Attacks against cloud users surged in 2020
Cloud-based user accounts were hit by almost 3.1 million external cyberattacks throughout the year, according to McAfee.
13-04-2021 14:01

Exploit Released for Critical Vulnerability Affecting QNAP NAS Devices
An exploit is now publicly available for a remote code execution vulnerability affecting QNAP network-attached storage (NAS) devices that run the Surveillance Station video management system.
13-04-2021 13:50

CISA Details Malware Found on Hacked Exchange Servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week published details on additional malware identified on compromised Microsoft Exchange servers, namely China Chopper webshells and DearCry ransomware.
13-04-2021 13:08

PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers
A researcher has made public a proof-of-concept (PoC) exploit for a recently discovered vulnerability affecting Chrome, Edge and other Chromium-based web browsers.
13-04-2021 12:32

Small Kansas Water Utility System Hacking Highlights Risks
A former Kansas utility worker has been charged with remotely tampering with a public water system’s cleaning procedures, highlighting the difficulty smaller utilities face in protecting against hackers.
13-04-2021 12:01

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Security researchers have uncovered nine vulnerabilities affecting four TCP/IP stacks impacting more than 100 million consumer and enterprise devices that could be exploited by an attacker to take control of a vulnerable system. Dubbed "NAME:WRECK" by F
13-04-2021 05:24

Hackers Using Website's Contact Forms to Deliver IcedID Malware
Microsoft has warned organizations of a "unique" attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what's yet another instance of adversaries abusing legi
13-04-2021 04:51

Detecting the "Next" SolarWinds-Style Cyber Attack
The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade internal systems long enough to gain access to the source code of the victim. Because o
13-04-2021 04:25

Grambling Grad Getting Louisiana's 1st Cybersecurity Degree
A Grambling State University student is about to get Louisiana’s first bachelor’s degree in cybersecurity at a time when data breaches are making headlines. Alexis White of Arcadia already has a degree in biology. She earned it in 2018 — the year Grambl
13-04-2021 03:36

BRATA Malware Poses as Android Security Scanners on Google Play Store
A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute a backdoor capable of gathering sensitive information. "These malicious apps urge users to update Chrome, WhatsApp, or a PDF re
13-04-2021 00:19

RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other Chromium-based browsers like Microsoft Edge, Opera, and Brave. Released by Rajvardhan Agarwal, the w
12-04-2021 23:33

Hackers Tampered With APKPure Store to Distribute Malware Apps
APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In a supply-chain attack similar to that of German telecommunicati
12-04-2021 23:22

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits o
12-04-2021 23:22

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets
Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary s
12-04-2021 22:39

Joker Android Trojan Lands in Huawei AppGallery App Store
Ten variants of the Joker Android Trojan managed to slip into the Huawei AppGallery app store and were downloaded by more than 538,000 users, according to new data from Russian anti-malware vendor Doctor Web.
12-04-2021 22:18

Why adding neurodiversity to cybersecurity teams is a win-win for companies and employees
SAP and IBM have changed the hiring and onboarding process to open up more jobs to non-traditional candidates.
12-04-2021 22:12

User personas and DaaS could solve some security challenges of remote work
Use cases can make life easier for IT departments managing connectivity and access for thousands of home offices.
12-04-2021 21:32

How to raise the cybersecurity poverty line and make companies more secure
The cybersecurity poverty line is a term that can help companies understand security gaps and build better awareness. Learn more about it and how it applies to your organization.
12-04-2021 18:14

DoControl Emerges From Stealth With SaaS Security Platform
DoControl emerged from stealth mode on Monday with an automated data access controls platform for SaaS applications, and more than $13 million in funding.
12-04-2021 17:51

IcedID Trojan Operators Experimenting With New Delivery Methods
The threat actors behind the IcedID Trojan are experimenting with various delivery methods to increase efficiency, including sending malicious messages from web-based contact forms.
12-04-2021 17:33

Iran Used Fake Instagram Accounts to Try to Nab Israelis: Spy Agencies
Israeli spy agencies accused Iran on Monday of using fake social media accounts to lure citizens of the Jewish state abroad "to harm or abduct them".
12-04-2021 17:33

Unearthing the 'Attackability' of Vulnerabilities that Attract Hackers
Vulnerability management is largely about patch management: finding, triaging and patching the most critical vulnerabilities in your environment. Each aspect of this process presents its own problems. 
12-04-2021 16:48

ID Verification Firm Veriff Lands $69 Million in Series B Funding
Veriff, a provider of automated identity verification technology, today announced that it has secured $69 million in Series B financing, bringing the total amount raised by the company to $92.8 million.
12-04-2021 16:44

The VC View: Data Security - Deciphering a Misunderstood Category
I’m both excited and concerned to write about data security as one of the . Data security is a tough topic to summarize and I’d argue it may be the most misunderstood category in security right now. We’re a raw industry that has been shaken up multiple t
12-04-2021 16:02

Biden Names 2 Ex-NSA Officials for Senior Cyber Positions
President Joe Biden has selected two former senior National Security Agency officials for key cyber roles in his administration, the White House said Monday.
12-04-2021 15:43

Clubhouse in the spotlight after user records posted online
Reports of another trove of scraped user data add to the recent woes of popular social media platforms The post appeared first on
12-04-2021 14:28

Iran Blames Israel for Sabotage at Natanz Nuclear Site
Iran blamed Israel on Monday for a that damaged its centrifuges, an assault that imperils ongoing talks over Tehran’s tattered nuclear deal and brings a shadow war between the two countries into the light.
12-04-2021 13:20

This browser extension promises to block Google's controversial new tracking algorithm
DuckDuckGo has launched a new browser extension for Chrome that will prevent FLoC, a new tracking technique used by Google to support web advertising without user tracking.
12-04-2021 13:02

This browser extension promises to block Google's controversial new tracking algorithm
DuckDuckGo has launched a new browser extension for Chrome that will prevent FLoC, a new tracking technique used by Google to support web advertising without identifying users.
12-04-2021 13:02

Cybersecurity M&A Roundup for April 1-11, 2021
Eleven cybersecurity-related acquisitions and mergers were announced in the first part of April 2021.
12-04-2021 12:58

How scalper bots profit by buying and reselling Sony PS5 and Xbox consoles
These bots grab some of the limited stock of the PS5 and Xbox on eBay and Amazon and then resell them at huge markups, says PerimeterX.
12-04-2021 12:49

Fed Chair Says Cyberattacks Main Risk to US Economy
Federal Reserve chairman Jerome Powell said he was more worried about the risk of a large-scale cyberattack than another financial crisis like that of 2008. The risks of a 2008-like crisis with a need for government bailouts of banks were "very, very lo
12-04-2021 11:35

Zerodium Offering $300,000 for WordPress Exploits
Exploit acquisition company announced last week that it’s temporarily offering $300,000 for high-impact WordPress exploits.
12-04-2021 11:03

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users' Data
Online trading and discount brokerage platform Upstox has become the latest Indian company to suffer a security breach of its systems, resulting in the exposure of sensitive information of approximately 2.5 million users on the dark web. The leaked info
12-04-2021 09:04

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade. A total of $1.2 million was awarded for 16 high-profile exploits o
12-04-2021 08:30

What Does It Take To Be a Cybersecurity Researcher?
Behind the strategies and solutions needed to counter today's cyber threats are—dedicated cybersecurity researchers. They spend their lives dissecting code and analyzing incident reports to discover how to stop the bad guys.  But what drives these speci
12-04-2021 05:22

Alert — There's A New Malware Out There Snatching Users' Passwords
A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with i
11-04-2021 23:51

Iran Calls Natanz Atomic Site Blackout 'Nuclear Terrorism'
Iran on Sunday described a blackout at its underground Natanz atomic facility an act of “nuclear terrorism,” raising regional tensions as world powers and Tehran continue to negotiate over its tattered nuclear deal.
11-04-2021 19:07

Hackers Tampered With APKPure Store to Distribute Malware Apps
APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat actors to distribute Trojans to Android devices. In an incident that's similar to that of German telecommunications
09-04-2021 23:50

Microsoft Open-Sources 'CyberBattleSim' Enterprise Environment Simulator
Microsoft this week announced the open source availability of Python code for “CyberBattleSim,” a research toolkit that supports simulating complex computer systems.
09-04-2021 18:16

CISA Releases Tool to Detect Microsoft 365 Compromise
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool to help with the detection of potential compromise within Microsoft Azure and Microsoft 365 environments.
09-04-2021 16:55

Week in security with Tony Anscombe
Janeleiro banking trojan takes aim at Brazil – Lazarus deploys Vyveva backdoor in South Africa – The long shelf life of leaked data The post appeared first on
09-04-2021 16:00

Data from 500 million LinkedIn accounts put up for sale
The treasure trove of data reportedly includes users’ LinkedIn IDs, full names, email addresses, phone numbers and workplace information The post appeared first on
09-04-2021 15:01

Security Automation Firm Tines Raises $26 Million at $300 Million Valuation
Tines, an Ireland-based company that provides no-code automation solutions for security and operations teams, on Thursday announced that it has raised $26 million in a Series B funding round, at a valuation of $300 million.
09-04-2021 12:15

LG Promises Three Years of OS Updates for Premium Android Smartphones
South Korean tech giant LG this week announced that it will continue to provide operating system updates to users of its premium Android smartphones, for up to three years.
09-04-2021 11:58

Pwn2Own 2021 Participants Earn Over $1.2 Million for Their Exploits
The Pwn2Own 2021 hacking competition has come to an end, with participants earning more than $1.2 million — more than ever paid out at the event — for exploits in the browser, virtualization, server, local privilege escalation, and enterprise communicati
09-04-2021 11:07

Alert — There's A New Malware Out There Snatching Users' Passwords
A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed "Saint Bot," the malware is said to have first appeared on the scene in January 2021, with i
09-04-2021 08:57

Collaboration Platforms Increasingly Abused for Malware Distribution, Data Exfiltration
Threat actors are increasingly abusing collaboration platforms for nefarious purposes, including malware delivery and data exfiltration, security researchers with Cisco’s Talos division report.
09-04-2021 08:46

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business
For organizations that deal with the defense infrastructure – cybersecurity is more than just a buzzword. Recently the US Department of Defense (DoD) created a new certification process – the Cybersecurity Maturity Model Certificate (CMMC) – to ensure t
09-04-2021 07:37

Researchers uncover a new Iranian malware used in recent cyberattacks
An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT
09-04-2021 04:58

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
Networking equipment major Cisco Systems has said it does not plan to fix a critical security vulnerability affecting some of its Small Business routers, instead urging users to replace the devices. The bug, tracked as CVE-2021-1459, is rated with a CVS
09-04-2021 04:56

Gigaset Android Update Server Hacked to Install Malware on Users' Devices
Gigaset has revealed a malware infection discovered in its Android devices was the result of a compromise of a server belonging to an external update service provider. Impacting older smartphone models — GS100, GS160, GS170, GS180, GS270 (plus), and GS3
09-04-2021 00:45

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets
Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary s
08-04-2021 21:29

Zero trust: The good, the bad and the ugly
Zero trust is a good cybersecurity platform, but experts suggest care to get it right and not disenfranchise users.
08-04-2021 19:58

Zero trust: The good, the bad and the ugly
Zero trust is a good cybersecurity platform, but experts suggest care to get it right and not disenfranchise users.
08-04-2021 19:58

Cisco Patches Critical Flaw in SD-WAN vManage
Cisco this week announced patches for tens of vulnerabilities across its product portfolio, including a critical severity issue impacting the SD-WAN vManage software.
08-04-2021 18:54

Cost of Sandboxing Prompts Shift to Memory-Safe Languages. A Little Too Late?
NEWS ANALYSIS: Google’s decision to promote Rust for low-level Android programming is another sign that the shelf-life for memory corruption mitigations are no match for the speed of in-the-wild exploit development.
08-04-2021 18:35

How to use Docker Bench for Security to audit your container deployments
Docker Bench for Security is a simple way of checking for common best practices around your Docker deployments in production. Jack Wallen shows you how to use this tool.
08-04-2021 17:38

How to use FreeRADIUS for SSH authentication
Jack Wallen shows you how to install and configure FreeRADIUS as a centralized SSH authentication tool.
08-04-2021 15:50

Library Dependencies and the Open Source Supply Chain Nightmare
It’s a bigger problem than is immediately apparent, and has the potential for hacks as big as Equifax and as widespread as SolarWinds.
08-04-2021 15:06

Belden Says Health-Related Information Exposed in Data Breach
Specialty networking solutions provider Belden on Wednesday shared an update on the , and said health-related information was also exposed.
08-04-2021 14:19

Cring Ransomware Targets Industrial Organizations
Cring ransomware operators are exploiting an old path traversal vulnerability in the FortiOS SSL VPN web portal to gain access to enterprise networks, Kaspersky warns.
08-04-2021 13:47

How password anxiety is impacting individuals and organizations
A majority of people said they'd avoid using certain websites or accounts where they've forgotten their password, says LastPass.
08-04-2021 13:33

Does data stolen in a data breach expire?
Some personal information just doesn’t age – here’s what the Facebook data leak may mean for you The post appeared first on
08-04-2021 13:00

PHP Developers Share Update on Recent Breach
The developers of the PHP scripting language have shared an update on the recently disclosed breach in which attackers .
08-04-2021 12:09

Nation-state cyber attacks could lead to cyber conflict
New HP-sponsored report finds significant increase in nation-states targeting enterprises to steal high-value IP.
08-04-2021 12:00

$200,000 Awarded for Zero-Click Zoom Exploit at Pwn2Own
Two researchers earned $200,000 on the second day of the Pwn2Own 2021 hacking competition for a Zoom exploit allowing remote code execution without user interaction.
08-04-2021 11:13

Vulnerability in 'Domain Time II' Could Lead to Server, Network Compromise
A vulnerability residing in the “Domain Time II” network time solution can be exploited in Man-on-the-Side (MotS) attacks, cyber-security firm GRIMM warned on Tuesday.
08-04-2021 10:50

(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor
ESET researchers discover a new Lazarus backdoor deployed against a freight logistics firm in South Africa The post appeared first on
08-04-2021 09:30

MITRE Madness: A Guide to Weathering the Upcoming Vendor Positioning Storm
April is usually a whirlwind month for the cybersecurity industry as it coincides with the release of the highly regarded and influential MITRE ATT&CK test results. The ATT&CK test measures cybersecurity platforms' abilities to detect and react t
08-04-2021 06:39

Researchers uncover a new Iranian malware used in recent cyberattacks
An Iranian threat actor has unleashed a new cyberespionage campaign against a possible Lebanese target with a backdoor capable of exfiltrating sensitive information from compromised systems. Cybersecurity firm Check Point attributed the operation to APT
08-04-2021 06:37

Hackers Exploit Unpatched VPNs to Install Ransomware on Industrial Targets
Unpatched Fortinet VPN devices are being targeted in a series of attacks against industrial enterprises in Europe to deploy a new strain of ransomware called "Cring" inside corporate networks. At least one of the hacking incidents led to the temporary s
08-04-2021 06:13

NIST and HIPAA: Is There a Password Connection?
When dealing with user data, it's essential that we design our password policies around compliance. These policies are defined both internally and externally. While companies uphold their own password standards, outside forces like HIPAA and NIST have a
08-04-2021 05:47

PHP Site's User Database Was Hacked In Recent Source Code Backdoor Attack
The maintainers of the PHP programming language have issued an update regarding the security incident that came to light late last month, stating that the actors may have gotten hold of a user database containing their passwords to make unauthorized chan
07-04-2021 23:07

Pre-Installed Malware Dropper Found On German Gigaset Android Phones
In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the U
07-04-2021 20:24

2021 Brings new security challenges and regulations for European CISOs
European CISOs are shifting how they spend on security in response to the COVID-19 pandemic and are having to adopt to a raft of new proposed EU cyber regulations.
07-04-2021 20:05

How to better combat malware delivered through email
A majority of security pros said they're most concerned about malicious payloads sent to employees via file attachments, according to a survey from GreatHorn.
07-04-2021 18:14

$38 million worth of gift cards stolen and sold on dark web
Easy to redeem and hard to trace, gift cards remain a hot commodity in the criminal underground The post appeared first on
07-04-2021 17:00

Open Source Security Management Firm WhiteSource Raises $75 Million
Open source security management company WhiteSource on Wednesday announced that it has raised $75 million in a Series D funding round.
07-04-2021 16:35

Report: Supplier Impersonation Attacks a Major Risk
Threat actors are leveraging the supply chain to deliver various types of threats to organizations, and few of them are spared from such attacks, according to a new report from enterprise security company Proofpoint.
07-04-2021 16:27

Fake Netflix App Luring Android Users to Malware
Researchers Flag ‘FlixOnline’ as a Malicious Android Play Store App That Combines Social Engineering With WhatsApp Auto-Replies to Propagate
07-04-2021 15:10

What Cybersecurity Policy Changes Should We Expect from the Biden Administration?
As the U.S. transitions to a new presidential administration, which can be expected to differ largely from the last, it is hard not to speculate how President Biden’s Administration will reduce the risk of a major cyberattack against the U.S. or her inte
07-04-2021 14:43

Facebook Removes 14 Networks Fueling Deceptive Campaigns
Facebook this week announced that in March it removed a total of 14 networks of accounts from its online services, for spreading deceptive content meant to manipulate public opinion.
07-04-2021 14:00

Details Disclosed for GitHub Pages Flaws That Earned Researchers $35,000
A researcher has disclosed the details of a series of vulnerabilities that could have been exploited by an attacker to access an organization’s private pages on GitHub.
07-04-2021 13:26

Mobile devices proved vulnerable during pandemic lockdowns
According to Verizon, nearly half of businesses sacrificed mobile device security best practices to "get the job done."
07-04-2021 13:04

Google Patches Critical Code Execution Vulnerability in Android
The April 2021 Android security bulletin published this week by Google describes more than 30 vulnerabilities in the mobile operating system, including a remote code execution flaw in the System component.
07-04-2021 11:33

White Hats Earn $440,000 for Hacking Microsoft Products on First Day of Pwn2Own 2021
On the first day of the Pwn2Own 2021 hacking competition, participants earned more than half a million dollars, including $440,000 for demonstrating exploits against Microsoft products.
07-04-2021 10:48

Supply‑chain attacks: When trust goes wrong, try hope?
How can organizations tackle the growing menace of attacks that shake trust in software? The post appeared first on
07-04-2021 09:30

Android to Support Rust Programming Language to Prevent Memory Flaws
Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source P
07-04-2021 08:28

11 Useful Security Tips for Securing Your AWS Environment
Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don't forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sur
07-04-2021 04:22

WhatsApp-based wormable Android malware spotted on the Google Play Store
Cybersecurity researchers have discovered yet another piece of wormable Android malware—but this time downloadable directly from the official Google Play Store—that's capable of propagating via WhatsApp messages. Disguised as a rogue Netflix app under t
07-04-2021 03:36

Critical Auth Bypass Bug Found in VMware Data Center Security Product
A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems. Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring
07-04-2021 02:38

Facebook Says Hackers 'Scraped' Data of 533 Million Users in 2019 Leak
Facebook said Tuesday that hackers "scraped" personal data of some half-billion users back in 2019 by taking advantage of a feature designed to help people easily find friends using contact lists.
07-04-2021 02:15

Senators Press for More on SolarWinds Hack After AP Report
Key lawmakers said Tuesday they’re concerned they’ve been kept in the dark about what suspected Russian hackers stole from the federal government and they pressed Biden administration officials for more details about the scope of what’s known as the .
07-04-2021 01:34

Pre-Installed Malware Dropper Found On German Gigaset Android Phones
In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the U
07-04-2021 01:04

Pre-Installed Malware Dropper Found On German Gigaset Android Phones
In what appears to be a fresh twist in Android malware, users of Gigaset mobile devices are encountering unwanted apps that are being downloaded and installed through a pre-installed system update app. "The culprit installing these malware apps is the U
07-04-2021 00:16

Experts uncover a new Banking Trojan targeting Latin American users
Researchers on Tuesday revealed details of a new banking trojan targeting corporate users in Brazil at least since 2019 across various sectors such as engineering, healthcare, retail, manufacturing, finance, transportation, and government. Dubbed "Janel
06-04-2021 22:38

Watch Out! Mission Critical SAP Applications Are Under Active Attack
Cyber attackers are actively setting their sights on unsecured SAP applications in an attempt to steal information and sabotage critical processes, according to new research. "Observed exploitation could lead in many cases to full control of the unsecur
06-04-2021 21:31

Threat Actors Quick to Target (Patched) SAP Vulnerabilities
Threat actors are constantly targeting new vulnerabilities in SAP applications within days after the availability of security patches, according to a joint report issued by SAP and Onapsis.
06-04-2021 20:14

Data scraped from 500 million LinkedIn users found for sale online
IDs, names, email addresses and more personal details are part of the massive database of stolen data, which could be used to launch additional attacks on LinkedIn and its users.
06-04-2021 15:56

source : hackernews, securityweek, techrepublicsecurity, welivesecurity