Cybersecurity News


Security Gaps in IoT Access Control Threaten Devices and Users

Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
16 April 2021

iOS Kids Game Morphs into Underground Crypto Casino

iOS Kids Game Morphs into Underground Crypto Casino A malicious ‘Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality.
16 April 2021

NSA: 5 Security Bugs Under Active Nation-State Cyberattack

NSA: 5 Security Bugs Under Active Nation-State Cyberattack Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more.
16 April 2021

Mandiant Front Lines: How to Tackle Exchange Exploits

Mandiant Front Lines: How to Tackle Exchange Exploits Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections.
16 April 2021

How the Biden Administration Can Make Digital Identity a Reality

A digital identity framework is the answer to the US government's cybersecurity dilemma.
16 April 2021

Week in security with Tony Anscombe

FBI cleans up compromised Exchange servers – Data of Clubhouse users scraped and posted online – WhatsApp bug alert

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

16 April 2021

Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period

Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes.
16 April 2021

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy.
16 April 2021

Spring cleaning? Don’t forget about your digital footprint

Here are some quick and easy tips to help you clean up your cyber-clutter and keep your digital footprint tidy

The post Spring cleaning? Don’t forget about your digital footprint appeared first on WeLiveSecurity

16 April 2021

Digital Inheritance

What happens to our digital presence when we die or become incapacitated? Many of us have or know we should have a will and checklists of what loved ones need to know in the event of our passing. But what about all of our digital data and online accounts? Consider creating some type of digital will, often called a "Digital Inheritance" plan.
16 April 2021

Software Developer Arrested in Computer Sabotage Case

Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer.
15 April 2021

Google Brings 37 Security Fixes to Chrome 90

The latest version of Google Chrome also introduces HTTPS as the browser's default protocol.
15 April 2021

US Formally Attributes SolarWinds Attack to Russian Intelligence Agency

Treasury Department slaps sanctions on IT security firms that it says supported Russia's Foreign Intelligence Service carry out the attacks.
15 April 2021

Pandemic Pushes Bot Operators to Redirect Efforts

As demand for travel, lodging, and concerts plummeted in 2020, bot traffic moved to more popular activities, such as e-commerce, healthcare, and government sites.
15 April 2021

Biden Races to Shore Up Power Grid Against Hacks

Biden Races to Shore Up Power Grid Against Hacks A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said.
15 April 2021

6 Tips for Managing Operational Risk in a Downturn

Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
15 April 2021

Gafgyt Botnet Lifts DDoS Tricks from Mirai

Gafgyt Botnet Lifts DDoS Tricks from Mirai The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.
15 April 2021

How to Create an Incident Response Plan From the Ground, Up

How to Create an Incident Response Plan From the Ground, Up Security 101: In the wake of an incident, it's important to cover all your bases -- and treat your IR plan as a constantly evolving work in progress.
15 April 2021

One in six people use pet’s name as password

Other common and easily hackable password choices include the names of relatives and sports teams, a UK study reveals

The post One in six people use pet’s name as password appeared first on WeLiveSecurity

15 April 2021

Nation-State Attacks Force a New Paradigm: Patching as Incident Response

IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.
15 April 2021