Cybersecurity News


This cryptocurrency miner is exploiting the new Confluence remote code execution bug

It didn't take long for CVE-2021-26084 to be added to exploit kits.
22 September 2021

Microsoft Autodiscover abused to collect web requests, credentials

Researchers were able to exploit a protocol design feature on a vast scale.
22 September 2021

Plugging the holes: How to prevent corporate data leaks in the cloud

Misconfigurations of cloud resources can lead to various security incidents and ultimately cost your organization dearly. Here’s what you can do to prevent cloud configuration conundrums.

The post Plugging the holes: How to prevent corporate data leaks in the cloud appeared first on WeLiveSecurity

22 September 2021

Epik Confirms Hack, Gigabytes of Data on Offer

Epik Confirms Hack, Gigabytes of Data on Offer "Time to find out who in your family secretly ran ... [a] QAnon hellhole," said attackers who affiliated themselves with the hacktivist collective Anonymous, noting that Epik had laughable security.
21 September 2021

Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It?

Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It? Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.
21 September 2021

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest

Turla APT Plants Novel Backdoor In Wake of Afghan Unrest “TinyTurla,” simply coded malware that hides away as a legitimate Windows service, has flown under the radar for two years.
21 September 2021

European police dismantle cybercrime ring with ties to Italian Mafia

The group used phishing, BEC and other types of attacks to swindle victims out of millions

The post European police dismantle cybercrime ring with ties to Italian Mafia appeared first on WeLiveSecurity

21 September 2021

BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom

BlackMatter Strikes Iowa Farmers Cooperative, Demands $5.9M Ransom Critical infrastructure appears to be targeted in latest ransomware attack, diminishing the hopes of governments to curb such attacks.
21 September 2021

46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe?

46% of On-Prem Databases Globally Contain Vulnerabilities: Is Yours Safe? Are organizations neglecting the security of their data? An unprecedented five-year study reveals that internal databases are riddled with vulnerabilities – some even years old.
21 September 2021

HackerOne expands Internet Bug Bounty project to tackle open source bugs

Open source code is used by most companies. It's time to improve its security.
21 September 2021

Turla hacking group launches new backdoor in attacks against US, Afghanistan

The Russian cyberattackers are using the new module to become more stealthy.
21 September 2021

Siemens launches AI solution to fight industrial cybercrime

Eos.ii will monitor for threats against industrial IoT endpoints and platforms.
21 September 2021

Does Your Organization Have a Security.txt File?

It happens all the time: Organizations get hacked because there isn't an obvious way for security researchers to let them know about security vulnerabilities or data leaks. Or maybe it isn't entirely clear who should get the report when remote access to an organization's internal network is being sold in the cybercrime underground. In a bid to minimize these scenarios, a growing number of major companies are adopting "Security.txt," a proposed new Internet standard that helps organizations describe their vulnerability disclosure practices and preferences.
20 September 2021

Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate

Amazon Driver-Surveillance Cameras Roll Out, Sparking Debate Drivers bristle under constant surveillance by artificial-intelligence (AI) tech, but Amazon says it works and boosts safety.
20 September 2021

Europol Breaks Open Extensive Mafia Cybercrime Ring

Europol Breaks Open Extensive Mafia Cybercrime Ring Organized crime ring thrived on violence, intimidation and $12 million in online fraud profits.
20 September 2021

Payment API Bungling Exposes Millions of Users’ Payment Data

Payment API Bungling Exposes Millions of Users’ Payment Data Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.
20 September 2021

Bring Your APIs Out of the Shadows to Protect Your Business

Bring Your APIs Out of the Shadows to Protect Your Business APIs are immensely more complex to secure. Shadow APIs—those unknown or forgotten API endpoints that escape the attention and protection of IT¬—present a real risk to your business. Learn how to identify shadow APIs and take control of them before attackers do.
20 September 2021

Facebook rebukes WSJ over investigation on the platform's ability to harm, 'toxic' impact

Facebook says the series contains "deliberate mischaracterizations."
20 September 2021

Week in security with Tony Anscombe

Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

17 September 2021

Porn Problem: Adult Ads Persist on US Gov’t, Military Sites

Porn Problem: Adult Ads Persist on US Gov’t, Military Sites Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.
17 September 2021