Decade-Old Adobe ColdFusion Vulnerabilities Exploited by Ransomware Gang
Two ColdFusion vulnerabilities patched by Adobe more than a decade ago have been exploited by threat actors in a recent attack, according to cybersecurity firm Sophos.
21-09-2021 17:42

Google, Microsoft and Oracle amassed the most cybersecurity vulnerabilities in the first half of 2021
A recent AtlasVPN report rounds up an inglorious cybersecurity top 10 of sorts, highlighting the companies that have amassed the most vulnerabilities in the first half of this year.
21-09-2021 14:48

Providing Developers Value-Focused Feedback in Security Software Development
I recently wrote an article on , and one of the key elements was to ensure that leadership share the mission with developers to create a sense of purpose.
21-09-2021 14:23

OpenOffice Vulnerability Exposes Users to Code Execution Attacks
A buffer overflow vulnerability in Apache OpenOffice could be exploited to execute arbitrary code on target machines using malicious documents.
21-09-2021 14:09

Managing change in AI: Don't forget about your staff's needs and abilities
When change affects people in your organization, remember that you have a wealth of talent that needn't go to waste. Consider re-skilling to meet the company's needs as well as the employees'.
21-09-2021 13:19

U.S. companies excel at limiting shadow IT, according to a new report
Many respondents are planning to continue remote operations for the next couple of years, but what strategies are they implementing to protect themselves in the age of remote work at scale?
21-09-2021 13:15

How privacy and security challenges may cause people to abandon your website
More than half of consumers surveyed by Ping Identity said they ditched an online service when logging in proved too frustrating.
21-09-2021 13:00

Details of 100M Visitors to Thailand Exposed Online: Research Firm
More than 106 million travellers to Thailand had their personal details exposed online in August, a cybersecurity research company that discovered the data said Monday, but the leak was quickly plugged by authorities.
21-09-2021 12:51

Identity Solutions Provider Saviynt Raises $130 Million
Identity and access governance solutions provider Saviynt on Monday announced that it has received a $130 million investment from HPS Investment Partners and PNC Bank. To date, the company has raised $170 million in funding.
21-09-2021 11:40

Ransomware Group Demands Millions From U.S. Farmer Cooperative
Cybercriminals are hoping to obtain millions of dollars from a major farmer cooperative in the United States after they breached its systems, encrypted files, and stole vast amounts of data.
21-09-2021 11:05

Unpatched High-Severity Vulnerability Affects Apple macOS Computers
Cybersecurity researchers on Tuesday disclosed details of an unpatched vulnerability in macOS Finder that could be abused by remote adversaries to trick users into running arbitrary commands on the machines. "A vulnerability in macOS Finder allows files
21-09-2021 09:48

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug
Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack.
21-09-2021 06:00

Attacks Targeting OMIGOD Vulnerability Ramping Up
Attackers are increasingly targeting a remote code execution vulnerability in the Open Management Infrastructure (OMI) framework that Microsoft released patches for earlier this month.
21-09-2021 03:45

New Capoae Malware Infiltrates WordPress Sites and Installs Backdoored Plugin
A recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. "The
21-09-2021 03:08

Cybersecurity Priorities in 2021: How Can CISOs Re-Analyze and Shift Focus?
2020 was a year of relentless disruptions. The protective layer of secured enterprise networks and controlled IT environments of the physical premises did not exist. Over the past year, CISOs (Chief Information Security Officers) have had to grapple with
21-09-2021 02:18

Windows 11 prep: How to convert MBR hard drive partitions to GPT
For added security, Windows 11 will forgo the older MBR partition scheme and use GPT instead. That may require users to convert their older hard drives. Here is how to do it.
20-09-2021 19:12

Apple Ships iOS 15 with MFA Code Generator
Apple on Monday rolled out a major refresh of its flagship iOS mobile platform, adding a built-in two-factor authentication code generator and multiple anti-tracking security and privacy features.
20-09-2021 19:06

Cybercriminals Linked to Italian Mafia Arrested by European Police
Spanish and Italian authorities have dismantled an organized crime group allegedly involved in online fraud, money laundering, and other illegal activities.
20-09-2021 17:40

Here's how to become an in-demand cybersecurity expert
Just a couple of years of IT experience is all that's necessary to break into the cybersecurity field with this self-paced training.
20-09-2021 16:44

EventBuilder Exposed Information of Over 100,000 Event Registrants
Event management company EventBuilder exposed files containing the personal information of at least 100,000 users who registered for events on its platform.
20-09-2021 14:59

How to see who is trying to break into your Office 365 and what they're trying to hack
Office 365 and Azure Active Directory's security diagnostics are surprisingly useful tools.
20-09-2021 13:47

How to see who is trying to break into your Office 365 and what they're trying to hack
Office 365 and Azure Active Directory's security diagnostics are surprisingly useful tools.
20-09-2021 13:47

Attackers Use Linux Binaries as Loaders for Windows Malware
Using Microsoft’s Windows Subsystem for Linux (WSL), attackers have leveraged Linux binaries to load payloads into Windows processes, according to researchers with Black Lotus Labs, the threat intelligence unit of tech company Lumen.
20-09-2021 13:11

Cyberattack on Alaska Health Department Linked to State-Sponsored Hackers
The Alaska health department has shared more information about the cyberattack detected earlier this year, and the organization says the attack was conducted by state-sponsored hackers.
20-09-2021 12:32

Ongoing Phishing Campaign Targets APAC, EMEA Governments
Government departments in at least 7 countries in the Asia-Pacific (APAC) and Europe, the Middle East and Africa (EMEA) regions have been targeted in a phishing campaign that has been ongoing since spring 2020.
20-09-2021 11:49

Indonesia Says No Evidence of Alleged Chinese Intel Hack
Indonesian authorities have found no evidence that the country’s main intelligence service’s computers were compromised, after a U.S.-based private cybersecurity company alerted them of a suspected breach of its internal networks by a Chinese hacking gro
20-09-2021 11:14

Nigerian Threat Actor Targeting Aviation Industry Since 2018
A threat actor likely operating out of Nigeria has been engaged in various malicious campaigns for the past five years and it has mainly targeted the aviation industry for the last two, Cisco’s Talos security researchers reveal.
20-09-2021 10:26

Europol Busts Major Crime Ring, Arrests Over 100 Online Fraudsters
Law enforcement agencies in Italy and Spain have dismantled an organized crime group linked to the Italian Mafia that was involved in online fraud, money laundering, drug trafficking, and property crime, netting the gang about €10 million ($11.7 million)
20-09-2021 04:58

A New Wave of Malware Attack Targeting Organizations in South America
A spam campaign delivering spear-phishing emails aimed at South American organizations has retooled its techniques to include a wide range of commodity remote access trojans (RATs) and geolocation filtering to avoid detection, according to new research.
20-09-2021 04:00

Google to Auto-Reset Unused Android App Permissions for Billions of Devices
Google on Friday said it's bringing an Android 11 feature that auto-resets permissions granted to apps that haven't been used in months, to devices running Android versions 6 and above. The expansion is expected to go live later this year in December 20
19-09-2021 22:35

Numando: A New Banking Trojan Targeting Latin American Users
A newly spotted banking trojan has been caught leveraging legitimate platforms like YouTube and Pastebin to store its encrypted, remote configuration and commandeer infected Windows systems, making it the latest to join the long list of malware targeting
19-09-2021 22:07

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack
Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. <!--adsense--> Tracked as CVE-2021-30632 and CVE-2021-30633, the vulner
19-09-2021 01:13

Recently reported Microsoft zero-day gaining popularity with attackers, Kaspersky says
A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech and other sectors.
17-09-2021 18:43

Week in security with Tony Anscombe
Analysis of Numando banking trojan, steps to mitigate attack surface, and more! – Week in security with Tony Anscombe The post appeared first on
17-09-2021 17:18

Credit Union's Legal Battle With Tech Giant Fiserv Rumbles On
Local credit union, Bessemer System Federal Credit Union (BSFCU), sued Fortune 500 tech giant Fiserv over ‘amateurish security lapses’ in 2019. Fiserv counterclaimed with a motion to dismiss, and Bessemer motioned to dismiss the counterclaim.
17-09-2021 16:39

Have you tried to guess your boss's password? Lots of workers have, according to a report
An August Beyond Identity report takes a look at people's password protection habits as well as their tendencies to guess other folk's passwords.
17-09-2021 16:13

Dell study finds most organizations don't think they can recover from a ransomware attack
Sixty-seven percent lack confidence in their ability to recover business-critical data, which is troubling given that the amount of data businesses manage has grown by more than 10x since 2016.
17-09-2021 15:31

AMD Chipset Driver Vulnerability Can Allow Hackers to Obtain Sensitive Data
Chipmaker AMD has patched a driver vulnerability that could allow an attacker to obtain sensitive information from the targeted system.
17-09-2021 15:01

Small businesses need to step up efforts to secure and retain hybrid workers
Only 31% are shipping laptops to employees and nearly half have spent their own money on a remote workspace, a survey from GetApp finds.
17-09-2021 14:01

Operator of 'DownThem' DDoS Attack Service Convicted
An Illinois man who operated an infamous online service allowing users to launch distributed denial-of-service (DDoS) attacks on selected targets was found guilty of three felonies.
17-09-2021 13:38

Pakistani Man Involved in AT&T Hacking Scheme Sentenced to Prison in U.S.
Muhammad Fahd, a 35-year-old Pakistani national, has been sentenced to 12 years of prison in the United States for his role in a scheme that involved illegally unlocking AT&T phones and hacking into the telecoms giant’s systems.
17-09-2021 13:21

Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance
Microsoft on Thursday published additional guidance on addressing recently disclosed vulnerabilities in the Open Management Infrastructure (OMI) framework, along with new protections to resolve the bugs within affected Azure Virtual Machine (VM) manageme
17-09-2021 12:53

German Election Authority Confirms Likely Cyber Attack
Suspected hackers last month briefly disrupted the website of the authority running Germany's September 26 general election, a spokesman for the body told AFP Wednesday.
17-09-2021 12:19

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The li
17-09-2021 12:17

U.S. Agencies Warn of APTs Exploiting Recent ADSelfService Plus Zero-Day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Coast Guard Cyber Command (CGCYBER) have sounded the alarm over in-the-wild attacks targeting a recently disclosed vulnerability in Zoho’
17-09-2021 11:29

Court Rejects Lawsuit Against NSA on "State Secrets" Grounds
A divided federal appeals court has upheld the dismissal of an ACLU lawsuit challenging a portion of the National Security Agency’s warrantless surveillance of Americans’ international email and phone communications.
17-09-2021 11:23

Cybersecurity M&A Roundup for September 1-15, 2021
17-09-2021 10:27

Numando: Count once, code twice
The (probably) penultimate post in our occasional series demystifying Latin American banking trojans. The post appeared first on
17-09-2021 09:30

New Malware Targets Windows Subsystem for Linux to Evade Detection
A number of malicious samples have been created for the Windows Subsystem for Linux (WSL) with the goal of compromising Windows machines, highlighting a sneaky method that allows the operators to stay under the radar and thwart detection by popular anti-
17-09-2021 04:03

Malware Attack on Aviation Sector Uncovered After Going Unnoticed for 2 Years
A targeted phishing campaign aimed at the aviation industry for two years may be spearheaded by a threat actor operating out of Nigeria, highlighting how attackers can carry out small-scale cyber offensives for extended periods of time while staying unde
17-09-2021 01:00

Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks
Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. "These att
16-09-2021 21:50

Endpoint Security Platform Kolide Banks $17 Million Investment
Endpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date.
16-09-2021 20:14

Google Helps OSTIF Boost Security of Open Source Projects
Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects.
16-09-2021 20:09

Kaspersky Received 105 Government, Law Enforcement Requests in H1 2021
Kaspersky this week published its first transparency report to share information on the government and law enforcement agency requests received in 2020 and in the first half of 2021.
16-09-2021 18:34

It's time enterprise businesses place their complete trust in open source
Canonical announced that its managed services had MSPCV Certification. Jack Wallen believes this milestone should help big businesses realize it is time to trust open source software.
16-09-2021 16:11

Bitdefender offers free decryptor for REvil ransomware victims
The free decryption tool will help victims restore their encrypted files from attacks made before July 13, 2021, says Bitdefender.
16-09-2021 15:49

UN Urges Moratorium on AI Tech That Threatens Rights
16-09-2021 14:16

Researchers Create Toolkit for Hardware Security Tests on Apple's Mobile Processors
A group of researchers from North Carolina State University has built a software toolkit to explore vulnerabilities in Apple’s mobile processors and used the findings to devise a cache timing attack.
16-09-2021 13:41

How Threat Response is Evolving
As adversaries changed their view of an attack to include vectors across an organization, defenders have had to evolve their approach as well. This is best captured by Mark Harris from Gartner who observed that adversaries have shifted their focus of att
16-09-2021 13:01

Several Access Bypass, CSRF Vulnerabilities Patched in Drupal
Drupal developers on Wednesday informed users that updates released for Drupal 8.9, 9.1 and 9.2 patch five vulnerabilities that can be exploited for cross-site request forgery (CSRF) and access bypass.
16-09-2021 12:05

Mass Personal Data Theft From Paris Covid Tests: Hospitals
Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020, hospital officials in the French capital disclosed on Wednesday.
16-09-2021 11:45

Neosec Emerges From Stealth With $20.7 Million in Funding
Application security startup Neosec this week emerged from stealth mode after closing a $20.7 million Series A funding round.
16-09-2021 11:13

Links Found Between MSHTML Zero-Day Attacks and Ransomware Operations
Microsoft and threat intelligence company RiskIQ reported finding links between the exploitation of a recently patched Windows zero-day vulnerability and known ransomware operators.
16-09-2021 10:51

Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects
Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked
16-09-2021 06:38

Third Critical Bug Affects Netgear Smart Switches — Details and PoC Released
New details have been revealed about a recently remediated critical vulnerability in Netgear smart switches that could be leveraged by an attacker to potentially execute malicious code and take control of vulnerable devices. The flaw — dubbed "Seventh I
16-09-2021 06:21

Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks
Microsoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems. "These att
16-09-2021 06:20

You Can Now Sign-in to Your Microsoft Accounts Without a Password
Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email. The change is expe
16-09-2021 00:03

You Can Now Sign-in to Your Microsoft Accounts Without a Password
Microsoft on Wednesday announced a new passwordless mechanism that allows users to access their accounts without a password by using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email. The change is expe
15-09-2021 23:27

3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company
The U.S. Department of Justice (DoJ) on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. The trio in
15-09-2021 22:03

Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs
Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The li
15-09-2021 21:13

Microsoft Patch Tuesday fixes actively exploited zero‑day and 85 other flaws
The most recent Patch Tuesday includes a fix for the previously disclosed and actively exploited remote code execution flaw in MSHTML. The post appeared first on
15-09-2021 16:00

You can now eliminate the password for your Microsoft account
By using an alternative means of authentication, you can now go passwordless on your Microsoft account.
15-09-2021 15:12

Regular Users Can Now Remove Password From Their Microsoft Account
Microsoft on Wednesday informed owners of consumer accounts that they can now go completely passwordless and rely on other, more secure authentication methods.
15-09-2021 15:01

How to protect your on-premises databases from security vulnerabilities
One out of every two on-premises databases has at least one vulnerability, according to a study from Imperva Research Labs.
15-09-2021 14:13

Cloud Backup Company Rewind Raises $65 Million
Cloud backup company Rewind has announced raising $65 million in a Series B funding round, which brings the total amount invested in the firm to more than $80 million.
15-09-2021 14:09

Cybersecurity tips for online learning as schools tap hybrid learning amid delta variant
Tuesday is National Online Learning Day. To ring in the holiday, we've crafted a guide to help students of all ages stay safe online and protect the home network in the virtual classroom.
15-09-2021 13:52

Severe Vulnerabilities Could Expose Thousands of Azure Users to Attacks
Four of the fixes that Microsoft released as part of its updates deal with vulnerabilities in the Open Management Infrastructure (OMI) software agent embedded in Azure services.
15-09-2021 13:16

Why open source software supply chain management is worse than you think
A Sonatype survey also found a 650% year-over-year increase in supply chain attacks aimed at upstream public repositories.
15-09-2021 13:00

3 Former US Officials Charged in UAE Hacking Scheme
Three former U.S. intelligence and military officials have admitted providing sophisticated computer hacking technology to the United Arab Emirates and agreed to pay nearly $1.7 million to resolve criminal charges in an agreement that the Justice Departm
15-09-2021 12:58

SAP Patches Critical Vulnerabilities With September 2021 Security Updates
German software maker SAP this week announced the release of 17 new and two updated security notes on the September 2021 Security Patch Day. Seven of these deal with critical vulnerabilities in SAP products.
15-09-2021 12:02

ICS Patch Tuesday: Siemens, Schneider Electric Address Over 40 Vulnerabilities
Siemens and Schneider Electric on Tuesday published a total of 25 advisories to address more than 40 vulnerabilities affecting their industrial control system (ICS) products. Siemens
15-09-2021 11:37

Critical Flaws Discovered in Azure App That Microsoft Secretly Installed on Linux VMs
Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The li
15-09-2021 11:36

Zoom Introduces End-to-End Encrypted Phone Calls
Zoom this week revealed that its users will be getting the option to encrypt their one-on-one phone calls courtesy of end-to-end encryption (E2EE) being expanded to Zoom Phone.
15-09-2021 11:00

The Ongoing Reciprocal Relationship Between APTs and Cybercriminals
The two main villains of the cyber security world are the nation state-backed Advance Persistent Threats (APTs) and cybercriminals, with their comprehensive infrastructure and circles known as the dark web. Both threat actors are independent, each with i
15-09-2021 10:53

Cobalt Strike Beacon Reimplementation 'Vermilion Strike' Targets Windows, Linux
Security researchers with Intezer have identified a reimplementation of the infamous Cobalt Strike payload, which features completely new code.
15-09-2021 08:43

Download the Essential Guide to Response Automation
In the classic children's movie 'The Princess Bride,' one of the characters utters the phrase, "You keep using that word. I do not think it means what you think it means." It's freely used as a response to someone's misuse or misunderstanding of a word
15-09-2021 04:16

3 Former U.S. Intelligence Officers Admit to Hacking for UAE Company
The U.S. Department of Justice (DoJ) on Tuesday disclosed it fined three intelligence community and military personnel $1.68 million in penalties for their role as cyber-mercenaries working on behalf of a U.A.E.-based cybersecurity company. The trio in
15-09-2021 04:03

Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability
A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and
14-09-2021 22:00

T-Mobile was breached: Here's how to protect your account
T-Mobile customers should change their password and PIN and set up two-step verification to protect their accounts.
14-09-2021 20:55

Dark Web sees spike in fake COVID vaccine card sales
Some people would rather pay money for a phony vaccine card than get the actual shot for free, according to Check Point Research.
14-09-2021 20:51

General Promises US 'Surge' Against Foreign Cyberattacks
The general who leads U.S. efforts to thwart foreign-based cyberattacks, and punish those responsible, says he’s mounting a “surge” to fight incursions that have debilitated government agencies and companies responsible for .
14-09-2021 19:33

Patch Tuesday: Microsoft Plugs Exploited MSHTML Zero-Day Hole
Microsoft on Tuesday shipped a major security update to blunt zero-day attacks targeting a gaping hole in its proprietary MSHTML browsing engine.
14-09-2021 18:32

Apple Security Flaw: How do 'Zero-Click' Attacks Work?
Apple has spent the past week rushing to which allows spyware to be downloaded on an iPhone or iPad without the owner even clicking a button. But how do such "zero-click" attacks work, and can they be stopped?
14-09-2021 18:28

Why you should avoid those fun social media "tell us about yourself" questions
Social media is overflowing with quizzes, surveys and opportunities to tell the world about yourself. Learn why you should skip these to protect yourself and your identity.
14-09-2021 16:19

Now LIVE: SecurityWeek's 2021 CISO Forum, Presented by Cisco (Virtual Event)
14-09-2021 15:39

The Implications of China's New Personal Information Protection Law
The cornerstone of Chinese national and international policy is a fundamental principle: China First. So, while its new data privacy law, the Personal Information Protection Law (PIPL), will provide solid protection for its people’s personal information
14-09-2021 15:32

WhatsApp announces end‑to‑end encrypted backups
The Facebook-owned messaging service plans to roll out the feature to both iOS and Android users in the coming weeks. The post appeared first on
14-09-2021 15:30

CISA Appoints Kiersten Todt as New Chief of Staff
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday announced that it has appointed Kiersten Todt as its new chief of staff.
14-09-2021 15:01

Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System
Switzerland’s national postal organization Swiss Post is offering bug bounty rewards of up to €230,000 (roughly $271,000) for critical vulnerabilities identified in a future digital voting system.
14-09-2021 14:07

Nearly Half of On-Premises Databases Vulnerable to Attacks: Study
A five-year study conducted by cybersecurity firm Imperva showed that nearly half of on-premises databases globally have at least one vulnerability that could expose them to attacks.
14-09-2021 13:34

source : hackernews, securityweek, techrepublicsecurity, welivesecurity