Chipmaker Intel Corp. Blames Internal Error on Data Leak
The computer chipmaker Intel Corp. on Friday blamed an internal error for a data leak that prompted it to release a quarterly earnings report . It said its corporate network was not compromised.
23-01-2021 20:23

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check
23-01-2021 19:35

SonicWall Says Internal Systems Targeted by Hackers Exploiting Zero-Day Flaws
Cybersecurity firm SonicWall said late on Friday that some of its internal systems were targeted by “highly sophisticated threat actors” exploiting what appear to be zero-day vulnerabilities affecting some of the company’s products.
23-01-2021 12:07

Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product
SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities
23-01-2021 03:02

Experts Detail A Recent Remotely Exploitable Windows Vulnerability
More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3)
23-01-2021 03:00

Beware! Fully-Functional Released Online for SAP Solution Manager Flaw
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check
23-01-2021 00:43

Microsoft President urges tech leaders to follow lessons from Apollo missions and "War Games"
President Brad Smith said that national security is threatened by the industry's inability to learn lessons from the past.
22-01-2021 22:26

Cybersecurity: Blaming users is not the answer
A punitive approach toward employees reporting data breaches intensifies problems.
22-01-2021 20:44

Expert: Manpower is a huge cybersecurity issue in 2021
Changing threats, volume of threats, and ransomware plague organizations. Having some autonomous AI tools to help pros do their jobs can help.
22-01-2021 19:03

Cybersecurity pros can't handle all the threat tasks alone, expert says
Having an AI tool to help can ease the burden on cybersecurity teams, which are struggling to keep up with constant and more serious threats.
22-01-2021 18:59

Looking for cybersecurity experts? Consider hiring veterans
Veteran Michael Kassner says former military personnel might know more about cybersecurity than employers think. Read about some of the skills veterans could bring to a cybersecurity job.
22-01-2021 18:16

Microsoft Edge Adds Password Generator, Drops Support for Flash, FTP
Microsoft has shipped the stable version of the Microsoft Edge 88 browser, featuring a brand new Password Generator and the ability to alert on compromised credentials.   The browser refresh also drops support for the FTP protocol and for the A
22-01-2021 17:53

Week in security with Tony Anscombe
ESET research analyzes the Vadokrist banking trojan – Beware smishing scams – WhatsApp postpones privacy policy changes The post appeared first on
22-01-2021 16:15

Biden Orders Intelligence Agencies to Assess SolarWinds Hack
Just days into his leadership role, U.S. President Joe Biden has instructed U.S. intelligence agencies to provide him with a detailed assessment of the SolarWinds hack, which fueled a global cyber espionage campaign impacting many high-profile government
22-01-2021 16:03

Biden Orders Intel Agencies to Provide Full Assessment of SolarWinds Hack
Just says into his leadership role, U.S. President Joe Biden has instructed U.S. intelligence agencies to provide him with a detailed assessment of the SolarWinds hack, which fueled a global cyber espionage campaign impacting many high-profile government
22-01-2021 16:03

Intel's Early Earnings Release Triggered by Hack
U.S. chip-making giant Intel Corp. has acknowledged a website hack and premature data disclosure forced the early release of its earnings report for the fourth quarter of 2020.
22-01-2021 16:02

Sophos: Crypto-Jacking Campaign Linked to Iranian Company
An Iran-based software company is likely behind a recently identified crypto-jacking campaign targeting SQL servers, according to a report by British anti-malware vendor Sophos.
22-01-2021 14:56

QNAP Warns NAS Users of 'dovecat' Malware Attacks
QNAP this week warned users of attacks targeting QNAP NAS (network-attached storage) devices with a piece of malware named “dovecat.”
22-01-2021 13:28

The new Microsoft Edge browser will warn you if your password has been leaked online
The new Edge 88 browser includes tough new security features, including a password generator and a tool for monitoring whether your login details have been exposed to the dark web.
22-01-2021 12:17

Thousands of Unprotected RDP Servers Can Be Abused for DDoS Attacks
Cybercriminals have been abusing unprotected servers running Microsoft’s Remote Desktop Protocol (RDP) service to launch distributed denial-of-service (DDoS) attacks, application and network performance management company NETSCOUT warned this week.
22-01-2021 12:03

5 cybersecurity preparedness tips from two attorneys
Cybersecurity bad actors are taking advantage of the COVID-19 pandemic and attacking businesses. Follow these best practices for protecting your organization before a security attack.
22-01-2021 12:00

These Microsoft tools help you reduce, remove or lock down admin access to improve security
The SolarWinds compromise means you can no longer put off privileged account management.
22-01-2021 11:08

Why do we fall for SMS phishing scams so easily?
Here’s how to spot scams where criminals use deceptive text messages to hook and reel in their marks The post appeared first on
22-01-2021 10:30

Bosses are using monitoring software to keep tabs on working at home. Privacy rules aren't keeping up
Professionals union Prospect warned that the UK was at risk of 'sleepwalking into a world of surveillance' as more businesses turn to digital tools to keep tabs on remote workers.
22-01-2021 10:26

Missing Link in a 'Zero Trust' Security Model—The Device You're Connecting With!
Like it or not, 2020 was the year that proved that teams could work from literally anywhere. While terms like "flex work" and "WFH" were thrown around before COVID-19 came around, thanks to the pandemic, remote working has become the defacto way people
22-01-2021 04:09

Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account
Amazon has addressed a number of flaws in its Kindle e-reader platform that could have allowed an attacker to take control of victims' devices by simply sending them a malicious e-book. Dubbed "KindleDrip," the exploit chain takes advantage of a feature
22-01-2021 02:40

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks
Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or
22-01-2021 02:21

Here's How SolarWinds Hackers Stayed Undetected for Long Enough
Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer
22-01-2021 02:20

Google: How and when to change your password
If you've ever been tempted to change your Google account password, but weren't sure how, don't let that confusion stop you. Jack Wallen walks you through the process.
21-01-2021 20:58

2020 sees huge increase in records exposed in data breaches
The number of breaches may have fallen, but the number of exposed records hit a high not seen since 2005, says Risk Based Security.
21-01-2021 18:50

How to check for and stop DDoS attacks on Linux
Jack Wallen walks you through some of the steps you can take to check for and mitigate distributed denial of service attacks on a Linux server.
21-01-2021 18:20

Enterprise Credentials Publicly Exposed by Cybercriminals
Cybercriminals behind a successful phishing campaign have exposed more than 1,000 corporate employee credentials on the Internet, according to a warning from security vendor Check Point.
21-01-2021 17:45

SSH keys: How to view in Linux, macOS, and Windows
If you're not sure how to view your SSH certificates, Jack Wallen walks you through the steps on Linux, macOS, and Windows.
21-01-2021 16:17

Drupal Updates Patch Another Vulnerability Related to Archive Files
Security updates released this week by the developers of the Drupal content management system (CMS) patch a vulnerability identified in a third-party library.
21-01-2021 16:13

Multi-Cloud Network Security Provider Valtix Raises $12.5 Million
Multi-cloud network security platform provider Valtix on Thursday announced that it raised $12.5 million in strategic funding.
21-01-2021 15:39

Microsoft Details OPSEC, Anti-Forensic Techniques Used by SolarWinds Hackers
Microsoft on Wednesday released another report detailing the activities and the methods of the threat actor behind the attack on IT management solutions firm SolarWinds, including their malware delivery methods, anti-forensic behavior, and operational se
21-01-2021 15:25

How asset management companies are vulnerable to ransomware and phishing attacks
Like large banks, these firms hold valuable financial data but often have smaller security budgets and fewer staff, says Digital Shadows.
21-01-2021 14:18

Cisco Patches Critical Vulnerabilities in SD-WAN, DNA Center, SSMS Products
Cisco this week released patches to address a significant number of vulnerabilities across its product portfolio, including several critical flaws in SD-WAN products, DNA Center, and Smart Software Manager Satellite (SSMS).
21-01-2021 14:05

How scammers are exploiting COVID-19 vaccines
Cybercriminals are setting up malicious domains and peddling phony drugs, all related to the new vaccines, says Bolster.
21-01-2021 14:00

Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover
Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user’s email address.
21-01-2021 12:26

Vadokrist: A wolf in sheep’s clothing
Another in our occasional series demystifying Latin American banking trojans The post appeared first on
21-01-2021 10:30

MrbMiner Crypto-Mining Malware Links to Iranian Software Company
A relatively new crypto-mining malware that surfaced last year and infected thousands of Microsoft SQL Server (MSSQL) databases has now been linked to a small software development company based in Iran. The attribution was made possible due to an operat
21-01-2021 06:58

Here's How SolarWinds Hackers Stayed Undetected for Long Enough
Microsoft on Wednesday shared more specifics about the tactics, techniques, and procedures (TTPs) adopted by the attackers behind the SolarWinds hack to stay under the radar and avoid detection, as cybersecurity companies work towards getting a "clearer
21-01-2021 06:05

Hackers Accidentally Expose Passwords Stolen From Businesses On the Internet
A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and steal credentials belonging to over a thousand corporate employees. The cyber offensive is said to have
21-01-2021 06:05

Scanning Activity Detected After Release of Exploit for Critical SAP SolMan Flaw
A Russian researcher has made public on GitHub a functional exploit targeting a critical vulnerability that SAP patched in its Solution Manager product .
21-01-2021 04:52

Importance of Application Security and Customer Data Protection to a Startup
When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent (probably even more!) to work effectively and efficiently with the limited resources. Understandably, the application security importance may
21-01-2021 03:09

DNSpooq bugs expose millions of devices to DNS cache poisoning
Security flaws in a widely used DNS software package could allow attackers to send users to malicious websites or to remotely hijack their devices The post appeared first on
20-01-2021 21:12

'LuckyBoy' Malvertising Campaign Hits iOS, Android, XBox Users
A recently identified malvertising campaign targeting mobile and other connected devices users makes heavy use of obfuscation and cloaking to avoid detection.
20-01-2021 17:18

In a Remote Work Era, a People-First Approach Keeps Threat Intelligence Teams on Track
Far Too Many Organizations Are Still Failing to Develop Intelligence Requirements Based on the Needs of Their Stakeholders
20-01-2021 16:34

Are you more likely to be murdered IRL or hacked online? The existential question of our times has been answered
Atlas VPN drills down into a Gallup poll to understand Americans' perceived threat level. It turns out 55% are more worried about cyberattacks.
20-01-2021 16:31

Snort 3 Becomes Generally Available
Snort 3 was officially released on Tuesday and users have been advised to switch to Snort 3 from any previous version of the popular intrusion prevention and intrusion detection system (IPS/IDS).
20-01-2021 16:04

Oracle's January 2021 CPU Contains 329 New Security Patches
Oracle this week announced the availability of its first cumulative set of security fixes for 2021, which includes a total of 329 new patches.
20-01-2021 15:42

Ransomware Took Heavy Toll on US in 2020: Researchers
Ransomware attacks took a heavy toll on the United States last year with more than 2,000 victims in government, education and health care, security researchers say in a new report.
20-01-2021 14:42

Chrome 88 Drops Flash, Patches Critical Vulnerability
Google has released Chrome 88 to the stable channel with several security improvements inside, including patches for 36 vulnerabilities, one of which is rated critical severity, and dropped support for Adobe Flash.
20-01-2021 14:12

New 'FreakOut' Malware Ensnares Linux Devices Into Botnet
A recently identified piece of malware is targeting Linux devices to ensnare them into a botnet capable of malicious activities such as distributed denial of service (DDoS) and crypto-mining attacks.
20-01-2021 13:12

Malwarebytes Targeted by SolarWinds Hackers
Cybersecurity firm Malwarebytes on Tuesday revealed that it too was targeted by the hackers who breached the systems of Texas-based IT management company SolarWinds as part of a .
20-01-2021 12:41

DNSpooq Flaws Expose Millions of Devices to DNS Cache Poisoning, Other Attacks
Researchers at Israel-based boutique cybersecurity consultancy JSOF this week disclosed the details of seven potentially serious DNS-related vulnerabilities that could expose millions of devices to various types of attacks.
20-01-2021 11:37

Report: 5 ways web apps suffered in 2020 and will continue to suffer in 2021
2020 was a security struggle in the world of web applications, and it isn't going to get any better in 2021, research from cybersecurity provider Radware said.
20-01-2021 11:00

Google Details Patched Bugs in Signal, FB Messenger, JioChat Apps
In January 2019, a critical flaw was reported in Apple's FaceTime group chats feature that made it possible for users to initiate a FaceTime video call and eavesdrop on targets by adding their own number as a third person in a group chat even before the
20-01-2021 08:58

SolarWinds Hackers Also Breached Malwarebytes Cybersecurity Firm
Malwarebytes on Tuesday said it was breached by the same group who broke into SolarWinds to access some of its internal emails, making it the fourth major cybersecurity vendor to be targeted after FireEye, Microsoft, and CrowdStrike. The company said it
20-01-2021 03:27

The aftermath of the SolarWinds breach: Organizations need to be more vigilant
Security experts say organizations are, and should, implement a number of changes ranging from how they vet vendors to handling application updates.
19-01-2021 22:01

FBI warns of voice phishing attacks stealing corporate credentials
Criminals coax employees into handing over their access credentials and use the login data to burrow deep into corporate networks The post appeared first on
19-01-2021 19:38

FBI warns of voice phishing attacks targeting employees at large companies
Using VoIP calls, the attackers trick people into logging into phishing sites as a way to steal their usernames and passwords.
19-01-2021 19:20

10 trends shaping the security industry in 2021
Increased use of edge computing could "put AI everywhere," according to Hikvision's trends roundup.
19-01-2021 19:08

FireEye Releases New Open Source Tool in Response to SolarWinds Hack
FireEye Mandiant on Tuesday announced the release of an open source tool designed to check Microsoft 365 tenants for the use of techniques associated with UNC2452, the name currently assigned by the cybersecurity firm to the threat group that attacked IT
19-01-2021 19:04

Hundreds of Networks Still Host Devices Infected With VPNFilter Malware
The VPNFilter malware is still present in hundreds of networks and malicious actors could take control of the infected devices, according to researchers at cybersecurity firm Trend Micro.
19-01-2021 18:25

CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
19-01-2021 18:23

Politics and online privacy: How American Republicans and Democrats differ, and where they agree
A report from NordVPN finds disagreement on which political leader does better on privacy issues, whether disinformation should be banned, and what the biggest cyberthreat is.
19-01-2021 18:08

How to enable enhanced randomize MAC addresses on Android
Android 11 allows users to enable the Wi-Fi-Enhanced MAC randomization. Jack Wallen shows you how.
19-01-2021 16:49

New AI software can turn regular security cameras into COVID-19 policy enforcement points
Now being trialed in Georgia smart city Peachtree Corners, the new tech can pick up on people standing too close together and detect whether someone is wearing a mask.
19-01-2021 15:30

Microsoft Enables Automatic Remediation in Defender for Endpoint
Microsoft this week announced that it has enabled automatic threat remediation in Microsoft Defender for Endpoint for users who opted into public previews.
19-01-2021 14:12

SaaS Application Backup Firm Rewind Raises $15 Million
Backup-as-a-service (BaaS) provider Rewind on Tuesday announced it has raised $15 million in Series A funding. Founded in 2015, the Ottawa, Canada-based company helps customers secure business-critical software-as-a-service (SaaS) application and cloud
19-01-2021 13:54

SolarWinds Hackers Used 'Raindrop' Malware for Lateral Movement
The threat group behind the supply chain attack that targeted Texas-based IT management company SolarWinds leveraged a piece of malware named Raindrop for lateral movement and deploying additional payloads, Broadcom-owned cybersecurity firm Symantec repo
19-01-2021 13:09

Swimlane Raises $40 Million to Expand SOAR Business
Swimlane, a provider of security orchestration, automation and response (SOAR) solutions, announced today that it has raised $40 million in growth funding.
19-01-2021 12:33

OpenWrt Informs Users of Forum Breach
The OpenWrt Project, the developer of the open source Linux operating system for embedded devices, informed users on Monday that someone had breached its forum over the weekend.
19-01-2021 12:07

Researchers Discover Raindrop — 4th Malware Linked to the SolarWinds Attack
Cybersecurity researchers have unearthed a fourth new malware strain—designed to spread the malware onto other computers in victims' networks—which was deployed as part of the SolarWinds supply chain attack disclosed late last year. Dubbed "Raindrop" by
19-01-2021 07:04

A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder
Cybersecurity researchers have uncovered multiple vulnerabilities in Dnsmasq, a popular open-source software used for caching Domain Name System (DNS) responses, thereby potentially allowing an adversary to mount DNS cache poisoning attacks and remotely
19-01-2021 05:43

FreakOut! Ongoing Botnet Attack Exploiting Recent Linux Vulnerabilities
An ongoing malware campaign has been found exploiting recently disclosed vulnerabilities in network-attached storage (NAS) devices running on Linux systems to co-opt the machines into an IRC botnet for launching distributed denial-of-service (DDoS) attac
19-01-2021 05:40

New Educational Video Series for CISOs with Small Security Teams
Cybersecurity is hard. For a CISO that faces the cyber threat landscape with a small security team, the challenge is compounded. Compared to CISOs at large enterprises, CISOs small to medium-sized enterprises (SMEs) have smaller teams with less expertis
19-01-2021 03:05

FBI Warns of Employee Credential Phishing via Phone, Chat
The Federal Bureau of Investigation has issued a Private Industry Notification (PIN) to warn of attacks targeting enterprises, in which threat actors attempt to obtain employee credentials through vishing or chat rooms.
18-01-2021 19:21

Expired Domain Allowed Researcher to Hijack Country's TLD
A researcher claimed last week that he managed to take control of the country code top-level domain (ccTLD) for the Democratic Republic of Congo after an important domain name was left to expire.
18-01-2021 19:12

Researchers Estimate Ryuk Ransomware Operations to Be Worth $150 Million
The Ryuk ransomware criminal enterprise is estimated to be worth more than $150,000,000, security researchers say.
18-01-2021 17:51

WhatsApp delays privacy policy update after confusion, backlash
Millions of people flock to Signal and Telegram as WhatsApp scrambles to assuage users' concerns The post appeared first on
18-01-2021 16:56

Researchers Earn $50,000 for Hacking Apple Servers
A couple of researchers claim they have earned $50,000 from Apple for finding some serious vulnerabilities that gave them access to the tech giant’s servers.
18-01-2021 14:55

Underground Carding Marketplace Joker's Stash Announces Shutdown
Joker’s Stash, a large underground marketplace for stolen payment card data, has announced plans to shut down operations on February 15, 2021. The announcement was posted on a Russian-language cybercrime forum and detailed plans to cease all operations
18-01-2021 14:09

WhatsApp Delays Data Sharing Change After Backlash
18-01-2021 13:35

Rob Joyce Appointed Director of Cybersecurity at NSA
The U.S. National Security Agency on Friday announced that Rob Joyce, an official who is highly respected in the cybersecurity community, has been named the agency’s new director of cybersecurity.
18-01-2021 12:18

Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security
Apple has removed a controversial feature from its macOS operating system that allowed the company's own first-party apps to bypass content filters, VPNs, and third-party firewalls. Called "ContentFilterExclusionList," it included a list of as many as 5
17-01-2021 22:42

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks
Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti (or
17-01-2021 22:07

EU Regulator: Hackers ‘Manipulated’ Stolen Vaccine Documents
The European Union’s drug regulator said Friday that COVID-19 vaccine documents stolen from its servers by hackers have been not , but “manipulated.”
16-01-2021 15:47

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers
The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "D
16-01-2021 09:11

WhatsApp Delays Controversial 'Data-Sharing' Privacy Policy Update By 3 Months
WhatsApp said on Friday that it wouldn't enforce its recently announced controversial data sharing policy update until May 15. Originally set to go into effect next month on February 8, the three-month delay comes following "a lot of misinformation" abo
16-01-2021 09:10

NSA Suggests Enterprises Use 'Designated' DNS-over-HTTPS' Resolvers
The U.S. National Security Agency (NSA) on Friday said DNS over HTTPS (DoH) — if configured appropriately in enterprise environments — can help prevent "numerous" initial access, command-and-control, and exfiltration techniques used by threat actors. "D
15-01-2021 23:30

Joker's Stash, The Largest Carding Marketplace, Announces Shutdown
Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the op
15-01-2021 21:35

CES 2021: All of the business tech news you need to know
Don't miss TechRepublic's CES 2021 coverage, which includes product announcements from Lenovo, Samsung, LG, and Dell about PCs, laptops, software, robots, monitors, and TVs.
15-01-2021 19:21

Tens of Vulnerabilities in Siemens PLM Products Allow Code Execution
Siemens this week informed customers that some of its product development solutions are affected by a total of nearly two dozen vulnerabilities that can be exploited for arbitrary code execution using malicious files.
15-01-2021 19:17

How to check if someone else accessed your Google account
Review your recent Gmail access, browser sign-in history, and Google account activity to make sure no one other than you has used your account.
15-01-2021 19:01

Data Security Startup Qohash Raises $6 Million
Canadian data security startup Qohash this week announced it raised CAD 8 million (approximately USD $6.3 million) in Series A funding. The financing was led by FINTOP Capital.
15-01-2021 19:00

How next-gen cloud SIEM tools can offer critical visibility companies for effective threat hunting
Virtual workforces face escalated threats due to their remote access from various networks. Learn how security information and event management tools can help in the battle.
15-01-2021 16:39

Week in security with Tony Anscombe
ESET research dissects targeted malware attacks in Colombia – What parents hope to get out of parental controls – Privacy risks of new mesh Wi-Fi routers The post appeared first on
15-01-2021 16:30

source : hackernews, securityweek, techrepublicsecurity, welivesecurity