Cybersecurity News


Over 100,000 machines remain vulnerable to SMBGhost exploitation

The patch for the critical flaw that allows malware to spread across machines without any user interaction was released months ago

The post Over 100,000 machines remain vulnerable to SMBGhost exploitation appeared first on WeLiveSecurity

29 October 2020

Cybercriminals Aim BEC Attacks at Education Industry

Cybercriminals Aim BEC Attacks at Education Industry Heightened vulnerability comes at a time when the sector has been focusing on setting up a remote workforce and online learning amid the pandemic.
29 October 2020

Analysis: Forcepoint Can Still Succeed, but It Needs Committed Ownership

Raytheon intends to sell Forcepoint to PE firm Francisco Partners. Despite a solid product portfolio and bold strategy, Forcepoint's future is now even more uncertain.
29 October 2020

Home Depot Confirms Data Breach in Order Confirmation SNAFU

Home Depot Confirms Data Breach in Order Confirmation SNAFU Hundreds of emailed order confirmations for random strangers were sent to Canadian customers, each containing personal information.
29 October 2020

Oracle WebLogic Server RCE Flaw Under Active Attack

Oracle WebLogic Server RCE Flaw Under Active Attack The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn.
29 October 2020

'Act of War' Clause Could Nix Cyber Insurance Payouts

The indictment of six members of the Russian military for the NotPetya ransomware attack places companies on notice that insurance "is not a get-out-of-jail-free card."
29 October 2020

Is Your Encryption Ready for Quantum Threats?

Answers to these five questions will help security teams defend against attackers in the post-quantum computing era.
29 October 2020

Bug-Bounty Awards Spike 26% in 2020

Bug-Bounty Awards Spike 26% in 2020 The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify.
29 October 2020

McAfee debuts remote browser isolation solution, XDR platform

The company’s new offerings are designed with real-time protection and incident management in mind.
29 October 2020

IoT security: Are we finally turning the corner?

Better IoT security and data protection are long overdue. Will they go from an afterthought to everyone's priority any time soon?

The post IoT security: Are we finally turning the corner? appeared first on WeLiveSecurity

29 October 2020

Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns

Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns Malicious redirection websites are using typosquatting and impersonation to attack unwary visitors.
29 October 2020

FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals

On Monday, Oct. 27, KrebsOnSecurity began following up on a tip from a reliable source that an aggressive Russian cybercriminal gang known for deploying ransomware was preparing to disrupt information technology systems at hundreds of hospitals, clinics and medical care facilities across the United States. Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an "imminent cybercrime threat to U.S. hospitals and healthcare providers."
28 October 2020

Breaking the Glass Ceiling: Tough for Women, Tougher for Women of Color

Security practitioners shed light on obstacles limiting career growth and the steps businesses can take to achieve their promises of a more diverse workforce.
28 October 2020

More Hospitals Hit by Growing Wave of Ransomware Attacks

More Hospitals Hit by Growing Wave of Ransomware Attacks Hospitals in New York and Oregon were targeted on Tuesday by threat actors who crippled systems and forced ambulances with sick patients to be rerouted, in some cases.
28 October 2020

US Government Issues Warning on Kimsuky APT Group

The joint alert, from CISA, the FBI, and others, describes activities from the North Korean advanced persistent threat group.
28 October 2020

Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems

Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems While Microsoft patched the bug known as CVE-2020-0796 back in March, more than one 100,000 Windows systems are still vulnerable.
28 October 2020

‘Copyright Violation’ Notices Lead to Facebook 2FA Bypass

‘Copyright Violation’ Notices Lead to Facebook 2FA Bypass Fraudulent Facebook messages allege copyright infringement and threaten to take down pages, unless users enter logins, passwords and 2FA codes.
28 October 2020

6 Ways Passwords Fail Basic Security Tests

6 Ways Passwords Fail Basic Security Tests New data shows humans still struggle with password creation and management.
28 October 2020

Rethinking Security for the Next Normal -- Under Pressure

By making a commitment to a unified approach to security, then doing what's necessary to operationalize it, organizations can establish a better security model for the next normal.
28 October 2020

How the Pandemic is Reshaping the Bug-Bounty Landscape

How the Pandemic is Reshaping the Bug-Bounty Landscape Bugcrowd Founder Casey Ellis talks about COVID-19's impact on bug bounty hunters, bug bounty program adoption and more.
28 October 2020