Cybersecurity News
Week in security with Tony Anscombe
ESET research dissects IIS web server threats – How IIStealer steals credit card data – The flood of spam in your inbox
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Black Hat 2021: Lessons from a lawyer
Why companies and their security teams need to engage with a lawyer before an incident occurs
The post Black Hat 2021: Lessons from a lawyer appeared first on WeLiveSecurity
Critical Cisco Bug in VPN Routers Allows Remote Takeover
Security researchers warned that at least 8,800 vulnerable systems are open to compromise.
Black Hat 2021: Wanted posters for ransomware slingers
Is the net closing in on cyber-extortionists and can bounties on their collective heads ultimately help stem the ransomware scourge?
The post Black Hat 2021: Wanted posters for ransomware slingers appeared first on WeLiveSecurity
Researchers Call for 'CVE' Approach for Cloud Vulnerabilities
New research suggests isolation among cloud customer accounts may not be a given -- and the researchers behind the findings issue a call to action for cloud security.Zoom Settlement: An $85M Business Case for Security Investment
Zoom’s security lesson over end-to-end encryption shows the costs of playing cybersecurity catchup.
Angry Affiliate Leaks Conti Ransomware Gang Playbook
The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks.
IIStealer: A server‑side threat to e‑commerce transactions
The first in our series on IIS threats looks at a malicious IIS extension that intercepts server transactions to steal credit card information
The post IIStealer: A server‑side threat to e‑commerce transactions appeared first on WeLiveSecurity
Anatomy of native IIS malware
ESET researchers publish a white paper putting IIS web server threats under the microscope
The post Anatomy of native IIS malware appeared first on WeLiveSecurity
Black Hat: BadAlloc bugs expose millions of IoT devices to hijack
BadAlloc vulnerabilities impact millions of devices worldwide.HTTP/2 Implementation Errors Exposing Websites to Serious Risks
Organizations that don't implement end-to-end HTTP/2 are vulnerable to attacks that redirect users to malicious sites and other threats, security researcher reveals at Black Hat USA.CISA Launches JCDC, the Joint Cyber Defense Collaborative
"We can't do this alone," the new CISA director told attendees in a keynote at Black Hat USA today.Black Hat: New CISA Head Woos Crowd With Public-Private Task Force
Day two Black Hat keynote by CISA Director Jen Easterly includes launch of private-public partnership with Amazon, Google and Microsoft to fight cybercrime.
Incident Responders Explore Microsoft 365 Attacks in the Wild
Mandiant experts discuss the novel techniques used to evade detection, automate data theft, and achieve persistent access.Black Hat: How cybersecurity incidents can become a legal minefield
Facing a cyberattack? Pick up the phone and talk to legal help as well as incident response.Auditors: Feds’ Cybersecurity Gets the Dunce Cap
Out of eight agencies, four were given D grades in a report for the Senate, while the Feds overall got a C-.
Black Hat: Enterprise players face 'one-two-punch' extortion in ransomware attacks
Intrusions have become even more costly to the enterprise due to double-extortion tactics.Researchers Find Significant Vulnerabilities in macOS Privacy Protections
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.A New Approach to Securing Authentication Systems' Core Secrets
Researchers at Black Hat USA explain issues around defending "Golden Secrets" and present an approach to solving the problem.MacOS Flaw in Telegram Retrieves Deleted Messages
Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead.