U.S. Cyber Command Shares More Russian Malware Samples
The United States Cyber Command (USCYBERCOM) this week released new malware samples associated with the activity of Russian threat actors Turla and Zebrocy.
30-10-2020 18:48

Google Discloses Actively Targeted Windows Vulnerability
Google Project Zero security researchers have identified another Windows vulnerability that has been actively exploited in attacks.
30-10-2020 18:24

AWS releases Nitro Enclaves, making it easier to process highly sensitive data
According to Amazon, Nitro Enclaves will help customers reduce attack surfaces for their applications by providing a highly isolated and hardened environment for data processing.
30-10-2020 17:35

Week in security with Tony Anscombe
New ESET Threat Report is out – Are things in IoT security finally changing? – 5 spooky tales of data breaches The post appeared first on
30-10-2020 16:45

Election (in)security: What you may have missed
As Election Day draws near, here's a snapshot of how this election cycle is faring in the hands of the would-be digitally meddlesome The post appeared first on
30-10-2020 16:36

Google Announces New VPN for Google One Customers
Google announced on Thursday that Google One customers can now use a new virtual private network (VPN) service that will provide them an extra layer of protection when they go online.
30-10-2020 15:58

Britain Fines US Hotel Chain Marriott Over Data Breach
Britain's data privacy watchdog on Friday said it has fined US hotels group Marriott over a data breach affecting millions of customers worldwide.
30-10-2020 14:39

Microsoft Says Hackers Continue to Target Zerologon Vulnerability
Microsoft this week revealed that it continues to receive reports from customers of attacks targeting the .
30-10-2020 14:30

Asset Discovery Startup Lucidum Launches With $4 Million in Seed Funding
San Jose, California-based asset discovery company Lucidum emerged from stealth mode on Friday with $4 million in seed funding.
30-10-2020 13:59

Critical OpenEMR Vulnerabilities Give Hackers Remote Access to Health Records
Several vulnerabilities found by researchers in the OpenEMR software can be exploited by remote hackers to obtain medical records and compromise healthcare infrastructure.
30-10-2020 12:55

Wisconsin Republican Party Says Hackers Stole $2.3 Million
Hackers have stolen $2.3 million from the Wisconsin Republican Party’s account that was being used to help reelect President Donald Trump in the key battleground state, the party’s chairman told The Associated Press on Thursday.
30-10-2020 12:30

What Does Bad Advice Look Like?
Five Angles That One Can Use to Evaluate Whether a Piece of Advice is Good or Bad
30-10-2020 12:00

5 scary data breaches that shook the world
Just in time for Halloween, we look at the haunting reality of data breaches and highlight five tales that spooked not only the cyber-world The post appeared first on
30-10-2020 10:30

Bug Bounty Hunters Earned Over $4M for XSS Flaws Reported via HackerOne in 2020
This year, Cross-Site Scripting (XSS) continued to be the most common vulnerability type and received the highest amount of rewards on HackerOne, the hacker-powered vulnerability reporting platform says.
30-10-2020 09:38

Browser Bugs Exploited to Install 2 New Backdoors on Targeted Computers
Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes. Dubbed "O
30-10-2020 05:24

NVIDIA Patches AMI BMC Vulnerabilities Impacting Several Major Vendors
NVIDIA on Wednesday released patches to address a total of nine vulnerabilities impacting NVIDIA DGX servers.
30-10-2020 04:32

Browsers Bugs Exploited to Install 2 New Backdoors on Targeted Computers
Cybersecurity researchers have disclosed details about a new watering hole attack targeting the Korean diaspora that exploits vulnerabilities in web browsers such as Google Chrome and Internet Explorer to deploy malware for espionage purposes. Dubbed "O
30-10-2020 03:22

Cybersecurity policy is a must in government
One policy expert says cybersecurity measures should be an expected item that comes with every purchase, like the safety measures in your car.
29-10-2020 21:29

Government should make cybersecurity policy a priority
Professor and cybersecurity policy expert says it should be something that is already in place with each purchase or subscription.
29-10-2020 20:58

Government should make cybersecurity policy a priority
Professor and cybersecurity policy expert says it should be something that is already in place with each purchase or subscription.
29-10-2020 20:58

How to install the FreeIPA identity and authorization solution on CentOS 8
Jack Wallen walks you through the process of installing an identity and authorization platform on CentOS 8.
29-10-2020 18:58

Community College Continues to Investigate Cyberattack
A data breach at a North Carolina community college may have affected many of its current and former students.
29-10-2020 18:15

Over 100,000 machines remain vulnerable to SMBGhost exploitation
The patch for the critical flaw that allows malware to spread across machines without any user interaction was released months ago The post appeared first on
29-10-2020 17:25

Business Email Compromise attacks are on the rise
BEC campaigns continue to shift their targets from C-suite executives and finance employees to group mailboxes, says Abnormal Security.
29-10-2020 16:49

Microsoft Introduces Device Vulnerability Report in Defender for Endpoint
Microsoft this week announced the availability of a new vulnerability management report in Microsoft Defender, to provide information on vulnerable devices.
29-10-2020 16:01

Oracle WebLogic Vulnerability Targeted One Week After Patching
A vulnerability patched one week ago by Oracle in its WebLogic Server product has already been targeted for exploitation.
29-10-2020 15:32

FBI: Hospitals and healthcare providers face imminent ransomware threat
The FBI warns of a threat against the healthcare sector from Ryuk ransomware, and one that's already affected some hospitals.
29-10-2020 14:56

Turla Cyber-Spies Target European Government With Multiple Backdoors
The Russia-linked cyber-espionage group known as Turla was recently observed targeting a European government organization with a combination of backdoors, security researchers at Accenture reveal.
29-10-2020 13:46

The 10 vulnerabilities most commonly discovered by bug bounty hunters in 2020
HackerOne's list was topped by cross-site scripting, and found improper access control and SSRF vulnerabilities to be climbing in number and risk potential.
29-10-2020 13:00

Chronicle Co-Founder Launches New Cybersecurity Company Stairwell
Newly launched cybersecurity company Stairwell, which aims to provide security teams with more tools to identify adversaries, has closed a $4.5 million seed investment round.
29-10-2020 12:55

How phishing attacks are targeting schools and colleges
Attackers are exploiting the need for schools to receive critical updates from teachers, principals, and department heads, says Barracuda.
29-10-2020 12:43

Microsoft Says Iranian Hackers Targeted Attendees of Major Global Policy Conferences
The Iran-linked state-sponsored threat group known as Charming Kitten was observed targeting potential attendees of two major international conferences, Microsoft reports.
29-10-2020 12:19

U.S. Hospitals Warned of Imminent Ransomware Attacks From Russia
The U.S. government has warned hospitals and healthcare providers of an “increased and imminent” ransomware threat, which some experts have attributed to cybercriminals from Eastern Europe.
29-10-2020 11:41

IoT security: Are we finally turning the corner?
Better IoT security and data protection are long overdue. Will they go from an afterthought to everyone's priority any time soon? The post appeared first on
29-10-2020 10:31

Microsoft Defender ATP Users Get False Positive Alerts for Mimikatz, Cobalt Strike
Microsoft rushed to take action on Wednesday after Defender Advanced Threat Protection (ATP) users reported getting Cobalt Strike and Mimikatz alerts that turned out to be false positives.
29-10-2020 09:36

U.S. Shares Information on North Korean Threat Actor 'Kimsuky'
An alert released by the United States this week provides information on Kimsuky, a threat actor focused on gathering intelligence on behalf of the North Korean government.
29-10-2020 04:42

KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting "dozens of known vulnerabilities" to target widely-used content management systems (CMS). The "KashmirBlack" campaign, which is believed to ha
29-10-2020 03:02

How to Run Google SERP API Without Constantly Changing Proxy Servers
You've probably run into a major problem when trying to scrape Google search results. Web scraping tools allow you to extract information from a web page. Companies and coders from across the world use them to download Google's SERP data. And they work w
29-10-2020 02:45

FBI, DHS Warn Of Possible Major Ransomware Attacks On Healthcare Systems
The US Federal Bureau of Investigation (FBI), Departments of Homeland Security, and Health and Human Services (HHS) issued a joint alert Wednesday warning of an "imminent" increase in ransomware and other cyberattacks against hospitals and healthcare pro
28-10-2020 22:59

TrickBot Linux Variants Active in the Wild Despite Recent Takedown
Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware aren't sitting idle. According to new findings shared by cybersecurity firm Netscout, TrickBot's authors have moved portio
28-10-2020 22:07

Don't wait for a breach before implementing cybersecurity, expert says
Professor who specializes in security says we often treat a breach like a home break-in, adding security after the theft. More students are choosing security as a career, she adds.
28-10-2020 19:59

Breaches are like break-ins: Don't wait until after to protect yourself
Professor says companies shouldn't wait until they're breached before adding tight security. Students are rising to the challenge.
28-10-2020 19:56

Breaches are like break-ins: Don't wait until after to protect yourself
Professor says companies shouldn't wait until they're breached before adding tight security. Students are rising to the challenge.
28-10-2020 19:56

StackRox Releases Open Source Tool for Finding Kubernetes Misconfigurations
Container and Kubernetes security company StackRox on Wednesday announced the release of KubeLinter, an open source tool designed to help users identify misconfigurations in Kubernetes deployments.
28-10-2020 18:44

Payment and Data Security Firm Bluefin Raises $25 Million
Payment and data security solutions provider Bluefin on Wednesday announced it has raised $25 million in growth financing.
28-10-2020 14:27

Hackers Can Open Doors by Exploiting Vulnerabilities in Hörmann Device
Hackers could remotely open garage doors and gates by exploiting vulnerabilities found in a gateway device made by Hörmann, researchers warned on Wednesday.
28-10-2020 14:12

Back to Basics: Pandemic Cybersecurity Trends and Solutions
Thanks to the quick transition to remote work due to the current global pandemic – coupled with cybercriminals’ penchant for taking advantage of fear, uncertainty, and doubt – security researchers have in cybersecurity issues. Cybercriminals have been q
28-10-2020 14:04

Application Security Posture Management Firm Enso Security Emerges From Stealth
Enso Security, a company that claims to have built the first application security posture management (ASPM) platform, emerged from stealth mode on Wednesday with $6 million in seed funding.
28-10-2020 13:23

EXCLUSIVE: Medical Records of 3.5 Million U.S. Patients Can be Accessed and Manipulated by Anyone
More Than 2 Petabytes of Unprotected Medical Data Found on Picture Archiving and Communication System (PACS) Servers
28-10-2020 13:23

Compromised CMS Credentials Likely Used to Hack Trump Campaign Website
Security researchers believe that compromised credentials were used by hackers to access the content management system behind Donald Trump’s campaign website.
28-10-2020 13:04

ESET Threat Report Q3 2020
A view of the Q3 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts The post appeared first on
28-10-2020 13:00

The 5 biggest cybersecurity threats for the healthcare industry
Wandera finds malicious network traffic and configuration vulnerabilities on mobile devices as popular entry points for cybercriminals.
28-10-2020 10:00

21 Malicious Apps Downloaded 8 Million Times From Google Play
Despite Google’s best efforts to keep Android users safe, malware does manage to slip into Google Play from time to time, and the 21 malicious apps that Avast identified recently are proof of that.
28-10-2020 04:23

[Webinar and eBook]: Are You’re Getting The Best Value From Your EDR Solution?
Many companies rely on Endpoint Detection and Response (EDR) solutions as their primary security tool to protect their organizations against cyber threats. EDR was introduced around eight years ago, and analysts now peg the EDR market size as $1.5 to $2
28-10-2020 03:57

Trump Campaign Website Broken Into by Hackers
Hackers briefly broke into Donald Trump's campaign website on Tuesday, just a week before Election Day, officials and reports said.  "This site was seized," said a message that popped up on donaldjtrump.com, which normally carries details of rallie
28-10-2020 01:50

TrickBot Linux Variants Active in the Wild Despite Recent Takedown
Efforts to disrupt TrickBot may have shut down most of its critical infrastructure, but the operators behind the notorious malware aren't sitting idle. According to new findings shared by cybersecurity firm Netscout, TrickBot's authors have moved portio
28-10-2020 01:12

US elections are still vulnerable to email spoofing
A recent Valimail report spells out several potential threats that can impact election security. But there are ways to protect your organization.
27-10-2020 20:16

Akamai Acquires Asavie for Its Mobility, IoT Services
Akamai on Tuesday announced that it has acquired Asavie, an Ireland-based company that provides mobility, IoT and cybersecurity solutions.
27-10-2020 19:04

In Election Hacking, Perception May be as Good as the Real Thing
Hackers seeking to sow chaos in the November 3 election are hard at work -- but some experts say they don't need to be successful to have an impact.
27-10-2020 17:02

Top 5 things to know about EU-US data privacy
For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.
27-10-2020 15:59

Microsoft Introduces New Password Spray Detection for Azure
Microsoft this week announced the availability of a new password spray detection for Azure AD Identity Protection customers.
27-10-2020 15:54

Top 5 things to know about EU-US data privacy
For companies with data users in both the EU and the US, laws protecting users' privacy vary. Tom Merritt lists five things to know about EU-US data privacy.
27-10-2020 15:51

Going passwordless might be safer for organizations
Passwords are a constant struggle for businesses and IT departments. There are other ways to stay safe.
27-10-2020 15:22

FBI: Hotel Wi-Fi is not safe
While hotel Wi-Fi is convenient, security is not the priority, federal government says.
27-10-2020 15:07

FBI: Hotel Wi-Fi is not safe
While hotel Wi-Fi is convenient, security is not the priority, federal government says.
27-10-2020 15:07

How foreign actors are trying to undermine the US presidential election
Through disinformation campaigns, foreign adversaries attempt to exploit the fear and uncertainty among US voters, says Digital Shadows.
27-10-2020 15:02

How foreign actors are trying to undermine the US presidential election
Through disinformation campaigns, foreign adversaries attempt to exploit the fear and uncertainty among US voters, says Digital Shadows.
27-10-2020 15:02

Some Ballot Requests May Be Affected by County Cyber Attack
A hacker attack against an upstate New York county’s computer system raised concern that some emailed absentee ballot applications may not be processed, but the state Board of Elections said voting won’t be affected overall.
27-10-2020 13:56

Cyber Espionage Detection Firm Strider Technologies Raises $10 Million
Strider Technologies, a company that provides solutions for combating cyber-espionage, on Tuesday announced that it raised $10 million in Series A funding. To date, the startup has raised $12 million.
27-10-2020 13:38

Law Firm Says Google Employee Information Compromised in Data Breach
Fragomen, a law firm that provides Google with I-9 employment verification compliance services, says the personal information of some people was compromised in a recent data breach.
27-10-2020 13:06

Flaws in Winston Privacy Devices Can Expose Networks to Remote Attacks
Researchers say they’ve uncovered a series of potentially serious vulnerabilities in devices made by online privacy firm Winston Privacy. The vendor has released patches that are automatically being sent to devices.
27-10-2020 12:44

Swedish Authorities, Banks Hit by Security Data Leak: Report
Details of bank vault floor plans, alarm systems and the security arrangements for Swedish authorities have been leaked online after a security company was hacked, local media reported Tuesday.
27-10-2020 11:47

Government-Focused Cyber Defense Company Toka Raises $25 Million
Toka, an Israel-based company that provides intelligence and defense solutions to governments, announced on Tuesday that it has raised $25 million in a Series B funding round.
27-10-2020 11:14

Link Previews in Chat Apps Pose Privacy, Security Issues: Researchers
An analysis of the manner in which popular chat applications handle link previews has revealed several privacy and security issues, including some that still need addressing, security researchers warn. Link previews provide users with information on wha
27-10-2020 04:42

Google Removes 21 Malicious Android Apps from Play Store
Google has stepped in to remove several Android applications from the official Play Store following the disclosure that the apps in question were found to serve intrusive ads. The findings were reported by the Czech cybersecurity firm Avast on Monday, w
27-10-2020 02:25

PE Firm to Acquire Forcepoint From Raytheon
Francisco Partners to Buy Forcepoint from Raytheon Technologies for Undisclosed Sum
26-10-2020 21:04

Enterprises confident Chief Sustainability Officer (CSO) will improve cybersecurity
98% of enterprises want CSOs, but 56% of industrial businesses don't have plans to introduce one to their company, according to a new Kaspersky report.
26-10-2020 19:04

Private Psychotherapy Notes Leaked in Major Finnish Hack
The confidential treatment records of tens of thousands of psychotherapy patients in Finland have been hacked and some leaked online, in what the interior minister said Monday was "a shocking act."
26-10-2020 16:57

IT Services Giant Sopra Steria Hit by Ransomware
European IT services provider Sopra Steria on Monday said its systems were recently infected with a new variant of the notorious Ryuk ransomware.
26-10-2020 16:03

‘Among Us’ players hit by major spam attack
In-game chats were flooded with messages from somebody who tried to coerce players into subscribing to a dubious YouTube channel The post appeared first on
26-10-2020 15:20

NVIDIA Patches Code Execution Flaws in GeForce Experience
Patches released by NVIDIA last week for the GeForce Experience software address two arbitrary code execution bugs assessed with a severity rating of high.
26-10-2020 14:39

US Insists on Need to Ban TikTok
US President Donald Trump's administration has insisted on the need to due to national security concerns in a new court filing ahead of a plan to make the video app unavailable on November 12.
26-10-2020 14:17

HPE Patches Two Critical, Remotely Exploitable Vulnerabilities
Hewlett Packard Enterprise has released patches for two critical vulnerabilities, one identified in StoreServ Management Console and the other affecting BlueData EPIC Software Platform and Ezmeral Container Platform.
26-10-2020 13:57

Palo Alto Networks Threatens Legal Action Over Product Comparison
Palo Alto Networks has threatened legal action against cloud visibility solutions provider Orca Security after the latter published a video comparing products from the two companies.
26-10-2020 13:15

Experts Warn of Privacy Risks Caused by Link Previews in Messaging Apps
Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily downloa
26-10-2020 12:18

Apple Notarizes Six New Variants of 'MacOffers' Adware
Apple has inadvertently given the thumbs up to six new malware variants, according to researchers at Mac security solutions provider Intego.
26-10-2020 12:17

New Framework Released to Protect Machine Learning Systems From Adversarial Attacks
Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML
26-10-2020 04:42

Report: Ransomware Disables Georgia County Election Database
A ransomware attack that hobbled a Georgia county government in early October reportedly disabled a database used to verify voter signatures in the authentication of absentee ballots.
25-10-2020 01:19

75% of all 56 US states and territories show signs of vulnerable election IT infrastructure, report finds
The report comes as officials in Georgia revealed more information about a ransomware attack that affected a digital voter database.
23-10-2020 17:15

75% of all 56 US states and territories show signs of vulnerable election IT infrastructure, report finds
The report comes as officials in Georgia revealed more information about a ransomware attack that affected a digital voter database.
23-10-2020 17:15

Microsoft, MITRE Release Adversarial Machine Learning Threat Matrix
Microsoft and MITRE, in collaboration with a dozen other organizations, have developed a framework designed to help identify, respond to, and remediate attacks targeting machine learning (ML) systems.
23-10-2020 14:56

Week in security with Tony Anscombe
Security challenges for connected medical devices – Zero-day in Chrome gets patched – How to avoid USB drive security woes The post appeared first on
23-10-2020 14:15

DigitalWare Launches Risk Detection and Quantification Platform
Risk is a condition that pre-exists an incident. If you reduce security risk, you will reduce security incidents. Epiphany is a new risk detection and quantification platform that highlights, qualifies and quantifies the risks that occur within the techn
23-10-2020 12:59

Chrome 86 Starts Blocking Abusive Notification Permission Requests
Google has stepped up its effort against websites that have a history of sending abusive notification content, by blocking notification permission requests in Chrome 86.
23-10-2020 12:31

Destructive Malware Spotted in Recent Attacks Launched by Iranian Cyberspies
The Iran-linked cyber-espionage group known as Seedworm appears to have added a new downloader to its arsenal and to have started conducting destructive attacks, security researchers report.
23-10-2020 11:59

U.S. Says Russian Hackers Stole Data From Two Government Servers
The United States says Russian state-sponsored hacking group Energetic Bear has successfully compromised state, local, territorial, and tribal (SLTT) government networks and stole data from at least two servers.
23-10-2020 10:35

EU Slaps Sanctions on 2 Russians Over Germany Cyberattack
The European Union on Thursday imposed sanctions on two Russian officials and part of Russia’s GRU military intelligence agency over a against the German parliament in 2015.
23-10-2020 10:07

Securing medical devices: Can a hacker break your heart?
Why are connected medical devices vulnerable to attack and how likely are they to get hacked? Here are five digital chinks in the armor. The post appeared first on
23-10-2020 09:30

New Framework Released to Protect Machine Learning Systems From Adversarial Attacks
Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML
23-10-2020 03:50

How to create a new user with admin privileges on Linux
Adding a user with admin privileges on Linux is easier than you think. Jack Wallen shows you how.
22-10-2020 20:34

source : hackernews, securityweek, techrepublicsecurity, welivesecurity