Cybersecurity News


Gafgyt Botnet Lifts DDoS Tricks from Mirai

Gafgyt Botnet Lifts DDoS Tricks from Mirai The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.
15 April 2021

How to Create an Incident Response Plan From the Ground, Up

How to Create an Incident Response Plan From the Ground, Up Security 101: In the wake of an incident, it's important to cover all your bases -- and treat your IR plan as a constantly evolving work in progress.
15 April 2021

One in six people use pet’s name as password

Other common and easily hackable password choices include the names of relatives and sports teams, a UK study reveals

The post One in six people use pet’s name as password appeared first on WeLiveSecurity

15 April 2021

Nation-State Attacks Force a New Paradigm: Patching as Incident Response

IT no longer has the luxury of thoroughly testing critical vulnerability patches before rolling them out.
15 April 2021

Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4

There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.
15 April 2021

Attackers Target ProxyLogon Exploit to Install Cryptojacker

Attackers Target ProxyLogon Exploit to Install Cryptojacker Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.
15 April 2021

Secure Your Home Wi-Fi Network

Be aware of all the devices connected to your home network, including baby monitors, gaming consoles, TVs, appliances or even your car. Ensure all those devices are protected by a strong password and/or are running the latest version of their operating system.
15 April 2021

Thycotic & Centrify Merge to Form Cloud Identity Security Firm

The combined entity will expand on both companies' privileged access management tools and expects to debut a new brand this year.
14 April 2021

Security Bug Allows Attackers to Brick Kubernetes Clusters

Security Bug Allows Attackers to Brick Kubernetes Clusters The vulnerability is triggered when a cloud container pulls a malicious image from a registry.
14 April 2021

CISA Urges Caution for Security Researchers Targeted in Attack Campaign

The agency urges researchers to take precautions amid an ongoing targeted threat campaign.
14 April 2021

Ransomware Attack Creates Cheese Shortages in Netherlands

Ransomware Attack Creates Cheese Shortages in Netherlands Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.
14 April 2021

FBI Operation Remotely Removes Web Shells From Exchange Servers

A court order authorized the FBI to remove malicious Web shells from hundreds of vulnerable machines running on-premise Exchange Server.
14 April 2021

FBI Clears ProxyLogon Web Shells from Hundreds of Orgs

FBI Clears ProxyLogon Web Shells from Hundreds of Orgs In a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand.
14 April 2021

A Post-Data Privacy World and Data-Rights Management

A Post-Data Privacy World and Data-Rights Management Joseph Carson, chief security scientist at Thycotic, discusses the death of data privacy and what comes next.
14 April 2021

FBI removes web shells from compromised Exchange servers

Authorities step in to thwart attacks leveraging the recently-disclosed Microsoft Exchange Server vulnerabilities

The post FBI removes web shells from compromised Exchange servers appeared first on WeLiveSecurity

14 April 2021

The CISO Life Is Half as Good

The CISO Life Is Half as Good Lora Vaughn was at a crossroads -- and that was before mandated pandemic lockdowns came into play. Here's her story of how life got sweeter after she stepped away from the CISO job.
14 April 2021

100,000 Google Sites Used to Install SolarMarket RAT

100,000 Google Sites Used to Install SolarMarket RAT Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.
14 April 2021

Bolstering Our Nation's Defenses Against Cybersecurity Attacks

Shawn Henry, former Executive Assistant Director of the FBI and current CrowdStrike president of services and CSO, shares the top three cybersecurity priorities that the Biden administration needs to address.
14 April 2021

Dependency Problems Increase for Open Source Components

The number of components in the average application rose 77% over two years. No wonder, then, that 84% of codebases have at least one vulnerability.
14 April 2021

Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes

Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes Microsoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack.
14 April 2021