Cybersecurity News
Working from Home? These Tips Can Help You Adapt
COVID-19 means many people are doing their jobs from outside the confines of the office. That may not be as easy as it sounds.12 March 2020
Microsoft Patches Leaked Remote Code Execution Flaw
A vulnerability in Microsoft's Server Message Block protocol prompted concerns of wormable exploits when it was disclosed this week.12 March 2020
Microsoft patches SMBv3 wormable bug that leaked earlier this week
Fix for CVE-2020-0796 is now rolling out to Windows 10 and Windows Serve 2019 systems worldwide.12 March 2020
Live Coronavirus Map Used to Spread Malware
Cybercriminals constantly latch on to news items that captivate the public's attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software.12 March 2020
European power grid organization hit by cyberattack
The incident affected our office network, says ENTSO-E, as it implements measures to avoid future cyber-incursions
The post European power grid organization hit by cyberattack appeared first on WeLiveSecurity
12 March 2020
$100K Paid Out for Google Cloud Shell Root Compromise
A Dutch researcher claimed Google's very first annual Cloud Platform bug-bounty prize, for a clever container escape exploit.12 March 2020
Card data from the Volusion web skimmer incident surfaces on the dark web
In September-October 2019, hackers planted malware to steal card data from 6,589 online stores.12 March 2020
Back to the Future: A Threat Intelligence Journey
Threat intelligence needs the problem solvers, the curious ones, the mission seekers, the analytical minds, the defenders, and the fierce -- whatever their gender.12 March 2020
Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs
Researchers with Akamai say that 75 percent of all credential abuse attacks against the financial services industry were targeting APIs.12 March 2020
Cookiethief Android malware uses proxies to hijack your Facebook account
Cookiethief Trojan infections are on the rise and Facebook cookies appear to be a prime target.12 March 2020
Tracking Turla: New backdoor delivered via Armenian watering holes
Can an old APT learn new tricks? Turla’s TTPs are largely unchanged, but the group recently added a Python backdoor.
The post Tracking Turla: New backdoor delivered via Armenian watering holes appeared first on WeLiveSecurity
12 March 2020
You Are a Target
You may not realize it, but you are a target. Your computer, your work and personal accounts and your information are all highly valuable to cyber criminals. Be mindful that bad guys are out to get you.12 March 2020
Crafty Web Skimming Domain Spoofs “https”
Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked site's source code: "http[.]ps" (the actual malicious domain does not include the brackets, which are there to keep readers from being able to click on it).11 March 2020
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
The federal commission outlined more than 60 recommendations to remedy major security problems.11 March 2020
Ransomware Increasingly Targeting Small Governments
To get back up and running quickly, and because it's cheaper, city and county governments often pay the ransom, especially if insurance companies are footing the bill. The result: More ransomware.11 March 2020
Microsoft Discloses New Remote Execution Flaw in SMBv3
A patch for the flaw is not yet available, but there are no known exploits -- so far.11 March 2020
Flaws Riddle Zyxel’s Network Management Software
Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.11 March 2020
Remote Assessments and the Coronavirus
Troy Leach, Senior Vice President, Engagement Officer, PCI SSC, discusses guidance for performing assessments in light of the recent coronavirus outbreak.
11 March 2020
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.11 March 2020
Avast disables JavaScript engine in its antivirus following major bug
Vulnerability would have allowed attackers to take over computers running the Avast antivirus.11 March 2020