Cybersecurity News


HackerOne expands Internet Bug Bounty project to tackle open source bugs

Open source code is used by most companies. It's time to improve its security.
21 September 2021

Turla hacking group launches new backdoor in attacks against US, Afghanistan

The Russian cyberattackers are using the new module to become more stealthy.
21 September 2021

Siemens launches AI solution to fight industrial cybercrime

Eos.ii will monitor for threats against industrial IoT endpoints and platforms.
21 September 2021

Does Your Organization Have a Security.txt File?

It happens all the time: Organizations get hacked because there isn't an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn't entirely clear who should get the report when remote access to an organization's internal network is being sold in the cybercrime underground. In a bid to minimize these scenarios, a growing number of major companies are adopting "Security.txt," a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences.
20 September 2021

Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate

Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety.
20 September 2021

Europol Breaks Open Extensive Mafia Cybercrime Ring

Europol Breaks Open Extensive Mafia Cybercrime Ring Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits.
20 September 2021

Payment API Bungling Exposes Millions of Users’ Payment Data

Payment API Bungling Exposes Millions of Users’ Payment Data Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.
20 September 2021

Bring Your APIs Out of the Shadows to Protect Your Business

Bring Your APIs Out of the Shadows to Protect Your Business APIs are immensely more complex to secure. Shadow APIs—those unknown or forgotten API endpoints that escape the attention and protection of IT¬—present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do.
20 September 2021

Facebook rebukes WSJ over investigation on the platform's ability to harm, 'toxic' impact

Facebook says the series contains "deliberate mischaracterizations."
20 September 2021

Week in security with Tony Anscombe

Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

17 September 2021

Porn Problem: Adult Ads Persist on US Gov’t, Military Sites

Porn Problem: Adult Ads Persist on US Gov’t, Military Sites Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.
17 September 2021

Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do

Ditch the Alert Cannon: Modernizing IDS is a Security Must-Do Jeff Costlow, CISO at ExtraHop, makes the case for implementing next-gen intrusion-detection systems (NG-IDS) and retiring those noisy 90s compliance platforms.
17 September 2021

AT&T Phone-Unlocking Malware Ring Costs Carrier $200M

AT&T Phone-Unlocking Malware Ring Costs Carrier $200M With the help of malicious insiders, a fraudster was able to install malware and remotely divorce iPhones and other handsets from the carrier's U.S. network -- all the way from Pakistan.
17 September 2021

Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang

Microsoft MSHTML Flaw Exploited by Ryuk Ransomware Gang Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems.
17 September 2021

This banking Trojan abuses YouTube to manage remote settings

The spam-spread malware is another headache for Latin America in the cybersecurity realm.
17 September 2021

Numando: Count once, code twice

The (probably) penultimate post in our occasional series demystifying Latin American banking trojans.

The post Numando: Count once, code twice appeared first on WeLiveSecurity

17 September 2021

Cyberattacks against the aviation industry linked to Nigerian threat actor

The investigation began after a Microsoft tweet concerning AsyncRAT.
17 September 2021

Trial Ends in Guilty Verdict for DDoS-for-Hire Boss

A jury in California today reached a guilty verdict in the trial of Matthew Gatrel, a St. Charles, Ill. man charged in 2018 with operating two online services that allowed paying customers to launch powerful distributed denial-of-service (DDoS) attacks against Internet users and websites. Gatrel's conviction comes roughly two weeks after his co-conspirator pleaded guilty to criminal charges related to running the services.
16 September 2021

CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug

CISA, FBI: State-Backed APTs May Be Exploiting Critical Zoho Bug The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.
16 September 2021

Airline Credential-Theft Takes Off in Widening Campaign

Airline Credential-Theft Takes Off in Widening Campaign A spyware effort bent on stealing cookies and logins is being driven by unsophisticated attackers cashing in on the initial-access-broker boom.
16 September 2021