Cybersecurity News
Enterprise companies struggle to control security certificates, cryptographic keys
Certificate authority misuse, MiTM attacks, and problems with cryptographic key handling are now of serious concern to enterprise firms.11 February 2020
KBOT virus takes out system files with no hope of recovery
In a blast from the past, KBOT has been deemed the first “living” virus detected in recent years.11 February 2020
Dell Patches SupportAssist Flaw That Allows Arbitrary Code Execution
The uncontrolled search path vulnerability allows a local user to use DLLs to escalate privileges and affects Windows PCs.11 February 2020
Outlaw hacking group kills existing cryptocurrency miners in enterprise server attacks
A recent update also revealed a pivot towards corporate systems with weak patch management practices.11 February 2020
Automaton takes center stage in enterprise cyberattacks
Massive repositories of stolen data are being weaponized in an attempt to compromise corporate networks.11 February 2020
Competing in esports: 3 things to watch out for
If you’re looking to become a pro gamer, there are risks you shouldn’t play down
The post Competing in esports: 3 things to watch out for appeared first on WeLiveSecurity
11 February 2020
CEO Fraud
CEO Fraud / BEC is a type of targeted attack. It commonly involves a cyber criminally pretending to be your boss, then tricking or fooling you into sending the criminal highly sensitive information or initiating a wire transfer. Be highly suspicious of any emails demanding immediate action and/or asking you to bypass any security procedures.11 February 2020
U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack
The U.S. Justice Department today unsealed indictments against four Chinese officers of the People's Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.10 February 2020
FBI warns about ongoing attacks against software supply chain companies
Exclusive: FBI alerts US private sectors about attacks aimed at their supply chain software providers.10 February 2020
How North Korea's Senior Leaders Harness the Internet
Researchers learn how North Korea is expanding its Internet use in order to generate revenue and bypass international sanctions.10 February 2020
Some Democrats Lead Trump in Campaign Domain-Security Efforts
Sanders and Trump campaigns lack proper DMARC security enforcement, study finds.10 February 2020
BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver
The RobbinHood ransomware is using a deprecated Gigabyte driver as the tip of the spear for taking out antivirus products.10 February 2020
Israel's Entire Voter Registry Exposed in Massive Incident
Personal details of nearly 6.5 million Israelis were out in the open after the entire registry was uploaded to an notably insecure app.10 February 2020
Active PayPal Phishing Scam Targets SSNs, Passport Photos
Phishing emails have been uncovered that request a full rundown of personal data - even asking for photos of passports.10 February 2020
Software error exposes the ID numbers for 1.26 million Danish citizens
Danish tax portal accidentally shares tax payer identification numbers with Google and Adobe analytics services.10 February 2020
China's Military Behind 2017 Equifax Breach: DoJ
Four members of China's People Liberation Army hacked the information broker, leading to the theft of sensitive data on approximately 145 million citizens.10 February 2020
Equifax Breach: Four Members of Chinese Military Charged with Hacking
Feds have charged four members of the Chinese People’s Liberation Army (PLA) in connection with the infamous 2017 Equifax breach.10 February 2020
Unlocked S3 Bucket Lets 36,077 Jail Files Escape
The leaky repository belongs to JailCore, a cloud management and compliance platform used in several states' correctional facilities.10 February 2020
Unlocked S3 Bucket Lets 36,077 Prison Files Escape
The leaky repository belongs to JailCore, a cloud management and compliance platform used in several states' correctional facilities.10 February 2020
6 Factors That Raise The Stakes For IoT Security
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.10 February 2020