Cybersecurity News


Researchers Call for 'CVE' Approach for Cloud Vulnerabilities

New research suggests isolation among cloud customer accounts may not be a given -- and the researchers behind the findings issue a call to action for cloud security.
06 August 2021

Zoom Settlement: An $85M Business Case for Security Investment  

Zoom Settlement: An $85M Business Case for Security Investment   Zoom’s security lesson over end-to-end encryption shows the costs of playing cybersecurity catchup.
06 August 2021

Angry Affiliate Leaks Conti Ransomware Gang Playbook

Angry Affiliate Leaks Conti Ransomware Gang Playbook The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks.
06 August 2021

IIStealer: A server‑side threat to e‑commerce transactions

The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information

The post IIStealer: A server‑side threat to e‑commerce transactions appeared first on WeLiveSecurity

06 August 2021

Anatomy of native IIS malware

ESET researchers publish a white paper putting IIS web server threats under the microscope

The post Anatomy of native IIS malware appeared first on WeLiveSecurity

06 August 2021

Black Hat: BadAlloc bugs expose millions of IoT devices to hijack

BadAlloc vulnerabilities impact millions of devices worldwide.
06 August 2021

HTTP/2 Implementation Errors Exposing Websites to Serious Risks

Organizations that don't implement end-to-end HTTP/2 are vulnerable to attacks that redirect users to malicious sites and other threats, security researcher reveals at Black Hat USA.
05 August 2021

CISA Launches JCDC, the Joint Cyber Defense Collaborative

"We can't do this alone," the new CISA director told attendees in a keynote at Black Hat USA today.
05 August 2021

Black Hat: New CISA Head Woos Crowd With Public-Private Task Force

Black Hat: New CISA Head Woos Crowd With Public-Private Task Force Day two Black Hat keynote by CISA Director Jen Easterly includes launch of private-public partnership with Amazon, Google and Microsoft to fight cybercrime.
05 August 2021

Incident Responders Explore Microsoft 365 Attacks in the Wild

Mandiant experts discuss the novel techniques used to evade detection, automate data theft, and achieve persistent access.
05 August 2021

Black Hat: How cybersecurity incidents can become a legal minefield

Facing a cyberattack? Pick up the phone and talk to legal help as well as incident response.
05 August 2021

Auditors: Feds’ Cybersecurity Gets the Dunce Cap

Auditors: Feds’ Cybersecurity Gets the Dunce Cap Out of eight agencies, four were given D grades in a report for the Senate, while the Feds overall got a C-. 
05 August 2021

Black Hat: Enterprise players face 'one-two-punch' extortion in ransomware attacks

Intrusions have become even more costly to the enterprise due to double-extortion tactics.
05 August 2021

Researchers Find Significant Vulnerabilities in macOS Privacy Protections

Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.
05 August 2021

A New Approach to Securing Authentication Systems' Core Secrets

Researchers at Black Hat USA explain issues around defending "Golden Secrets" and present an approach to solving the problem.
05 August 2021

MacOS Flaw in Telegram Retrieves Deleted Messages

MacOS Flaw in Telegram Retrieves Deleted Messages Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead.
05 August 2021

Organizations Still Struggle to Hire & Retain Infosec Employees: Report

Security leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows.
05 August 2021

Is your personal information being abused?

Drowning in spam? A study presented at Black Hat USA 2021 examines if sharing your personal information with major companies contributes to the deluge of nuisance emails, texts and phone calls.

The post Is your personal information being abused? appeared first on WeLiveSecurity

05 August 2021

Black Hat: Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers Say

Black Hat: Microsoft’s Patch for Windows Hello Bypass Bug is Faulty, Researchers Say Researchers show how to circumvent Microsoft’s Windows Hello biometric authentication using a spoofed USB camera.
05 August 2021

Black Hat: Charming Kitten Leaves More Paw Prints

Black Hat: Charming Kitten  Leaves More Paw Prints IBM X-Force detailed the custom-made "LittleLooter" data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof.
05 August 2021