Cybersecurity News
Years-long campaign targets hackers through trojanized hacking tools
A group believed to reside in Vietnam has been hacking other hackers for years.10 March 2020
Spying concerns raised over Iran's official COVID-19 detection app
Google removes Iran's official COVID-19 detection app from the Play Store.09 March 2020
How Microsoft Disabled Legacy Authentication Across the Company
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.09 March 2020
Microsoft: 99.9 percent of hacked accounts lacked MFA
Only 11 percent of all enterprise accounts have multi-factor authentication enabled
The post Microsoft: 99.9 percent of hacked accounts lacked MFA appeared first on WeLiveSecurity
09 March 2020
Microsoft Exchange Server Flaw Exploited in APT Attacks

09 March 2020
Microsoft Exchange Server Flaw Exploited in APT Attacks

09 March 2020
Cyber Resiliency, Cloud & the Evolving Role of the Firewall
Today's defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here's why.09 March 2020
Malware Campaign Feeds on Coronavirus Fears
A new malware campaign that offers a "coronavirus map" delivers a well-known data-stealer.09 March 2020
AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

09 March 2020
AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

09 March 2020
WatchGuard Buys Panda Security for Endpoint Security Tech
In the long term, Panda Security's technologies will be integrated into the WatchGuard platform.09 March 2020
Brave to generate random browser fingerprints to preserve user privacy
"Brave's new approach aims to make every browser look completely unique, both between websites and between browsing sessions."09 March 2020
Threat Awareness: A Critical First Step in Detecting Adversaries
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.09 March 2020
NordVPN HTTP POST bug exposed customer information, no authentication required
The exploit could be triggered with a simple request.09 March 2020
Phone Call Attacks
More and more scams and attacks are happening over the phone. Whenever you get an urgent phone call on the phone pressuring you to do something (such as a caller pretending to be the tax department or Microsoft Tech Support) be very suspicious. It's most likely a scammer trying to trick you out of money or pressure you into making a mistake. Protect yourself, simply hang up the phone. You are not being rude, the person on the other line is trying to take advantage of you.09 March 2020
Multiple nation-state groups are hacking Microsoft Exchange servers
Government-backed groups are exploiting CVE-2020-0688 to take over Exchange email servers.08 March 2020
A list of security conferences canceled or postponed due to coronavirus concerns
Some conferences have canceled, some have postponed the event, while others have gone virtual.07 March 2020
AMD processors from 2011 to 2019 vulnerable to two new attacks
Academics disclose new Collide+Probe and Load+Reload attacks on AMD CPUs.07 March 2020
U.S. Govt. Makes it Harder to Get .Gov Domains
The federal agency in charge of issuing .gov domain names is enacting new requirements for validating the identity of people requesting them. The additional measures come less than four months after KrebsOnSecurity published research suggesting it was relatively easy for just about anyone to get their very own .gov domain. In November's piece It's Way Too Easy to Get a .gov Domain Name, an anonymous source detailed how he obtained one by impersonating an official at a small town in Rhode Island that didn't already have its own .gov.07 March 2020
Google could have fixed 2FA code-stealing flaw in Authenticator app years ago
Google Authenticator app lets other apps take screenshots of its code. Issue was first reported to Google in October 2014, but it was never addressed.07 March 2020