Cybersecurity News
Prometei Botnet Could Fire Up APT-Style Attacks
The malware is for now using exploits for the Microsoft Exchange "ProxyLogon" security bugs to install Monero-mining malware on targets.
5 Fundamental But Effective IoT Device Security Controls
Matt Dunn, the associate managing director for cyber-risk at Kroll, discusses how to keep networks safe from insecure IoT devices.
KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features
Security awareness firm aims expand into Europe and Asia, and add automation and machine learning to its technology.Week in security with Tony Anscombe
WhatsApp Pink is not an update – Security holes in Apple's AirDrop – New zero-day plugged in Chrome
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Instagram rolls out new features to help prevent cyberbullying
The social media platform is stepping up efforts to help stomp out harassment and other abusive behavior
The post Instagram rolls out new features to help prevent cyberbullying appeared first on WeLiveSecurity
SOC 2 Attestation Tips for SaaS Companies
Attestation helps SaaS vendors demonstrate that digital security is a primary focus.Tell Us the Truth: Why Do You LOVE Passwords?
There must be something you appreciate about the humble password, right? Tell us what you think.
REvil’s Big Apple Ransomware Gambit Looks to Pay Off
The notorious cybercrime gang could make out whether or not Apple pays the $50 million ransom by May 1 as demanded.
ToxicEye: Trojan abuses Telegram platform to steal your data
The RAT is using bots to propagate across Telegram channels.Major News Events
When a major news event happens, cyber criminals will take advantage of the incident and send phishing emails with a subject line related to the event. These phishing emails often include a link to malicious websites, an infected attachment or are a scam designed to trick you out of your money.Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network
China-based Spiral group is believed to be behind year-long ttack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell.The Edge Pro Tip: Brush Up on Web Shells
While neither new nor novel, Web shells are making an impact with a surge of Exchange attacks.
Edge Poll: Passwordless Plans
How long do you think it will be before your organization gets rid of passwords?New CISA Advisories Warn of ICS Vulnerabilities
The vulnerabilities exist in Cscape control system application programming software and the Mitsubishi Electric GOT.Prometei Botnet Adds New Twist to Exchange Server Attacks
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.Mount Locker Ransomware Aggressively Changes Up Tactics
The ransomware is upping its danger quotient with new features while signaling a rebranding to "AstroLocker."
Spotlight on the Cybercriminal Supply Chains
In this Threatpost podcast Fortinet’s top researcher outlines what a cybercriminal supply chain is and how much the illicit market is worth.
Improving the Vulnerability Reporting Process With 5 Steps
Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.Signal founder: I hacked police phone-cracking tool Cellebrite
Moxie Marlinspike accuses surveillance firm of being ‘linked to persecution’ around the world
The CEO of the messaging app Signal claims to have hacked the phone-cracking tools used by police in Britain and around the world to extract information from seized devices.
In an online post, Moxie Marlinspike, the security researcher who founded Signal in 2013, detailed a series of vulnerabilities in the surveillance devices, made by the Israeli company Cellebrite.
Continue reading...AirDrop flaws could leak phone numbers, email addresses
You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says
The post AirDrop flaws could leak phone numbers, email addresses appeared first on WeLiveSecurity