Cybersecurity News


GitHub rolls out dependency review, vulnerability alerts for pull requests

The aim is to prevent vulnerable code from being added to dependencies by accident.
08 December 2020

A Q&A with Gill Woodcock, VP, Global Head of Programs

 

After more than 10 years at PCI Security Standards Council (PCI SSC), Gill Woodcock, VP, Global Head of Programs, retires this month. In this blog, we interviewed Gill about her career in IT security and the payments industry, the most rewarding aspects of her job, and why she believes lifelong learning and taking the occasional risk are the key ingredients to success.

08 December 2020

Critical, Unpatched Bug Opens GE Radiological Devices to Remote Code Execution

Critical, Unpatched Bug Opens GE Radiological Devices to Remote Code Execution A CISA alert is flagging a critical default credentials issue that affects 100+ types of devices found in hospitals, from MRI machines to surgical imaging.
08 December 2020

Accounts with default creds found in 100+ GE medical device models

GE Healthcare is embarking on a massive effort to help healthcare providers reconfigure vulnerable devices.
08 December 2020

Adobe Warns Windows, macOS Users of Critical-Severity Flaws

Adobe Warns Windows, macOS Users of Critical-Severity Flaws Adobe fixed three critical-severity flaws in Adobe Prelude, Adobe Experience Manager and Adobe Lightroom.
08 December 2020

Attackers Know Microsoft 365 Better Than You Do

Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.
08 December 2020

Norway says Russian hacking group APT28 is behind August 2020 Parliament hack

Russian hackers breached the Norway's Parliament email accounts in August this year.
08 December 2020

Spearphishing Attack Spoofs Microsoft.com to Target 200M Office 365 Users

Spearphishing Attack Spoofs Microsoft.com to Target 200M Office 365 Users It remains unknown as to why Microsoft is allowing a spoof of their very own domain against their own email infrastructure.
08 December 2020

Amnesia:33 vulnerabilities impact millions of smart and industrial devices

Security researchers have identified 33 security flaws in four open-source TCP/IP stacks used across a wide range of smart products.
08 December 2020

‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices

‘Amnesia:33’ TCP/IP Flaws Affect Millions of IoT Devices A new set of vulnerabilities has been discovered affecting millions of routers and IoT and OT devices from more than 150 vendors, new research warns.
08 December 2020

Police officer abused vehicle database to track down women drivers

A court dismissed the idea that he did so to contact women for an Instagram comic project, or that this is in any way justifiable.
08 December 2020

Phishing Campaign Targets 200M Microsoft 365 Accounts

A well-organized email spoofing campaign has been seen targeting financial services, insurance, healthcare, manufacturing, utilities, and telecom.
07 December 2020

NSA Warns: Patched VMware Bug Under Active Exploit

NSA Warns: Patched VMware Bug Under Active Exploit Feds are warning that foreign adversaries are exploiting a weeks-old bug in VMware’s Workspace One Access and VMware Identity Manager products.
07 December 2020

Trump Signs IoT Security Bill into Law

The Internet of Things Cybersecurity Improvement Act of 2020 is now official.
07 December 2020

BTC-e founder sentenced to five years in prison for laundering ransomware funds

French prosecutors weren't able to prove that Vinnik was also involved in the distribution of the Locky ransomware.
07 December 2020

Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping

Rana Android Malware Updates Allow WhatsApp, Telegram IM Snooping The developers behind the Android malware have a new variant that spies on instant messages in WhatsApp, Telegram, Skype and more.
07 December 2020

The Magic Behind the Magic

And oldie but goodie and still pretty truey.
07 December 2020

NSA Warns of Exploits Targeting Recently Disclosed VMware Vulnerability

Agency urges organizations to deploy patch as soon as possible since exploit activity is hard to detect.
07 December 2020

Europol Warns COVID-19 Vaccine Rollout Vulnerable to Fraud, Theft

Europol Warns COVID-19 Vaccine Rollout Vulnerable to Fraud, Theft With the promise of a widely available COVID-19 vaccine on the horizon, Europol, the European Union’s law-enforcement agency, has issued a warning about the rise of vaccine-related Dark Web activity. The agency joins a chorus of security professionals that have concerns about widespread attacks on the COVID-19 vaccine rollout. The warning comes after Europol discovered […]
07 December 2020

‘Free’ Cyberpunk 2077 Downloads Lead to Data Harvesting

‘Free’ Cyberpunk 2077 Downloads Lead to Data Harvesting The hotly anticipated game -- featuring a digital Keanu Reeves as a major character -- is being used as a lure for cyberattacks.
07 December 2020