Cybersecurity News


Prometei Botnet Could Fire Up APT-Style Attacks

Prometei Botnet Could Fire Up APT-Style Attacks The malware is for now using exploits for the Microsoft Exchange "ProxyLogon" security bugs to install Monero-mining malware on targets.
23 April 2021

5 Fundamental But Effective IoT Device Security Controls

5 Fundamental But Effective IoT Device Security Controls Matt Dunn, the associate managing director for cyber-risk at Kroll, discusses how to keep networks safe from insecure IoT devices.
23 April 2021

KnowBe4 Issues IPO to Drive Global Expansion, New Automation Features

Security awareness firm aims expand into Europe and Asia, and add automation and machine learning to its technology.
23 April 2021

Week in security with Tony Anscombe

WhatsApp Pink is not an update – Security holes in Apple's AirDrop – New zero-day plugged in Chrome

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

23 April 2021

Instagram rolls out new features to help prevent cyberbullying

The social media platform is stepping up efforts to help stomp out harassment and other abusive behavior

The post Instagram rolls out new features to help prevent cyberbullying appeared first on WeLiveSecurity

23 April 2021

SOC 2 Attestation Tips for SaaS Companies

Attestation helps SaaS vendors demonstrate that digital security is a primary focus.
23 April 2021

Tell Us the Truth: Why Do You LOVE Passwords?

Tell Us the Truth: Why Do You LOVE Passwords? There must be something you appreciate about the humble password, right? Tell us what you think.
23 April 2021

REvil’s Big Apple Ransomware Gambit Looks to Pay Off

REvil’s Big Apple Ransomware Gambit Looks to Pay Off The notorious cybercrime gang could make out whether or not Apple pays the $50 million ransom by May 1 as demanded.
23 April 2021

ToxicEye: Trojan abuses Telegram platform to steal your data

The RAT is using bots to propagate across Telegram channels.
23 April 2021

Major News Events

When a major news event happens, cyber criminals will take advantage of the incident and send phishing emails with a subject line related to the event. These phishing emails often include a link to malicious websites, an infected attachment or are a scam designed to trick you out of your money.
23 April 2021

Supernova Malware Actors Masqueraded as Remote Workers to Access Breached Network

China-based Spiral group is believed to be behind year-long ttack, which exploited a flaw in SolarWinds Orion technology to drop a Web shell.
22 April 2021

The Edge Pro Tip: Brush Up on Web Shells

The Edge Pro Tip: Brush Up on Web Shells While neither new nor novel, Web shells are making an impact with a surge of Exchange attacks.
22 April 2021

Edge Poll: Passwordless Plans

How long do you think it will be before your organization gets rid of passwords?
22 April 2021

New CISA Advisories Warn of ICS Vulnerabilities

The vulnerabilities exist in Cscape control system application programming software and the Mitsubishi Electric GOT.
22 April 2021

Prometei Botnet Adds New Twist to Exchange Server Attacks

Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
22 April 2021

Mount Locker Ransomware Aggressively Changes Up Tactics

Mount Locker Ransomware Aggressively Changes Up Tactics The ransomware is upping its danger quotient with new features while signaling a rebranding to "AstroLocker."
22 April 2021

Spotlight on the Cybercriminal Supply Chains

Spotlight on the Cybercriminal Supply Chains In this Threatpost podcast Fortinet’s top researcher outlines what a cybercriminal supply chain is and how much the illicit market is worth.
22 April 2021

Improving the Vulnerability Reporting Process With 5 Steps

Follow these tips for an effective and positive experience for both the maintainer and external vulnerability reporter.
22 April 2021

Signal founder: I hacked police phone-cracking tool Cellebrite

Signal founder: I hacked police phone-cracking tool Cellebrite

Moxie Marlinspike accuses surveillance firm of being ‘linked to persecution’ around the world

The CEO of the messaging app Signal claims to have hacked the phone-cracking tools used by police in Britain and around the world to extract information from seized devices.

In an online post, Moxie Marlinspike, the security researcher who founded Signal in 2013, detailed a series of vulnerabilities in the surveillance devices, made by the Israeli company Cellebrite.

Continue reading...
22 April 2021

AirDrop flaws could leak phone numbers, email addresses

You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says

The post AirDrop flaws could leak phone numbers, email addresses appeared first on WeLiveSecurity

22 April 2021