Cybersecurity News


Google Chrome sync feature can be abused for C&C and data exfiltration

A security researcher has found a malicious Chrome extension in the wild abusing the Chrome Sync process.
05 February 2021

Ransomware Attacks Hit Major Utilities

Ransomware Attacks Hit Major Utilities Electrobras, the largest power company in Latin America, faced a temporary suspension of some operations.
05 February 2021

Cybercrime Goes Mainstream

Organized cybercrime is global in scale and the second-greatest risk over the next decade.
05 February 2021

AI and APIs: The A+ Answers to Keeping Data Secure and Private

AI and APIs: The A+ Answers to Keeping Data Secure and Private Many security leaders view regulations and internal processes designed to manage and secure data as red tape that hampers innovation. Nothing could be further from the truth.
05 February 2021

Woman pleads guilty for using gov’t PC to steal photos of 'snitches' in Iowa

The photos were shared in a group dedicated to outing “law enforcement cooperators.”
05 February 2021

Founder of cryptocurrency hedge funds charged over $90 million theft

Clients were allegedly lied to when they queried where their funds were being invested.
05 February 2021

Plex Media servers are being abused for DDoS attacks

Cyber-security firm Netscout warns of new DDoS attack vector.
05 February 2021

Google's Payout to Bug Hunters Hits New High

Over 660 researchers from 62 countries collected rewards for reporting bugs in Chrome, Android, and other Google technologies.
04 February 2021

IBM Offers $3M in Grants to Defend Schools from Cyberattacks

The grants will be awarded to six school districts in the United States to help prepare for, and respond to, cyberattacks.
04 February 2021

Google patches an actively exploited Chrome zero-day

Google Chrome 88.0.4324.150 released with a fix. Users advised to update.
04 February 2021

Microsoft Says It's Time to Attack Your Machine-Learning Models

With access to some training data, Microsoft's red team recreated a machine-learning system and found sequences of requests that resulted in a denial-of-service.
04 February 2021

Android Devices Prone to Botnet’s DDoS Onslaught

Android Devices Prone to Botnet’s DDoS Onslaught A new DDoS botnet propagates via the Android Debug Bridge and uses Tor to hide its activity.
04 February 2021

Web Application Attacks Grow Reliant on Automated Tools

Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.
04 February 2021

Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months

Spotify Suffers Second Credential-Stuffing Cyberattack in 3 Months As many as 100,000 of the music streaming service's customers could face account takeover.
04 February 2021

Nespresso Smart Cards Brewed with Weak Security

Nespresso Smart Cards Brewed with Weak Security A researcher hacked Nespresso Pro smart cards to dispense free, unlimited coffee.
04 February 2021

Google: Better patching could have prevented 1 in 4 zero‑days last year

Vendors should fix the root cause of a vulnerability, rather than block just one path to triggering it, says Google

The post Google: Better patching could have prevented 1 in 4 zero‑days last year appeared first on WeLiveSecurity

04 February 2021

Facebook, Instagram, TikTok and Twitter Target Resellers of Hacked Accounts

Facebook, Instagram, TikTok, and Twitter this week all took steps to crack down on users involved in trafficking hijacked user accounts across their platforms. The coordinated action seized hundreds of accounts the companies say have played a major role in facilitating the trade and often lucrative resale of compromised, highly sought-after usernames.
04 February 2021

Google paid $6.7 million to bug bounty hunters in 2020

Sum is up from the $6.5 million the company paid security researchers a year before, in 2019.
04 February 2021

Critical Cisco Flaws Open VPN Routers Up to RCE Attacks

Critical Cisco Flaws Open VPN Routers Up to RCE Attacks The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for small businesses.
04 February 2021

Microsoft Office 365 Attacks Sparked from Google Firebase

Microsoft Office 365 Attacks Sparked from Google Firebase A savvy phishing campaign manages to evade native Microsoft security defenses, looking to steal O365 credentials.
04 February 2021