Cybersecurity News


Researchers Find Baby Banking Trojan, Watch It Grow

EventBot is an Android information stealer on its way to becoming a very capable piece of malware.
30 April 2020

Microsoft Sway Abused in Office 365 Phishing Attack

Microsoft Sway Abused in Office 365 Phishing Attack The "PerSwaysion" attackers have leveraged a plethora of Microsoft services to compromise at least 150 executives in a highly targeted phishing campaign.
30 April 2020

Salt Bugs Allow Full RCE as Root on Cloud Servers

Salt Bugs Allow Full RCE as Root on Cloud Servers Researchers say the bugs are easy to exploit and will likely be weaponized within a day.
30 April 2020

Healthcare Targeted By More Attacks But Less Sophistication

An increase in attacks targeting healthcare organizations suggests that perhaps new cybercriminals are getting into the game.
30 April 2020

Building for Billions: Addressing Security Concerns for Platforms at Scale

Building for Billions: Addressing Security Concerns for Platforms at Scale Lessons from Facebook and Google show how to safely scale your environment for security.
30 April 2020

Things Keeping CISOs Up at Night During the COVID-19 Pandemic

Insights from discussions with more than 20 CISOs, CEOs, CTOs, and security leaders.
30 April 2020

Ed-Tech Company Chegg Suffers Third Breach Since 2018

The latest incident compromised names, Social Security numbers, and other data belonging to 700 current and former Chegg employees.
30 April 2020

User-Friendly Cybersecurity: Is a Better UX the Key to a Better Defense?

User-Friendly Cybersecurity: Is a Better UX the Key to a Better Defense? Frictionless security, improved interfaces, and more usable design may improve the efficacy of security tools and features (and make life easier for users and infosec pros alike). So why has there been so much resistance?
30 April 2020

How Cybercriminals are Weathering COVID-19

In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it's hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services. But it's not all good news: The Coronavirus also has driven up costs and disrupted key supply lines for many cybercriminals.
30 April 2020

Researchers Find Vulnerabilities in Popular Remote Learning Plug-ins

As more students move to online learning platforms, vulnerability researchers are revealing security flaws in some common software plug-ins.
30 April 2020

New Android Malware Targets PayPal, CapitalOne App Users

New Android Malware Targets PayPal, CapitalOne App Users Researchers warn that the EventBot Android malware, which targets over 200 financial apps, could be the "next big mobile malware."
30 April 2020

Maintaining POS Device Security and Cleanliness


With the global spread of COVID-19, awareness about the potential risks associated with touching public-facing surfaces has intensified. Many merchants are working harder than ever to protect their customers by frequently cleaning common touch points in their stores. One of these common surfaces is the point-of-sale (POS) payment terminals where customers swipe or dip their payment card and potentially enter a PIN to confirm their purchase.

30 April 2020

Spear-phishing campaign compromises executives at 150+ companies

PerSwaysion group appears to be formed of members based in Nigeria and South Africa.
30 April 2020

The Rise of Deepfakes and What That Means for Identity Fraud

Convincing deepfakes are a real concern, but there are ways of fighting back.
30 April 2020

Here's the NSA's guide for choosing a safe text chat and video conferencing service

NSA publishes guidance on choosing a secure teleworking service. Assessed tools include Slack, Zoom, Signal, Skype, more.
30 April 2020

Shade Threat Actors Call It Quits, Release 750K Encryption Keys

Shade Threat Actors Call It Quits, Release 750K Encryption Keys The team behind the ransomware, first spotted in late 2014 and typically targeting Russian victims, apologized to victims in a post on GitHub.
30 April 2020

Critical WordPress e-Learning Plugin Bugs Open Door to Cheating

Critical WordPress e-Learning Plugin Bugs Open Door to Cheating The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges.
30 April 2020

Critical vulnerabilities in WordPress plugins lead to e-learning platform hijacking

The most serious issues discovered can be used in remote code execution attacks.
30 April 2020

Sextortion scammers still shilling with stolen passwords

The email includes the potential victim’s password as evidence of a hack, but there is more than meets the eye

The post Sextortion scammers still shilling with stolen passwords appeared first on WeLiveSecurity

30 April 2020

Investors sue LabCorp over security failures in light of data breach, ransomware attack

The lawsuit claims that the company’s security posture led to investor losses.
30 April 2020