Cybersecurity News


Week in security with Tony Anscombe

Security challenges for connected medical devices – Zero-day in Chrome gets patched – How to avoid USB drive security woes

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

23 October 2020

Nvidia Warns Gamers of Severe GeForce Experience Flaws

Nvidia Warns Gamers of Severe GeForce Experience Flaws Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more.
23 October 2020

A Pause to Address 'Ethical Debt' of Facial Recognition

Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
23 October 2020

Ransomware Takes Down Network of French IT Giant

Ransomware Takes Down Network of French IT Giant Sopra Steria hit with cyber attack that reportedly encrypted parts of their network on Oct. 20 but has remained mostly mum on details.
23 October 2020

Nvidia tackles code execution flaws, data leaks in GeForce Experience

The worst of the bugs is an uncontrolled search path issue with severe, exploitable consequences.
23 October 2020

Securing medical devices: Can a hacker break your heart?

Why are connected medical devices vulnerable to attack and how likely are they to get hacked? Here are five digital chinks in the armor.

The post Securing medical devices: Can a hacker break your heart? appeared first on WeLiveSecurity

23 October 2020

Botnet Infects Hundreds of Thousands of Websites

KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
22 October 2020

The Now-Defunct Firms Behind 8chan, QAnon

Some of the world's largest Internet firms have taken steps to crack down on disinformation spread by QAnon conspiracy theorists and the hate-filled anonymous message board 8chan. But according to a California-based security researcher, those seeking to de-platform these communities may have overlooked a simple legal solution to that end: Both the Nevada-based web hosting company owned by 8chan's current figurehead and the California firm that provides its sole connection to the Internet are defunct businesses in the eyes of their respective state regulators. In practical terms, what this means is that the legal contracts which granted these companies temporary control over large swaths of Internet address space are now null and void, and American Internet regulators would be well within their rights to cancel those contracts and reclaim the space.
22 October 2020

7 Mobile Browsers Vulnerable to Address-Bar Spoofing

Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says
22 October 2020

Credential-Stuffing Attacks Plague Loyalty Programs

But that's not the only type of web attack cybercriminals have been profiting from.
22 October 2020

FBI, CISA: Russian hackers breached US government networks, exfiltrated data

Intrusions blamed on a Russian hacker group known as Energetic Bear.
22 October 2020

NSA whistleblower Edward Snowden granted permanent residency in Russia

Edward Snowden has been living in Russia since June 2013.
22 October 2020

WordPress Plug-in Updated in Rare Forced Action

The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
22 October 2020

8 New and Hot Cybersecurity Certifications for 2020

8 New and Hot Cybersecurity Certifications for 2020 While the usual security certs remain popular, interest in privacy skills and cloud experience are pushing new credentials into the market.
22 October 2020

Researcher: I Hacked Trump’s Twitter by Guessing Password

Researcher: I Hacked Trump’s Twitter by Guessing Password Trump’s weak Twitter password and lack of basic two-factor authentication protections made it shockingly simple to hack his account, Dutch security researcher Victor Gevers reported.  
22 October 2020

To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life

The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
22 October 2020

Facebook, News and XSS Underpin Complex Browser Locker Attack

Facebook, News and XSS Underpin Complex Browser Locker Attack An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam.
22 October 2020

Microsoft Teams Phishing Attack Targets Office 365 Users

Microsoft Teams Phishing Attack Targets Office 365 Users Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.
22 October 2020

EU sanctions Russia over 2015 German Parliament hack

Germany had been asking and pushing EU officials for an official statement and sanctions against Russia since earlier this year.
22 October 2020

Chrome 86 Aims to Bar Abusive Notification Content

Chrome 86 Aims to Bar Abusive Notification Content Google said Chrome 86 will automatically block malicious notifications that may be used for phishing or malware.
22 October 2020