Cybersecurity News
Terahash Buys L0phtCrack in Password Merger
The acquisition brings password cracking and password auditing capabilities together in a single company.21 April 2020
7 Steps to Avoid the Top Cloud Access Risks
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.21 April 2020
Oil and Gas Firms Targeted With Agent Tesla Spyware
Highly targeted spearphishing emails are being sent to oil and gas companies in hopes of infecting them with the Agent Tesla spyware.21 April 2020
Microsoft Proposes Privacy Controls for COVID-19 Contact Tracking, Tracing
As governments broaden use of digital technologies to stem pandemic, sensitive health and location data need to be protected, company says.21 April 2020
Deepfakes and AI: Fighting Cybersecurity Fire with Fire
To successfully mitigate evolving attacks, security teams must use the exact same AI tools that create those attacks in the first place.21 April 2020
Work-from-Home Exposes Already-Infected Machines in 50K US Organizations
Researchers find massive spike in infected enterprises worldwide.21 April 2020
Cyberattackers Ramp Up to 1.5M COVID-19 Emails Per Day
Research analyzing three months of coronavirus-themed attacks show cybercriminals adjusting threat levels to evolve with pandemic and typical employment trends.21 April 2020
Security researcher discloses four IBM zero-days after company refused to patch
Zero-days impact the IBM Data Risk Manager (IDRM), one of IBM's enterprise security tools.21 April 2020
How gamification can boost your cybersecurity training
Security is not a game, but learning about it could be – here’s why adding the fun factor can help employees become more cyber-aware
The post How gamification can boost your cybersecurity training appeared first on WeLiveSecurity
21 April 2020
France asks Apple to relax iPhone security for coronavirus tracking app development
A technical issue is stymying the development of a government app for tracing COVID-19.21 April 2020
Nintendo accounts are getting hacked and used to buy Fortnite currency
Nintendo has recommended that users enable two-factor authentication on their accounts.21 April 2020
Chinese hackers targeted company behind 'Ragnarok Online' MMORPG
Security firm finds new Chinese malware aimed at the Gravity game maker's network. Unclear if the attempted intrusion succeeded.20 April 2020
How Can I Help My Users Spot Disinformation?
A combination of clever tools, good education, and better mindfulness might keep users from being manipulated.20 April 2020
Mootbot Botnet Targets Fiber Routers with Dual Zero-Days
Researchers saw several IoT botnets using one of the bugs in the wild after a proof-of-concept was published in March.20 April 2020
Starbleed bug impacts FPGA chips used in data centers, IoT devices, industrial equipment
Xilinx 7-series and some 6-series FPGAs deemed vulnerable to new Starbleed vulnerability.20 April 2020
Maze Ransomware Attack Hits Cognizant
Cognizant has confirmed that a Friday evening Maze ransomware attack has disrupted its systems.20 April 2020
Stimulus Payments Are Popular Leverage for Cyberattacks
More than 4,300 domains related to stimulus and relief packages, many of them malicious, have been registered since January.20 April 2020
Who’s Behind the “Reopen” Domain Surge?
The past few weeks have seen a large number of new domain registrations beginning with the word "reopen" and ending with U.S. city or state names. The largest number of them were created just hours after President Trump sent a series of all-caps tweets urging citizens to "liberate" themselves from new gun control measures and state leaders who've enacted strict social distancing restrictions in the face of the COVID-19 pandemic. Here's a closer look at who and what appear to be behind these domains.20 April 2020
IT Services Firm Cognizant Hit with Maze Ransomware
Cognizant is working with cyber defense firms and law enforcement to investigate the attack, disclosed April 17.20 April 2020
Foxit PDF Reader, PhantomPDF Open to Remote Code Execution
Foxit Reader and PhantomPDF are plagued by several high-severity flaws that, if exploited, could enable remote code execution.20 April 2020