Grams won’t help you get rich’
No cryptocurrency wallet will be integrated with Telegram Messenger either -- at least, not yet.08 January 2020
ATM skimmer sentenced for fleecing $400,000 out of US banks
ATM users had their cards read and bank accounts pillaged.08 January 2020
Naive IoT botnet wastes its time mining cryptocurrency
Operators of LiquorBot botnet waste their time trying to mine Monero on hacked SOHO routers.08 January 2020
Mobile Apps
Only install mobile apps from trusted places, and always double-check the privacy settings to ensure you are not giving away too much information.08 January 2020
Signal app will support 'view-once' images and videos
Support for ephemeral multimedia messages to arrive in Signal within weeks.07 January 2020
Google Chrome to hide notification spam starting February 2020
Chrome 80, scheduled for release in February 2020, will block notification popups by default.07 January 2020
Tricky Phish Angles for Persistence, Not Passwords
Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user's data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim's email, files and contacts -- even after the victim has changed their password.07 January 2020