Cybersecurity News


WordPress Plugin Bug Opens 100K Websites to Compromise

WordPress Plugin Bug Opens 100K Websites to Compromise Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace.
28 April 2020

Security Pros Reassigned to IT Tasks in Coronavirus Pandemic

Most security practitioners surveyed say their job functions have changed during the pandemic, and 90% are now working remotely full time.
28 April 2020

Sophisticated Android Spyware Attack Spreads via Google Play

Sophisticated Android Spyware Attack Spreads via Google Play The PhantomLance espionage campaign is targeting specific victims, mainly in Southeast Asia -- and could be the work of the OceanLotus APT.
28 April 2020

PhantomLance spying campaign breaches Google Play security

The four-year-long attack wave has been connected to dozens of malicious apps found in app stores.
28 April 2020

What's Your Cybersecurity Architecture Integration Business Plan?

To get the most out of your enterprise cybersecurity products, they need to work together. But getting those products talking to each other isn't easy.
28 April 2020

New Startup Accurics Tackles Cloud Infrastructure Security

Accurics offers a free product to prevent "drift" between infrastructure defined through code and infrastructure running in the cloud.
28 April 2020

Troves of Zoom Credentials Shared on Hacker Forums

Troves of Zoom Credentials Shared on Hacker Forums Several new databases have been uncovered on underground forums sharing recycled Zoom credentials.
28 April 2020

Grandoreiro: How engorged can an EXE get?

Another in our occasional series demystifying Latin American banking trojans

The post Grandoreiro: How engorged can an EXE get? appeared first on WeLiveSecurity

28 April 2020

Android OEM patch rates have improved, with Nokia and Google leading the charge

The Android OEM patch rate has gone down from 44 days in 2018 to 38 days today.
28 April 2020

Hackers are creating backdoor accounts and cookie files on WordPress sites running OneTone

Attacks began earlier this month after WordPress theme developer did not release a patch for a trivial bug.
28 April 2020

Consumers benefit as video call vendors scramble to revamp security in a COVID-19 world

Houseparty, Discord, and Doxy.me, however, fail to meet basic security standards, new research suggests.
28 April 2020

Biopharmaceutical Firm Suffers Ransomware Attack, Data Dump

ExecuPharm said its internal servers were hit with ransomware after attackers launched a phishing attack.
27 April 2020

Top 10 Cyber Incident Response Mistakes and How to Avoid Them

Top 10 Cyber Incident Response Mistakes and How to Avoid Them From lack of planning to rushing the closure of incidents, these mistakes seriously harm IR effectiveness.
27 April 2020

Attackers Target Sophos Firewalls with Zero-Day

Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
27 April 2020

GDPR Compliance Site Leaks Git Data, Passwords

GDPR Compliance Site Leaks Git Data, Passwords Researchers discovered a .git folder exposing passwords and more for a website that gives advice to organizations about complying with the General Data Protection Regulation (GDPR) rules.
27 April 2020

Will the Pandemic Complicate Cyber Insurance Claims?

Will the Pandemic Complicate Cyber Insurance Claims? While quarantined workers are keeping safe at home, they could be jeopardizing your insurance policy.
27 April 2020

Microsoft Patches Dangerous Teams Vulnerability

CyberArk says issue would have allowed attackers to take over Teams accounts using a malicious GIF.
27 April 2020

You can now manage Windows 10 devices through G Suite

G Suite gets a long-awaited feature -- Windows 10 device management.
27 April 2020

Microsoft Advisory Warns of Vulnerabilities Affecting Office

The flaws exist in Autodesk's FBX Software Development Kit, which is supported in Microsoft Office 2019 and Office 365 ProPlus.
27 April 2020

Financial sector is seeing more credential stuffing than DDoS attacks

North American financial institutions and banks are targeted the most, primarily because most leaked credentials are from US services.
27 April 2020