Cybersecurity News


SMB Security Catches Up to Large Companies, Data Shows

Small and midsize businesses face issues similar to those of large organizations and have updated security practices to respond with threat hunting, patch management, and dedicated personnel.
04 May 2020

How InfoSec Pros Can Help Healthcare During the Coronavirus Pandemic

How InfoSec Pros Can Help Healthcare During the Coronavirus Pandemic Security pros are banding together to ensure healthcare facilities can focus on saving lives instead of defending against cyber attacks. Here are a few places you can volunteer your services.
04 May 2020

Attackers Exploit SaltStack Flaws to Compromise Open Source OS & Blogging Platform

Intruders gained access to core systems at the Android-based LineageOS project and the Ghost platform.
04 May 2020

Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack

Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack Hackers targeted Ghost on Sunday, in a cryptocurrency mining attack that caused widespread outages.
04 May 2020

Zoom Installers Used to Spread WebMonitor RAT

Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play.
04 May 2020

Government investigates data breach revealing details of 774,000 migrants

Government investigates data breach revealing details of 774,000 migrants

Guardian Australia on Sunday revealed SkillSelect app allowed users to see partial names of applicants for skilled visas

The home affairs and employment departments are investigating a data breach revealing the personal details of 774,000 migrants and people aspiring to migrate to Australia, despite playing down the seriousness of the breach.

On Sunday, Guardian Australia revealed the government’s SkillSelect app allowed users to see unique identifiers of applicants for skilled visas, including partial names, which could then be used through searches with multiple filters to reveal other information about applicants.

Related: Immigrants don't take Australian jobs. They create jobs for others | Jock Collins

Continue reading...
04 May 2020

Academics turn PC power units into speakers to leak secrets from air-gapped systems

POWER-SUPPLaY technique uses "singing capacitor" phenomenon for data exfiltration.
04 May 2020

Microsoft warns of multiple malspam campaigns carrying malicious disk image files

Microsoft: Threat group uses malware-laced ISO and IMG files to infect companies with a remote access trojan.
04 May 2020

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack CVE-2020-2883 was patched in Oracle's April 2020 Critical Patch Update - but proof of concept exploit code was published shortly after.
04 May 2020

Ghost blogging platform servers hacked to mine cryptocurrency

Ghost wasn’t the only victim of break-ins over the weekend that exploited critical holes in infrastructure automation software for which patches were available

The post Ghost blogging platform servers hacked to mine cryptocurrency appeared first on WeLiveSecurity

04 May 2020

The Cybersecurity Hiring Conundrum: Youth vs. Experience

How working together across the spectrum of young to old makes our organizations more secure.
04 May 2020

Beware of Online Skimming Threats During the COVID-19 Crisis


PCI SSC and the U.S. Chamber of Commerce shares guidance and information on protecting against online skimming attacks in the face of the COVID-19 crisis.

04 May 2020

7 Tips for Security Pros Patching in a Pandemic

7 Tips for Security Pros Patching in a Pandemic The shift to remote work has worsened patch management challenges and created new ones. Security pros share insights and best practices.
04 May 2020

Hackers are targeting UK universities to steal coronavirus research, NCSC warns

State-sponsored hackers from Russia, Iran, and China are suspected.
04 May 2020

CursedChrome turns your browser into a hacker's proxy

CursedChrome shows how hackers can take full control over your Chrome browser using just one extension.
03 May 2020

Ghost blogging platform servers hacked and infected with crypto-miner

Ghost platform got hacked via the same vulnerability that allowed hackers to breach LineageOS servers hours before.
03 May 2020

Hackers breach LineageOS servers via unpatched vulnerability

LineageOS source code, OS builds, and signing keys were unaffected, developers said.
03 May 2020

UK NCSC to stop using 'whitelist' and 'blacklist' due to racial stereotyping

UK cyber-security agency to use "allow list" and "deny list" on its website, going forward.
02 May 2020

Hacker leaks 15 million records from Tokopedia, Indonesia's largest online store

The Tokopedia data has been published on a well-known hacking forum.
02 May 2020

Upgraded Cerberus Spyware Spreads Rapidly via MDM

Upgraded Cerberus Spyware Spreads Rapidly via MDM No longer a simple Android banker, Cerberus is now a full-fledged RAT that can take complete control of devices and automatically spread via mobile device management servers.
01 May 2020