Cybersecurity News
Cryptic Rumblings Ahead of First 2020 Patch Tuesday
Sources tell KrebsOnSecurity that Microsoft Corp. is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020.13 January 2020
Microsoft to Officially End Support for Windows 7, Server 2008
Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.13 January 2020
Website Collecting Australian Fire Donations Hit by Magecart
The attack may have compromised donors' payment information.13 January 2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Organizations need to apply mitigations for vulnerability in Citrix Application Delivery Controller and Citrix Gateway ASAP, security researchers say.13 January 2020
What Questions Should I Keep in Mind to Improve My Security Metrics?
If you can answer these six questions, you'll be off to a great start.13 January 2020
Microsoft spots malicious npm package stealing data from UNIX systems
Malicious JavaScript package was only active on the npm repository for two weeks.13 January 2020
Scammers Dupe Texas School District Out of $2.3M
The wide-scale phishing scam reportedly started in early November and continued through December, before it was discovered by the Texas school district.13 January 2020
Joker Android Malware Snowballs on Google Play
Google has removed 17,000 Joker-infested apps from the Play store to date.13 January 2020
CES Surveillance Hype Worries Privacy Advocates
CES wiz-bang surveillance tech gives privacy advocates the willies.13 January 2020
An Identity Management Spin on Shaggy's Hit Song
Wondering how this guy could be so clumsy? So is he.13 January 2020
Report: Chinese hacking group APT40 hides behind network of front companies
A group of anonymous security analysts have tracked down 13 front companies operating in the island of Hainan through which they say the Chinese state has been recruiting hackers.13 January 2020
5 major US wireless carriers vulnerable to SIM swapping attacks
When it comes to protection against this insidious type of scam, the telcos’ authentication procedures leave a lot be desired, a study finds
The post 5 major US wireless carriers vulnerable to SIM swapping attacks appeared first on WeLiveSecurity
13 January 2020
5 major US wireless carriers vulnerable to SIM swapping attacks
When it comes to protection against this insidious type of scam, the telcos’ authentication procedures leave a lot be desired, a study finds
The post 5 major US wireless carriers vulnerable to SIM swapping attacks appeared first on WeLiveSecurity
13 January 2020
Phishing for Apples, Bobbing for Links
Anyone searching for a primer on how to spot clever phishing links need look no further than those targeting customers of Apple, whose brand by many measures has emerged as the most targeted. Past stories here have examined how scammers working with organized gangs try to phish iCloud credentials from Apple customers who have a mobile device that is lost or stolen. Today's piece looks at the well-crafted links used in some of these lures.13 January 2020
Texas School District Loses $2.3M to Phishing Attack
The Manor Independent School District is investigating a phishing email scam that led to three separate fraudulent transactions.13 January 2020
‘Cable Haunt’ Bug Plagues Millions of Home Modems
The issue lies in underlying reference software used by multiple cable-modem manufacturers to create device firmware.13 January 2020
Unpatched Citrix Flaw Now Has PoC Exploits
Over 25,000 servers globally are vulnerable to the critical Citrix remote code execution vulnerability.13 January 2020
Will This Be the Year of the Branded Cybercriminal?
Threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts.13 January 2020
Texas school district falls for email scam, hands over $2.3 million
There are “strong” leads but no real indication of who is responsible.13 January 2020
‘Rosegold’ National Lottery hacker steals £5, lands prison sentence
The Sentry MBA brute-force account cracking tool was used to compromise user accounts.13 January 2020