Chinese Researchers Show How They Remotely Hacked a Mercedes-Benz
07-08-2020 19:11

TikTok and WeChat: Chinese Apps Dogged by Security Fears
The United States has fired a new salvo in its rivalry with China, against Chinese-owned social media stars TikTok and WeChat. Here are some key facts about the platforms:
07-08-2020 18:38

How to limit file upload size on NGINX to mitigate DoS attacks
If you have an NGINX site that must allow users to upload files, try this configuration to help prevent possible Denial-of-Service attacks.
07-08-2020 17:28

Week in security with Tony Anscombe
ESET highlights new research at Black Hat 2020 – What to if your data was stolen in the Blackbaud breach The post appeared first on
07-08-2020 14:30

Report: Two new encryption standards will soon sweep away security controls
Security professionals must act before TLS 1.3 and DNS-over-HTTPS (DoH) are implemented or they won't be able to analyze network traffic and detect cyberthreats, warns Forrester Research.
07-08-2020 13:48

Report: Two new encryption standards will soon sweep away security controls
Security professionals must act before TLS 1.3 and DNS-over-HTTPS (DoH) are implemented or they won't be able to analyze network traffic and detect cyberthreats, warns Forrester Research.
07-08-2020 13:48

Trump Bans Dealings With Chinese Owners of TikTok, WeChat
President Donald Trump on Thursday ordered a sweeping but unspecified ban on dealings with the Chinese owners of consumer apps TikTok and WeChat, although it remains unclear if he has the legal authority to actually ban the apps from the U.S.
07-08-2020 13:06

Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks
The Kr00k vulnerability disclosed earlier this has only been found to impact devices using Wi-Fi chips from Broadcom and Cypress, but researchers revealed this week that similar flaws have been discovered in chips made by Qualcomm and MediaTek.
07-08-2020 12:33

Stadeo: Deobfuscating Stantinko and more
We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware The post appeared first on
07-08-2020 12:00

Capital One Fined $80 Million in Data Breach
The U.S. Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack that accessed the personal information of 106 million of the bank’s credit card holders.
07-08-2020 11:31

Small and medium‑sized businesses: Big targets for ransomware attacks
Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion? The post appeared first on
07-08-2020 09:30

Researchers Revive 'Foreshadow' Attack by Extending It Beyond L1 Cache
Researchers revealed late on Thursday that the mitigations and patches rolled out in 2018 for the Foreshadow vulnerabilities affecting Intel processors can fail to prevent attacks.
07-08-2020 08:47

Evasive Credit Card Skimmers Using Homograph Domains and Infected Favicon
Cybersecurity researchers today highlighted an evasive phishing technique that attackers are exploiting in the wild to target visitors of several sites with a quirk in domain names, and leverage modified favicons to inject e-skimmers and steal payment ca
07-08-2020 06:01

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users
A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was impo
07-08-2020 05:33

How COVID-19 Has Changed Business Cybersecurity Priorities Forever
For much of this year, IT professionals all over the globe have had their hands full, finding ways to help businesses cope with the fallout of the coronavirus (COVID-19) pandemic. In many cases, it involved a rapid rollout of significant remote work infr
07-08-2020 01:30

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks
It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete m
06-08-2020 22:34

Intel Investigating Data Leak of Technical Documents, Tools
Intel is investigating reports that a claimed hacker has leaked 20GB of data coming from the chip giant, which appear to be related to source code and developer documents and tools.
06-08-2020 21:36

Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping
At Black Hat USA 2020, ESET researchers delved into details about the KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs affect more chip brands than previously thought The post appeared first on
06-08-2020 20:00

Android phones could spy on users via flaws in Qualcomm chip
Vulnerabilities were found in a Qualcomm Snapdragon chip that could let attackers obtain photos, videos, call recordings, and other data on Android phones, says Check Point Research.
06-08-2020 19:47

US Senate Votes to Ban TikTok on Government Phones
The US Senate voted Thursday to bar TikTok from being downloaded onto US government employees' telephones, intensifying US scrutiny of the popular Chinese-owned video app. The bill passed by the Republican controlled Senate now goes to the House of Repr
06-08-2020 18:32

Twitter Moves to Reduce Reach of 'State-affiliated' Media
Twitter on Thursday unveiled new steps to curb the spread of content from "state-affiliated media" used to advance a government's political agenda -- a move affecting key outlets from Russia and China.
06-08-2020 18:18

The Integration Imperative for Security Vendors
Integration is Key to Bringing Security Teams, Processes and Technology Together
06-08-2020 15:59

U.S. Government Launches Cyber Career Path Tool
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week announced the availability of a free tool designed to help users identify and navigate a potential career path in cyber.
06-08-2020 15:37

Silverfort Raises $30 Million to Expand Agentless Authentication Platform
Silverfort, a provider of an agentless, proxyless authentication platform, announced this week that it has raised $30 million in a Series B funding round led by Aspect Ventures. 
06-08-2020 15:34

Blackbaud data breach: What you should know
Here’s what to be aware of if your personal data was compromised in the breach at the cloud software provider The post appeared first on
06-08-2020 14:30

Security analysts want more help from developers to improve DevSecOps
More training on security tools and better performance metrics can accomplish this, according to a new survey.
06-08-2020 14:05

Security analysts want more help from developers to improve DevSecOps
More training on security tools and better performance metrics can accomplish this, according to a new survey.
06-08-2020 14:05

US Offers $10 Million Reward Against Election Interference
US Secretary of State Mike Pompeo on Wednesday offered a $10 million reward aimed at preventing foreign interference in the November election, as the State Department accused Russia of waging an increasingly sophisticated disinformation campaign.
06-08-2020 13:17

Researcher Discovers New HTTP Request Smuggling Attack Variants
A researcher has detailed several new variants of an attack named HTTP request smuggling, and he has proposed some new defenses against such attacks.
06-08-2020 13:14

FBI announcement on Windows 7 end of life prompts worry from security experts
Despite the FBI announcement, hospitals, schools, and government offices across the world still use Windows 7.
06-08-2020 12:47

Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes
Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default pr
06-08-2020 09:12

Twitter Says Android App Vulnerability Exposed Direct Messages
Twitter informed customers on Wednesday that a vulnerability in its Android app could have been exploited by malicious applications to access private data. According to the social media giant, the flaw is related to a vulnerability that affects Android
06-08-2020 08:54

US Talks Tougher on Chinese Tech, But Offers Few Specifics
U.S. Secretary of State Mike Pompeo on Wednesday called for a big expansion of U.S. government curbs on Chinese technology, saying that it wants to see “untrusted Chinese apps” pulled from the Google and Apple app stores. Outside experts called Pompeo’s
06-08-2020 01:39

Porn Video Interrupts US Court Hearing for Accused Twitter Hacker
A court hearing held via Zoom for a US teenager accused of masterminding a was interrupted Wednesday with rap music and porn, a newspaper reported.
06-08-2020 01:23

COVID-19-related scams cost Americans more than $98 million since the start of 2020
Online shopping is the most prevalent type of scam with people losing nearly $14 million to date, according to FTC data.
05-08-2020 20:31

COVID-19-related scams cost Americans more than $98 million since the start of 2020
Online shopping is the most prevalent type of scam with people losing nearly $14 million to date, according to FTC data.
05-08-2020 20:31

Researcher Details Sophisticated macOS Attack via Office Document Macros
A researcher found a way to deliver malware to macOS systems using a Microsoft Office document containing macro code. The victim simply has to open the document and no alerts are displayed.
05-08-2020 18:12

Education's Digital Future and the End of Snow Days
Healthcare may be the first industry that springs to mind for many people when thinking about sectors that have had to suddenly, dramatically adjust due to the COVID-19 pandemic. 
05-08-2020 17:40

NSA shares advice on how to limit location tracking
The intelligence agency warns of location tracking risks and offers tips for how to reduce the amount of data shared The post appeared first on
05-08-2020 16:06

Colorado City Pays $45,000 Ransom After Cyber-Attack
Lafayette, Colorado, officials announced Tuesday the city’s computer systems were hacked and they were forced to pay a ransom to regain access.
05-08-2020 15:30

Vulnerabilities in Protocol Gateways Can Facilitate Attacks on Industrial Systems
Vulnerabilities found in protocol gateway devices can facilitate stealthy attacks on industrial systems, enabling threat actors to obtain valuable information and sabotage critical processes.
05-08-2020 13:04

COVID-19 highlights need for business and security leaders to work together to prevent cyberattacks
New Tenable study says 94% of organizations experienced a business-impacting cyberattack or compromise within the past 12 months; 46% weathered five or more attacks.
05-08-2020 13:00

Federal Program Offers New Cybersecurity Tool for Elections
State and local officials are receiving additional tools from the federal government to help defend the nation’s election systems from cyberthreats ahead of the November vote, as intelligence officials about foreign efforts to interfere in the U.S. elec
05-08-2020 12:23

Researcher Demonstrates 4 New Variants of HTTP Request Smuggling Attack
A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today
05-08-2020 11:57

Drone Maker DJI Says Claims About Security of Pilot App 'Misleading'
Researchers have analyzed the security of DJI’s Pilot app for Android, but the Chinese drone giant says the claims they’ve made are misleading.
05-08-2020 10:43

Takeaways From the "CryptoForHealth" Twitter Hack
On July 15th, US-based microblogging and social networking service, Twitter, whose full impact has yet to be determined.
05-08-2020 10:28

Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts
Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account. Uncovered in February by Thijs Alkemade, a security specialist at IT securi
05-08-2020 04:28

Case Study: How Incident Response Companies Choose IR Tools
Many companies today have developed a Cybersecurity Incident Response (IR) plan. It's a sound security practice to prepare a comprehensive IR plan to help the organization react to a sudden security incident in an orderly, rational manner. Otherwise, the
05-08-2020 03:20

High-Wattage IoT Botnets Can Manipulate Energy Market: Researchers
A team of researchers from the Georgia Institute of Technology has demonstrated how, in theory, a malicious actor could manipulate the energy market using a botnet powered by high-wattage IoT devices.
05-08-2020 03:05

Apple Touch ID Flaw Could Have Let Attackers Hijack iCloud Accounts
Apple earlier this year fixed a security vulnerability in iOS and macOS that could have potentially allowed an attacker to gain unauthorized access to a user's iCloud account. Uncovered in February by Thijs Alkemade, a security specialist at IT securi
05-08-2020 02:46

Why multi-factor authentication should be set up for all your services and devices
More than ever, now is the time to make absolutely sure that your services and devices are using the best protection available to keep data secured and away from unauthorized hands.
04-08-2020 19:56

GreyNoise Raises $4.8 Million in Seed Funding to Combat Alert Fatigue
GreyNoise Intelligence, a startup focused on helping security teams reduce , has raised nearly $5 million in seed investment to help the company expand its intelligence service that helps teams “prioritize alerts that matter by quieting ones that don’t.”
04-08-2020 18:35

Tampa Teenager Accused in Twitter Hack Pleads Not Guilty
A Florida teen identified as the mastermind of a scheme that gained control of Twitter accounts of prominent politicians, celebrities and technology moguls pleaded not guilty on Tuesday to multiple counts of fraud.
04-08-2020 18:35

Google Patches Over 50 Vulnerabilities in Android With August 2020 Updates
Google on Monday announced the August 2020 security updates for the Android operating system, with patches for a total of more than 50 vulnerabilities.
04-08-2020 18:24

Google and Amazon most impersonated brands in phishing attacks
WhatsApp, Facebook, and Microsoft rounded out the top five as the most spoofed brands last quarter, says Check Point Research.
04-08-2020 16:30

Microsoft Paid Out Nearly $14 Million via Bug Bounty Programs in Past Year
Microsoft reported on Tuesday that it paid out roughly $13.7 million through its bug bounty programs between July 1, 2019, and June 30, 2020.
04-08-2020 16:08

FBI warns of surge in online shopping scams
In one scheme, shoppers ordering gadgets or gym equipment are in for a rude surprise – they receive disposable face masks instead The post appeared first on
04-08-2020 15:03

Reviving Cybersecurity Innovation with Experience at the Forefront
Take another look at the title of this article. Do you find it to be a surprising statement? Cybersecurity innovation is not quite at the stage where it needs resuscitation, still, the last few months have demonstrated the need for change. As we move for
04-08-2020 14:42

U.S. Attributes Taidoor Malware to Chinese Government Hackers
A malware analysis report published on Monday by the U.S. Department of Defense, the Cybersecurity and Infrastructure Security Agency (CISA), and the FBI officially attributes a piece of malware named Taidoor to threat actors sponsored by the Chinese gov
04-08-2020 14:11

Interpol Warns of 'Alarming' Cybercrime Rate During Pandemic
Global police body Interpol warned Monday of an "alarming" rate of cybercrime during the coronavirus pandemic, with criminals taking advantage of people working from home to target major institutions.
04-08-2020 13:37

How poor security practices from remote employees are wasting the time of IT staff
Along with the independence remote work affords employees comes the use of shadow IT and poor password practices, according to a new survey by 1Password.
04-08-2020 13:00

Study finds misconfigured cloud storage services in 93% of cloud deployments analyzed
An Accurics study said cloud breaches will likely increase in velocity and scale as more enterprises move to the cloud.
04-08-2020 13:00

Legacy Programming Languages Pose Serious Risks to Industrial Robots
04-08-2020 12:40

French Trial Ordered for Alleged Russian Bitcoin Fraudster
A judge in Paris has ordered a French trial for , a Russian suspected of money laundering on the bitcoin exchange BTC-e, also wanted by Washington and Moscow, his lawyer and other sources told AFP.
04-08-2020 10:58

VMware Carbon Black Threat Report finds hackers using more aggressive and destructive tactics
Security firm recommends digital distancing for devices and more collaboration between IT and security teams to harden the attack surface.
04-08-2020 09:00

US Government Warns of a New Strain of Chinese 'Taidoor' Virus
Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks. Named "Taidoor," the malware has done an 'excelle
04-08-2020 01:32

How to make your PC passwordless in the Windows 10 May 2020 Update
You don't need an account password to sign into Windows 10 version 2004.
03-08-2020 19:52

How much is your personal data worth on the dark web?
The going prices are lower than you probably think – your credit card details, for example, can sell for a few bucks The post appeared first on
03-08-2020 19:40

BlackBerry Releases Open Source Reverse Engineering Tool
BlackBerry on Monday announced a new open source tool to help security teams reverse engineer malware. 
03-08-2020 17:52

The Linux Foundation announces collective to enhance open source software security
The newly formed Open Source Security Foundation includes titans in technology such as Google, Intel, Microsoft, IBM, and more.
03-08-2020 17:48

The Linux Foundation announces collective to enhance open source software security
The newly formed Open Source Security Foundation includes titans in technology such as Google, Intel, Microsoft, IBM, and more.
03-08-2020 17:48

Survey: Barriers prevent data privacy initiatives
Corporate culture, lack of privacy teams hurt privacy initiatives.
03-08-2020 17:41

Ransomware Feared as Possible Saboteur for November Election
Federal authorities say one of the gravest threats to the November election is a well-timed ransomware attack that could paralyze voting operations. The threat isn’t just from foreign governments, but any fortune-seeking criminal.
03-08-2020 17:15

The Digital Ship is Full of Leaks. But There Are Ways to Keep it Afloat.
Years ago, while anchoring the CBS Evening News during an on-air mishap, Dan Rather made an offhand remark, observing that “To err is human.  But to really screw up, you need a computer.” 
03-08-2020 15:17

Hackers Could Target Organizations via Flaws in Mitsubishi Factory Automation Products
High-severity vulnerabilities found by researchers in Mitsubishi Electric factory automation products can be exploited to remotely attack organizations.
03-08-2020 15:16

How to better protect your organization against mobile threats
The increased use of personal phones for work and the growth of mobile malware create a risk to organizations, says Gigamon.
03-08-2020 15:08

BlackBerry launches free tool for reverse engineering to fight cybersecurity attacks
One of the first announcements at BlackHat USA 2020 is an open-source tool to fight malware that BlackBerry first used internally and is now making available to everyone.
03-08-2020 15:00

BlackBerry launches free tool for reverse engineering to fight cybersecurity attacks
One of the first announcements at BlackHat USA 2020 is an open-source tool to fight malware that BlackBerry first used internally and is now making available to everyone.
03-08-2020 15:00

Google Analysis of Zero-Days Exploited in 2019 Finds 'Detection Bias'
Google Project Zero last week released a report on the vulnerabilities exploited in attacks in 2019, and its researchers have drawn some interesting conclusions regarding the detection of zero-days.
03-08-2020 13:42

Foreign Threats Loom Ahead of US Presidential Election
As the Nov. 3 presidential vote nears, there are fresh signs that the nation’s electoral system is again under attack from foreign adversaries.
03-08-2020 11:50

How the FBI Identified Twitter Hackers
Bitcoin Transactions Led FBI to Twitter Hackers
03-08-2020 11:07

Bitcoin Transactions Led FBI to Twitter Hackers
Court documents made public last week by U.S. authorities following the announcement of against three individuals allegedly involved in the recent Twitter attack revealed how some of the hackers were identified by investigators.
03-08-2020 11:07

Microsoft to Keep Exploring TikTok Deal After Talks With Trump
Microsoft announced Sunday it would continue talks to acquire the US operations of popular video-sharing app TikTok, after meeting with President Donald Trump who seemingly backed off his earlier threats to ban the Chinese-owned platform.
03-08-2020 10:06

Trump Says Will Bar TikTok From US
01-08-2020 12:04

17-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack Arrested
A 17-year-old teen and two other 19 and 22-year-old individuals have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts within minutes as part of a massive b
01-08-2020 11:06

US Charges Three People for Roles in Epic Twitter Hack
US prosecutors on Friday announced they have charged three people, one of them from Britain, for roles in and tricking people out of money.
31-07-2020 20:26

Florida Teen Charged in Massive Twitter Hack, Bitcoin Theft
A Florida teen to scam people around globe out of more than $100,000 in Bitcoin, authorities said Friday.
31-07-2020 19:45

Top 10 apps every iOS user should download
Check out a developer's picks of 10 essential iOS apps, which focus on security, productivity, and more.
31-07-2020 18:44

Security analysts: Industry has not solved the talent gap or provided clear career paths
New survey finds that cybersecurity professionals want more training to keep up with the threat landscape and learn new software platforms.
31-07-2020 18:11

That job offer in your inbox might be part of a North Korean cyberattack
Professionals in the aerospace and defense industries should watch out; a wave of fake job offers containing malicious documents have been spotted in the wild by McAfee researchers.
31-07-2020 16:38

Top 6 cybersecurity trends to watch for at Black Hat USA 2020
Experts weigh in to share their thoughts on the hottest topics to expect at this year's all-digital Black Hat conference.
31-07-2020 16:10

Autofill Through Biometric Authentication Coming to Chrome
Google this week announced a series of security and ease-of-use improvements for the Autofill feature in Chrome. Designed to help users fill in forms in a secure manner, everywhere on the web, Autofill is about to become more secure when it comes to cre
31-07-2020 15:37

Week in security with Tony Anscombe
New ESET Threat Report is out – Defending against Thunderspy attacks – Thousands of databases wiped in Meow attacks The post appeared first on
31-07-2020 15:26

BootHole Patches Causing Many Systems to Become Unbootable
It appears that the patches released for Linux distributions in response to the GRUB2 bootloader vulnerability are causing problems for many users, making their systems unbootable.
31-07-2020 15:19

Breach of high-profile Twitter accounts caused by phone spear phishing attack
Twitter confirmed its employees were tricked into giving hackers their credentials, which gave them access to the accounts of Bill Gates, Jeff Bezos, Joe Biden, and others.
31-07-2020 15:14

Breach of high-profile Twitter accounts caused by phone spear phishing attack
Twitter confirmed its employees were tricked into giving hackers their credentials, which gave them access to the accounts of Bill Gates, Jeff Bezos, Joe Biden, and others.
31-07-2020 15:14

Twitter breach: Staff tricked by ‘phone spear phishing’
The attackers exploited the human factor to gain access to Twitter’s internal systems and the accounts of some of the world’s most prominent figures The post appeared first on
31-07-2020 15:12

Mimecast Acquires Messaging Security Provider MessageControl
Email and data security provider Mimecast on Thursday announced the acquisition of messaging security company MessageControl. Also known as eTorch, the Chicago-based MessageControl was founded in 2015 with a focus on preventing social engineering and id
31-07-2020 14:21

Cybercriminals Could Be Cloning Payment Cards Using Stolen EVM Data
31-07-2020 13:54

17-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack Arrested
A 17-year-old teen and two other 19 and 22-year-old individuals have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts within minutes as part of a massive b
31-07-2020 13:33

source : hackernews, securityweek, techrepublicsecurity, welivesecurity