Cybersecurity News


Apple Mail Zero-Click Security Vulnerability Allows Email Snooping

Apple Mail Zero-Click Security Vulnerability Allows Email Snooping The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached.
05 April 2021

How To Defend the Extended Network Against Web Risks

How To Defend the Extended Network Against Web Risks Aamir Lakhani, cybersecurity researcher for Fortinet’s FortiGuard Labs, discusses criminals flocking to web server and browser attacks, and what to do about it.
05 April 2021

15 Cybersecurity Pitfalls and Fixes for SMBs

15 Cybersecurity Pitfalls and Fixes for SMBs In this roundtable, security experts focus on smaller businesses offer real-world advice for actionable ways to shore up defenses using fewer resources.
05 April 2021

7 Ways to Reduce Cyber Threats From Remote Workers

The pandemic's decline won't stop the work-from-home trend nor the implications for cybersecurity, so it's crucial to minimize the threats.
05 April 2021

Name That Edge Toon: Rough Patch?

Name That Edge Toon: Rough Patch? Feeling creative? Submit your caption in the comments, and our panel of experts will reward the winner with a $25 Amazon gift card.
05 April 2021

Facebook data leak: Australians urged to check and secure social media accounts

Facebook data leak: Australians urged to check and secure social media accounts

Experts urge users to secure accounts and passwords after breach exposes personal details of more than 500 million people

Australians are being urged to secure their social media accounts after the details of more than 500 million global Facebook users were found online in a massive data breach.

The details published freely online included names, phone numbers, email addresses, account IDs and bios.

Related: Australia’s move to tame Facebook and Google is just the start of a global battle | Michelle Meagher

Continue reading...
05 April 2021

Ubiquiti All But Confirms Breach Response Iniquity

For four days this past week, Internet-of-Things giant Ubiquiti failed to respond to requests for comment on a whistleblower's allegations that the company had massively downplayed a "catastrophic" two-month breach ending in January to save its stock price, and that Ubiquiti's insinuation that a third-party was to blame was a fabrication. I was happy to add their eventual public response to the top of Tuesday's story on the whistleblower's claims, but their statement deserves a post of its own because it actually confirms and reinforces those claims.
04 April 2021

Inside the Ransomware Campaigns Targeting Exchange Servers

Security experts discuss the ransomware campaigns taking aim at Microsoft Exchange Server vulnerabilities patched last month.
02 April 2021

FBI: APTs Actively Exploiting Fortinet VPN Security Holes

FBI: APTs Actively Exploiting Fortinet VPN Security Holes Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon.
02 April 2021

Hackers Demand $40M in Ransom From Florida School District

District officials say they have no intention of paying the ransom
02 April 2021

Call of Duty Cheats Expose Gamers to Malware, Takeover

Call of Duty Cheats Expose Gamers to Malware, Takeover Activision is warning that cyberattackers are disguising malware -- a remote-access trojan (RAT) -- in cheat programs.
02 April 2021

FBI & CISA Warn of Active Attacks on FortiOS Vulnerabilities

A joint advisory warns admins of the likelihood of APT groups exploiting three vulnerabilities in the Fortinet FortiOS.
02 April 2021

From PowerShell to Payload: An Analysis of Weaponized Malware

From PowerShell to Payload: An Analysis of Weaponized Malware John Hammond, security researcher with Huntress, takes a deep-dive into a malware's technical and coding aspects.
02 April 2021

US Tech Dominance Rides on Securing Intellectual Property

A recent, mostly overlooked pardon points to a big problem in the US tech industry: Intellectual property offers a lucrative golden ticket for insiders.
02 April 2021

Robinhood Warns Customers of Tax-Season Phishing Scams

Robinhood Warns Customers of Tax-Season Phishing Scams Attackers are impersonating the stock-trading broker using fake websites to steal credentials as well as sending emails with malicious tax files.
02 April 2021

Week in security with Tony Anscombe

PHP source code briefly backdoored – Prevent data loss before it's too late – The perils of owning a smart dishwasher

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

02 April 2021

Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It

Attackers commonly focus on finding users with too much privileged access as their ticket to network compromise. What can companies do?
01 April 2021

80% of Global Enterprises Report Firmware Cyberattacks

80% of Global Enterprises Report Firmware Cyberattacks A vast majority of companies in a global survey from Microsoft report being a victim of a firmware-focused cyberattack, but defense spending lags, but defense spending lags.
01 April 2021

New KrebsOnSecurity Mobile-Friendly Site

Dear Readers, this has been long overdue, but at last I give you a more responsive, mobile-friendly version of KrebsOnSecurity. We tried to keep the visual changes to a minimum and focus on a simple theme that presents information in a straightforward, easy-to-read format. Please bear with us over the next few days as we hunt down the gremlins in the gears.
01 April 2021

7 Security Strategies as Employees Return to the Office

7 Security Strategies as Employees Return to the Office More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal.
01 April 2021