---

WordPress Plugin Bug Opens 100K Websites to Compromise

Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace.

---

Security Pros Reassigned to IT Tasks in Coronavirus Pandemic

Most security practitioners surveyed say their job functions have changed during the pandemic, and 90% are now working remotely full time.

---

Sophisticated Android Spyware Attack Spreads via Google Play

The PhantomLance espionage campaign is targeting specific victims, mainly in Southeast Asia -- and could be the work of the OceanLotus APT.

---

PhantomLance spying campaign breaches Google Play security

The four-year-long attack wave has been connected to dozens of malicious apps found in app stores.

---

What's Your Cybersecurity Architecture Integration Business Plan?

To get the most out of your enterprise cybersecurity products, they need to work together. But getting those products talking to each other isn't easy.

---

New Startup Accurics Tackles Cloud Infrastructure Security

Accurics offers a free product to prevent "drift" between infrastructure defined through code and infrastructure running in the cloud.

---

Troves of Zoom Credentials Shared on Hacker Forums

Several new databases have been uncovered on underground forums sharing recycled Zoom credentials.

---

Grandoreiro: How engorged can an EXE get?

Another in our occasional series demystifying Latin American banking trojans

The post Grandoreiro: How engorged can an EXE get? appeared first on WeLiveSecurity

---

Android OEM patch rates have improved, with Nokia and Google leading the charge

The Android OEM patch rate has gone down from 44 days in 2018 to 38 days today.

---

Hackers are creating backdoor accounts and cookie files on WordPress sites running OneTone

Attacks began earlier this month after WordPress theme developer did not release a patch for a trivial bug.

---

Consumers benefit as video call vendors scramble to revamp security in a COVID-19 world

Houseparty, Discord, and Doxy.me, however, fail to meet basic security standards, new research suggests.

---

Biopharmaceutical Firm Suffers Ransomware Attack, Data Dump

ExecuPharm said its internal servers were hit with ransomware after attackers launched a phishing attack.

---

Top 10 Cyber Incident Response Mistakes and How to Avoid Them

From lack of planning to rushing the closure of incidents, these mistakes seriously harm IR effectiveness.

---

Attackers Target Sophos Firewalls with Zero-Day

Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.

---

GDPR Compliance Site Leaks Git Data, Passwords

Researchers discovered a .git folder exposing passwords and more for a website that gives advice to organizations about complying with the General Data Protection Regulation (GDPR) rules.

---

Will the Pandemic Complicate Cyber Insurance Claims?

While quarantined workers are keeping safe at home, they could be jeopardizing your insurance policy.

---

Microsoft Patches Dangerous Teams Vulnerability

CyberArk says issue would have allowed attackers to take over Teams accounts using a malicious GIF.

---

You can now manage Windows 10 devices through G Suite

G Suite gets a long-awaited feature -- Windows 10 device management.

---

Microsoft Advisory Warns of Vulnerabilities Affecting Office

The flaws exist in Autodesk's FBX Software Development Kit, which is supported in Microsoft Office 2019 and Office 365 ProPlus.

---

Financial sector is seeing more credential stuffing than DDoS attacks

North American financial institutions and banks are targeted the most, primarily because most leaked credentials are from US services.