Cybersecurity News


Nearly Two Dozen AWS APIs Are Vulnerable to Abuse

Attackers can conduct identity reconnaissance against an organization at leisure without being detected, Palo Alto Networks says.
17 November 2020

EFF, Security Experts Condemn Politicization of Election Security

Open letter, signed by high-profile security professionals and organizations, urges White House to "reverse course and support election security."
17 November 2020

Ransomware attack forces web hosting provider Managed.com to take servers offline

Ransomware attack on Managed.com appears to have taken place on Monday, November 16.
17 November 2020

Multiple Industrial Control System Vendors Warn of Critical Bugs

Multiple Industrial Control System Vendors Warn of Critical Bugs Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity.
17 November 2020

Defining Security Policies to Manage Remote Insider Threats

Defining Security Policies to Manage Remote Insider Threats This is the time to define the new normal; having well-defined policies in place will help businesses maintain its security posture while bolstering the security of the ever-increasing work-from-home population.
17 November 2020

ThreatList: Pharma Mobile Phishing Attacks Turn to Malware

ThreatList: Pharma Mobile Phishing Attacks Turn to Malware After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.
17 November 2020

Vulnerability Prioritization Tops Security Pros' Challenges

Vulnerability Prioritization Tops Security Pros' Challenges Why vulnerability prioritization has become a top challenge for security professionals and how security and development teams can get it right.
17 November 2020

COVID-19 Antigen Firm Hit by Malware Attack

COVID-19 Antigen Firm Hit by Malware Attack Global biotech firm Miltenyi, which supplies key components necessary for COVID-19 treatment research, has been battling a malware attack.
17 November 2020

Researchers Scan for Supply-Side Threats in Open Source

A recent project to scan the main Python repository's 268,000 packages found only a few potentially malicious programs, but work earlier this year uncovered hundreds of instances of malware.
17 November 2020

To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective

The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.
17 November 2020

Chart: Undisputed Increase in Paid Claims

Chart: Undisputed Increase in Paid Claims While the number of enterprises that hold cyber insurance might not have increased significantly over the past year, the number of enterprises that have successfully filed a breach insurance claim has.
17 November 2020

Zoom Takes on Zoom-Bombers Following FTC Settlement

Zoom Takes on Zoom-Bombers Following FTC Settlement The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls.
17 November 2020

Chrome 87 released with fix for NAT Slipstream attacks, broader FTP deprecation

Support for FTP links will be disabled for 50% of Chrome 87 users, with a complete removal scheduled for Chrome 88.
17 November 2020

Security Risks Discovered in Tesla Backup Gateway

Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet.
17 November 2020

An Inside Look at an Account Takeover

An Inside Look at an Account Takeover AI threat find: Phishing attack slips through email gateway and leads to large-scale compromise.
17 November 2020

Cisco Patches Critical Flaw After PoC Exploit Code Release

Cisco Patches Critical Flaw After PoC Exploit Code Release A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.
17 November 2020

Be Very Sparing in Allowing Site Notifications

An increasing number of websites are asking visitors to approve "notifications," browser modifications that periodically display messages on the user's mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.
17 November 2020

Ransomware Operator Promotes Distributed Storage for Stolen Data

The criminals behind the DarkSide ransomware-as-a-service operation say the system will be harder to take down.
17 November 2020

Researchers warn of internet security risks connected to Tesla Backup Gateway

Hundreds of Tesla gateway systems have been found, exposed and open, online.
17 November 2020

Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs

Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs Attackers can exploit the feature and send people’s data directly to remote servers, posing a privacy and security risk, researchers said.
17 November 2020