Cybersecurity News


What a Federal Data Privacy Law Would Mean for Consumers

With an array of serious proposals from both sides of the political divide, it looks as though the US may finally have a national privacy law.
24 March 2021

How to Protect Our Critical Infrastructure From Attack

Just how worried should we be about a cyber or physical attack on national infrastructure? Chris Price reports on how the pandemic, the growth of remote working, and IoT are putting assets at risk.
24 March 2021

Purple Fox Malware Targets Windows Machines With New Worm Capabilities

Purple Fox Malware Targets Windows Machines With New Worm Capabilities A new infection vector from the established malware puts internet-facing Windows systems at risk from SMB password brute-forcing.
24 March 2021

Prioritizing Application & API Security After the COVID Cloud Rush

As companies hit the gas to accommodate the rapid shift to work-from-home, security fell behind. Now, it's time to close those gaps.
24 March 2021

Hundreds of fleeceware apps earn dubious iOS, Android developers over $400 million

Free trials can cost mobile app users thousands of dollars in the long run.
24 March 2021

SaltStack revises partial patch for command injection, privilege escalation vulnerability

The second fix was reportedly necessary after SaltStack did not participate in coordinated disclosure.
24 March 2021

Purple Fox malware evolves to propagate across Windows machines

The malware’s new worm capabilities have resulted in a rapidly-increasing infection rate.
24 March 2021

Microsoft: 92% of vulnerable exchange servers are now patched, mitigated

The latest telemetry suggests IT admins are taking the threat seriously.
24 March 2021

Anti-Spoofing for Email Gains Adoption, but Enforcement Lags

More organizations adopt sender authentication, but strict quarantining or rejection of unauthenticated messages remains uncommon.
23 March 2021

Inside the Web Shell Used in the Microsoft Exchange Server Attacks

The history and details of China Chopper - a Web shell commonly seen in the widespread Microsoft Exchange Server attacks.
23 March 2021

Disgruntled IT Contractor Sentenced in Retaliatory Office 365 Attack

Former contractor deleted 1,200 user accounts in revenge.
23 March 2021

Organizations Making Little Headway in Addressing Human Risk

Most enterprise security awareness efforts remain half-hearted, a new SANS survey shows.
23 March 2021

Security Analysis Clears TikTok of Censorship, Privacy Accusations  

Security Analysis Clears TikTok of Censorship, Privacy Accusations   TikTok’s source code is in line with industry standards, security researchers say.
23 March 2021

Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail

Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail A former IT contractor is facing jailtime after a retaliatory hack into a company’s network and wiping the majority of its employees’ Microsoft Office 365 accounts.
23 March 2021

MangaDex Site Offline Following Hacking Incident

MangaDex Site Offline Following Hacking Incident A cyberattacker taunted the site about open security vulnerabilities, prompting a code review.
23 March 2021

Almost $2 billion lost to BEC scams in 2020

Nearly half of reported cybercrime losses in 2020 were the result of BEC fraud, according to an FBI report

The post Almost $2 billion lost to BEC scams in 2020 appeared first on WeLiveSecurity

23 March 2021

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration

Hobby Lobby Exposes Customer Data in Cloud Misconfiguration The arts-and-crafts retailer left 138GB of sensitive information open to the public internet.
23 March 2021

Do Cybercriminals Fear Arrest?

Researchers explore how cybercriminals weigh the possibility of arrest and whether it deters criminal activity.
23 March 2021

Phish Leads to Breach at Calif. State Controller

A phishing attack last week gave attackers access to email and files at the California State Controller's Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts.
23 March 2021

Disrupting the Cybercriminal Supply Chain

It is time to turn the tables on cybercriminals and use their own tactics against them.
23 March 2021