Cybersecurity News
Microsoft says it detects 77,000 active web shells on a daily basis
Microsoft detects and tracks a daily average of around 77,000 active web shells, spread across 46,000 infected servers.05 February 2020
Malware stew cooked up on Bitbucket, deployed in attacks worldwide
Bitbucket is being abused and used as the host for cryptocurrency miners, ransomware, and Trojans deployed in a single attack chain.05 February 2020
Companies Pursue Zero Trust, but Implementers Are Hesitant
Almost three-quarters of enterprises plan to have a zero-trust access model by the end of the year, but nearly half of cybersecurity professionals lack the knowledge to implement the right technologies, experts say.04 February 2020
Chrome 80 released with silent notification popups, support for same-site cookies
Chrome 80 also comes with support for blocking heavy-loading online ads.04 February 2020
8 of the 10 Most Exploited Bugs Last Year Involved Microsoft Products
Six of them were the same as from the previous year, according to new Recorded Future analysis.04 February 2020
SharePoint Bug Proves Popular Weapon for Nation-State Attacks
Thousands of servers could be exposed to SharePoint vulnerability CVE-2019-0604, recently used in cyberattacks against Middle East government targets.04 February 2020
Booter Boss Busted By Bacon Pizza Buy
A Pennsylvania man who operated one of the Internet's longest-running online attack-for-hire or "booter" services was sentenced to five years probation today. While the young man's punishment was heavily tempered by his current poor health, the defendant's dietary choices may have contributed to both his capture and the lenient sentencing: Investigators say the onetime booter boss's identity became clear after he ordered a bacon and chicken pizza delivered to his home using the same email address he originally used to register his criminal attack service.04 February 2020
Community Housing Nonprofit Hit with $1.2M Loss in BEC Scam
Red Kite said that domain-spoofing and convincing scam emails claiming to be from suppliers were the cause.
04 February 2020
Microsoft DART Finds Web Shell Threat on the Rise
Various APT groups are successfully using Web shell attacks on a more frequent basis.04 February 2020
Ransomware Attack Hinders Toll Group Operations
Customers took to Twitter to air their grievances after some of the transportation giant's operations were downed.
04 February 2020
Researcher: Backdoor mechanism discovered in devices using HiSilicon chips
Researcher said he did not notify HiSilicon due to a lack of trust in the hardware vendor to adequately fix the issue.04 February 2020
Researcher: Backdoor mechanism still active in many IoT products
Researcher says a backdoor mechanism in devices running Xiongmai firmware is still active years after first being discovered.04 February 2020
Ransomware Attacks: Why It Should Be Illegal to Pay the Ransom
For cities, states and towns, paying up is short-sighted and only makes the problem worse.04 February 2020
Two Critical Android Bugs Get Patched in February Update
As part of its February bug fixes, Google is patching a critical severity remote code execution vulnerability and an information disclosure bug.
04 February 2020
Medtronic Patches Implanted Device, CareLink Programmer Bugs
The medical device giant has issued fixes for bugs first disclosed in 2018 and 2019.
04 February 2020
Nintendo hacker pleads guilty
Teen who hacked Nintendo twice and leaked data on the company's yet unreleased Switch console pleaded guilty last week.04 February 2020
7 Ways SMBs Can Secure Their Websites
Here's what small and midsize businesses should consider when they decide it's time to up their website security.
04 February 2020
Twitter Suspends Fake Accounts Abusing Feature that Matches Phone Numbers and Users
The company believes state-sponsored actors may also be involved.04 February 2020
Kubernetes Shows Built-in Weakness
A Shmoocon presentation points out several weaknesses built in to Kubernetes configurations and how a researcher can exploit them.04 February 2020
What WON'T Happen in Cybersecurity in 2020
Predictions are a dime a dozen. Here are six trends that you won't be hearing about anytime soon.04 February 2020