Cybersecurity News


Win10 Admin Rights Tossed Off by Yet Another Plug-In

Win10 Admin Rights Tossed Off by Yet Another Plug-In Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights.
25 August 2021

US Media, Retailers Targeted by New SparklingGoblin APT

US Media, Retailers Targeted by New SparklingGoblin APT The new APT uses an undocumented backdoor to infiltrate the education, retail and government sectors.
25 August 2021

IBM launches new SASE service to bolster zero-trust enterprise security

The service is the result of a partnership with Zscaler.
25 August 2021

California Man Hacked iCloud Accounts to Steal Nude Photos

California Man Hacked iCloud Accounts to Steal Nude Photos Hao Kou Chi pleaded guilty to four felonies in a hacker-for-hire scam that used socially engineered emails to trick people out of their credentials.
25 August 2021

Proofpoint awarded $13.5 million in IP theft lawsuit against Vade Secure

The company claimed that Vade "willfully" misappropriated trade secrets.
25 August 2021

Shopping Online

When shopping online, always use your credit cards instead of a debit card. If any fraud happens, it is far easier to recover your money from a credit card transaction. Gift cards and one-time-use credit card numbers are even more secure.
25 August 2021

Microsoft Power Apps misconfiguration exposes millions of records

The caches of data that were publicly accessible included names, email addresses and social security numbers

The post Microsoft Power Apps misconfiguration exposes millions of records appeared first on WeLiveSecurity

24 August 2021

Poly Network Recoups $610M Stolen from DeFi Platform

Poly Network Recoups $610M Stolen from DeFi Platform The attacker returned the loot after being offered a gig as chief security advisor with Poly Network.
24 August 2021

The SideWalk may be as dangerous as the CROSSWALK

Meet SparklingGoblin, a member of the Winnti family

The post The SideWalk may be as dangerous as the CROSSWALK appeared first on WeLiveSecurity

24 August 2021

Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day

Pegasus Spyware Uses iPhone Zero-Click iMessage Zero-Day Cybersecurity watchdog CitizenLab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 & 14.6, blowing past Apple's new BlastDoor sandboxing feature to install spyware on the iPhones of Bahraini activists – even one living in London at the time.
24 August 2021

Custom WhatsApp Build Delivers Triada Malware

Custom WhatsApp Build Delivers Triada Malware Researchers have spotted the latest version of the Triada trojan targeting mobile devices via an advertising SDK.
24 August 2021

Back-to-Basics: Properly Configured Firewalls

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on properly configuring firewalls.

24 August 2021

Effective Threat-Hunting Queries in a Redacted World

Effective Threat-Hunting Queries in a Redacted World Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers' infrastructure.
24 August 2021

Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs

Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.
23 August 2021

ProxyShell Attacks Pummel Unpatched Exchange Servers

ProxyShell Attacks Pummel Unpatched Exchange Servers CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.
23 August 2021

Windows 10 Admin Rights Gobbled by Razer Devices

Windows 10 Admin Rights Gobbled by Razer Devices So much for Windows 10's security: a zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device.
23 August 2021

Paving the way: Inspiring Women in Payments - A Q&A featuring Sadie Sangster

 

Working mothers have a huge amount of determination and possess many of the same skillsets that are essential in the business world. As a working mother herself, Sadie Sangster understands the business world from this perspective and credits motherhood as the driving force in her career success. In this edition of our blog, Sadie explains why it’s important to see more women progress into senior roles after having children.

23 August 2021

Managing Privileged Access to Secure the Post-COVID Perimeter

Managing Privileged Access to Secure the Post-COVID Perimeter Joseph Carson, chief security scientist & advisory CISO at ThycoticCentrify, discusses how to implement advanced privileged-access practices.
23 August 2021

Attackers Actively Exploiting Realtek SDK Flaws

Attackers Actively Exploiting Realtek SDK Flaws Multiple vulnerabilities in software used by 65 vendors under active attack.
23 August 2021

Web Censorship Systems Can Facilitate Massive DDoS Attacks

Web Censorship Systems Can Facilitate Massive DDoS Attacks Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks.
20 August 2021