Cybersecurity News


As Businesses Go Remote, Hackers Find New Security Gaps

Improper access control, information disclosure, and SSRF are among the most impactful, and most awarded, security flaws found this year.
02 November 2020

Marriott fined £18.4 million by UK watchdog over customer data breach

The fine has been slashed from over £99 million originally proposed In light of the pandemic.
02 November 2020

CERT/CC launches Twitter bot to give security bugs random names

CERT/CC attempts to reduce the use of sensationalized vulnerability names that needlessly scare software users.
02 November 2020

US Cyber Command exposes new Russian malware

Together with CISA and the FBI, US Cyber Command wish Russian state hackers a "Happy Halloween!"
01 November 2020

Chrome will soon have its own dedicated certificate root store

Currently, Chrome uses the certificate root store part of each operating system. Google plans to manage its own list of "approved" certificates from now on, similar to Firefox.
31 October 2020

Rising Ransomware Breaches Underscore Cybersecurity Failures

Ransomware's continued success speaks volumes about what's at stake for businesses and people, and, perhaps, the cybersecurity industry's inability to adapt quickly enough to protect everyone.
31 October 2020

Crippling Cyberattacks, Disinformation Top Concerns for Election Day

Crippling Cyberattacks, Disinformation Top Concerns for Election Day Cyber-researchers weigh in on what concerns them the most as the U.S. heads into the final weekend before the presidential election -- and they also highlight the positives.
30 October 2020

WordPress Patches 3-Year-Old High-Severity RCE Bug

WordPress Patches 3-Year-Old High-Severity RCE Bug In all, WordPress patched 10 security bugs as part of the release of version 5.5.2 of its web publishing software.
30 October 2020

Firestarter Android Malware Abuses Google Firebase Cloud Messaging

Firestarter Android Malware Abuses Google Firebase Cloud Messaging The DoNot APT threat group is leveraging the legitimate Google Firebase Cloud Messaging server as a command-and-control (C2) communication mechanism.
30 October 2020

New Wroba Campaign Is Latest Sign of Growing Mobile Threats

After years of mostly targeting users in Japan, Korea, and other countries in the region, operators of the Trojan expanded their campaign to the US this week.
30 October 2020

Wisc. GOP’s $2.3M MAGA Hat Debacle Showcases Fraud Concerns

Wisc. GOP’s $2.3M MAGA Hat Debacle Showcases Fraud Concerns Scammers bilked Wisconsin Republicans out of $2.3 million in a basic BEC scam — and anyone working on the upcoming election needs to pay attention.   
30 October 2020

Halloween News Wrap: The Election, Hospital Deaths and Other Scary Cyberattack Stories

Halloween News Wrap: The Election, Hospital Deaths and Other Scary Cyberattack Stories Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry -- including bugs that just won't die.
30 October 2020

Wroba Mobile Banking Trojan Spreads to the U.S. via Texts

Wroba Mobile Banking Trojan Spreads to the U.S. via Texts The Roaming Mantis group is targeting the States with a malware that can steal information, harvest financial data and send texts to self-propagate.
30 October 2020

Google discloses Windows zero-day exploited in the wild

Windows zero-day (not yet patched) is used as part of an exploit chain that also includes a Chrome zero-day (already patched).
30 October 2020

Week in security with Tony Anscombe

New ESET Threat Report is out – Are things in IoT security finally changing? – 5 spooky tales of data breaches

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

30 October 2020

Election (in)security: What you may have missed

As Election Day draws near, here's a snapshot of how this election cycle is faring in the hands of the would-be digitally meddlesome

The post Election (in)security: What you may have missed appeared first on WeLiveSecurity

30 October 2020

JavaScript Obfuscation Moves to Phishing Emails

Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.
30 October 2020

Microsoft Warns of Ongoing Attacks Exploiting Zerologon

The vulnerability, patched in August, has been weaponized by APT groups and prompted CISA to issue a security alert.
30 October 2020

Public Safety & Cybersecurity Concerns Elevate Need for a Converged Approach

As public and private spaces are opening up, the need for a converged approach to cybersecurity and physical security is essential, as is integration with health measures and tech.
30 October 2020

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug

Microsoft Warns Threat Actors Continue to Exploit Zerologon Bug Tech giant and feds this week renewed their urge to organizations to update Active Directory domain controllers.
30 October 2020