---

Hackers are targeting UK universities to steal coronavirus research, NCSC warns

State-sponsored hackers from Russia, Iran, and China are suspected.

---

CursedChrome turns your browser into a hacker's proxy

CursedChrome shows how hackers can take full control over your Chrome browser using just one extension.

---

Ghost blogging platform servers hacked and infected with crypto-miner

Ghost platform got hacked via the same vulnerability that allowed hackers to breach LineageOS servers hours before.

---

Hackers breach LineageOS servers via unpatched vulnerability

LineageOS source code, OS builds, and signing keys were unaffected, developers said.

---

UK NCSC to stop using 'whitelist' and 'blacklist' due to racial stereotyping

UK cyber-security agency to use "allow list" and "deny list" on its website, going forward.

---

Hacker leaks 15 million records from Tokopedia, Indonesia's largest online store

The Tokopedia data has been published on a well-known hacking forum.

---

Upgraded Cerberus Spyware Spreads Rapidly via MDM

No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers.

---

Fake Microsoft Teams Emails Phish for Credentials

Employees belonging to organizations in industries such as energy, retail, and hospitality have been recipients, Abnormal Security says.

---

DHS CISA Launches Site for Teleworking Security

The new website is intended to be a one-stop source for information on securing teleworkers and their employers.

---

Trump bans acquisition of foreign power grid equipment, citing hacking threats

White House says foreign-made equipment "augments the ability of foreign adversaries to create and exploit vulnerabilities" in the US power grid.

---

Name That Toon: The Lights Are On ...

Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.

---

News Wrap: Microsoft Sway Phish, Malicious GIF and Spyware Attacks

Threatpost editors discuss a phishing attack abusing Microsoft Sway, a Microsoft Teams flaw and an Android spyware campaign unearthed this week.

---

Best Practices for Managing a Remote SOC

Experts share what it takes to get your security analysts effectively countering threats from their home offices.

---

Microsoft Teams Impersonation Attacks Flood Inboxes

Two separate attacks have targeted as many as 50,000 different Teams users, with the goal of phishing Office 365 logins.

---

Week in security with Tony Anscombe

ESET's new Threat Report is out – Another deep dive into Latin American banking trojans – More coronavirus-themed scams

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

---

Apple Makes It Easier to Unlock iPhone While Wearing a Mask

The beta release of iOS 13.5 brings an updated FaceID so that users wearing masks can bypass facial recognition and unlock their phone with a code.

---

New Firefox service will generate unique email aliases to enter in online forms

Firefox Private Relay add-on to help users safeguard their email addresses from spammers.

---

Industrial Networks' Newest Threat: Remote Users

We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.

---

TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy

Threat actors are spreading the tricky trojan through fake messages in another opportunistic COVID-19-related campaign, said IBM X-Force.

---

Oracle warns of attacks against recently patched WebLogic security bug

Oracle patched the bug last month but attacks began after proof-of-concept code was published on GitHub.