TrickBot has returned with a TrickBoot
TrickBot has released a new “TrickBoot” module which scans for vulnerable firmware and also has the ability to read, write and erase it on devices. The TrickBot malware has once again morphed and adapted, with the malware now being able to inspect the UE
04-12-2020 11:09

Israeli insurance company extorted by BlackShadow hackers
An Israeli insurance company has suffered a data breach with the attackers demanding almost $1 million in bitcoin as a ransom to prevent the companies stolen data being exposed. On November 30 the cybercrime group BlackShadow tweeted that they hacked int
04-12-2020 10:53

Kmart suffers ransomware attack
The US department store Kmart has been victim to a ransomware attack which has impacted back-end services within the company. Kmart has been targetted by the Egregor ransomware operation this week which encrypted devices and servers on the network. A ran
04-12-2020 10:38

Kmart suffers ransomware attack
The US department store Kmart has been victim to a ransomware attack which has impacted back-end services within the company. Kmart has been targetted by the Egregor ransomware operation this week which encrypted devices and servers on the network. A ran
04-12-2020 10:36

Vancouver public transport agency hit by ransomware attack
TransLink, the public transport agency for Vancouver, Canada, has been hit by a ransomware attack which has halted their operations. The attack took place on December 1, and has resulted in the residents of Vancouver being unable to use their metro cards
04-12-2020 10:20

Potential Nation-State Actor Targets COVID-19 Vaccine Supply Chain
Companies involved in technologies for keeping vaccines cold enough for safe storage and transportation are being targeted in a sophisticated spear-phishing campaign, IBM says.
03-12-2020 18:40

Verizon has been leaking customers’ personal information for days (at least)
A bug in a customer chat feature shows transcripts of other people's chats.
03-12-2020 18:05

TrickBot's New Tactic Threatens Firmware
A newly discovered module checks machines for flaws in the UEFI/BIOS firmware so malware can evade detection and persist on a device.
03-12-2020 17:40

Researchers Discover New Obfuscation-As-a-Service Platform
Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
03-12-2020 17:15

Common Container Manager Is Vulnerable to Dangerous Exploit
Container manager vulnerability is one of several weaknesses and vulnerabilities recently disclosed for Docker.
03-12-2020 16:30

Nation-state backed hackers going after COVID vaccine supply chain
Sophisticated operation is well-researched and well-placed, aimed at EU.
03-12-2020 16:03

Xerox DocuShare Bugs could result in major data leaks
Xerox released a fix for two vulnerabilities in regards to DocuShare, their document management platform. If these bugs were exploited they could have made DocuShare users vulnerable to a malicious attack resulting in sensitive data loss. Yesterday, the
03-12-2020 14:00

Cloud Security Threats for 2021
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
03-12-2020 14:00

Ransomware gang steals 2 million credit cards from E-Land
The ransomware gang Clop has claimed to be responsible for a cyberattack on E-Land Retail. Clop have said that they have stolen around 2 million credit card’s details over the past year, with the attack ending last month. E-Land Retail is a subsidi
03-12-2020 13:31

Aerospace firm hit by cyber attack
Embraer, a Brazilian defence and aerospace group has recently been a target of a cyber attack which has halted the company’s operations. According to a statement released by Embraer this week, the attack forced the “disclosure of data alleged
03-12-2020 13:20

US Officials Take Action Against 2,300 Money Mules
Eight federal law enforcement agencies participated in the Money Mule Initiative, a global crackdown on money laundering.
03-12-2020 12:45

Researchers Bypass Next-Generation Endpoint Protection
Machine learning-based products can be tricked to classify malware as a legitimate file, new findings show.
03-12-2020 12:40

One of the Internet’s most aggressive threats could take UEFI malware mainstream
New feature targets the most critical component of all modern-day computers.
03-12-2020 11:00

From FUD to Fix: Why the CISO-Vendor Partnership Needs to Change Now
CISOs and their staffs are up against too many systems, screens, and alerts, with too few solutions to effectively address pain points.
03-12-2020 10:00

Google Security Researcher Develops 'Zero-Click' Exploit for iOS Flaw
A new patched memory corruption vulnerability in Apple's AWDL protocol can be used to take over iOS devices that are in close proximity to an attacker.
03-12-2020 08:35

Open Source Flaws Take Years to Find But Just a Month to Fix
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
02-12-2020 18:30

Cybersecurity in the Biden Administration: Experts Weigh In
Security pros and former government employees share their expectations and concerns for the new administration - and their hope for a "return to normal."
02-12-2020 18:20

FBI: BEC Scammers Could Abuse Email Auto-Forwarding
Private Industry Notification warns of the role email auto-forwarding could be used in business email compromise attacks.
02-12-2020 16:25

Loyal Employee ... or Cybercriminal Accomplice?
Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.
02-12-2020 16:20

Teardown of “Dishy McFlatface,” the SpaceX Starlink user terminal
"It's rare to see something of this complexity in a consumer product."
02-12-2020 15:21

Automated Pen Testing: Can It Replace Humans?
These tools have come a long way, but are they far enough along to make human pen testers obsolete?
02-12-2020 14:00

Security Slipup Exposes Health Records & Lab Results
NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.
02-12-2020 13:35

FBI warn that email forwarding rules are being abused by hackers
The US Federal Bureau of Investigation (FBI) says that it is getting more common for cyber-criminals to use email forwarding rules in order to disguise themselves inside hacked email accounts. The FBI sent out a PIN (Private Industry Notification) alert
02-12-2020 12:09

Malicious npm packages were installing remote access trojans
The security team in charge of the ‘npm’ repository used for JavaScript libraries has removed two of the npm packages on Monday after they were found to contain malicious code that installed a remote access trojan (RAT) onto computers of deve
02-12-2020 11:40

Supreme Court to rule on outdated anti-hacking law
The Supreme Court will possibly be reining in of one of the main anti-hacking laws in America, which has not been revised by Congress since 1986, and has tormented cybersecurity researches since the internet began. The American Supreme Court heard a numb
02-12-2020 10:52

New exploit could let hackers remotely access iPhones
A Google Project Zero security researcher, Ian Beer, has revealed that, until recently, a number of varieties of Apple iPhones and other iOS devices were vulnerable to an exploit which would allow hackers to remotely reboot a device and then take complet
02-12-2020 10:42

Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
02-12-2020 10:00

Free Mobile App Measures Your Personal Cyber Risk
New app for Android and Apple iOS uses an algorithm co-developed with MIT to gauge security posture on an ongoing basis.
02-12-2020 09:00

iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever
Before Apple patch, Wi-Fi packets could steal photos. No interaction needed. Over the air.
02-12-2020 02:34

Unmanaged Devices Heighten Risks for School Networks
Gaming consoles, Wi-Fi Pineapples, and building management systems are among many devices Armis says it discovered on K-12 school networks.
01-12-2020 20:00

Oracle vulnerability that executes malicious code is under active attack
Recently patched WebLogic security bug requires little skill and no authentication.
01-12-2020 19:56

Amazon to roll out tools to monitor factory workers and machines
Sensor, computer vision hardware come as tech giant pushes into industrial sector.
01-12-2020 19:55

Inside North Korea's Rapid Evolution to Cyber Superpower
Researchers examine North Korea's rapid evolution from destructive campaigns to complex and efficient cyber operations.
01-12-2020 17:30

The Challenge of Secure Wi-Fi 
It’s fair to say that we have all been spending less time jumping onto Wi-Fi hotspots at cafes, hotels, airports or company guest networks, over the last sixth months. But as lockdown measures were eased, we saw more people looking for a change of scener
01-12-2020 17:26

Malicious or Vulnerable Docker Images Widespread, Firm Says
A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious.
01-12-2020 17:25

Glasswall successfully raises £18 million from leading investors to fund continued expansion
Glasswall, the leading cybersecurity technology group, announces that it has successfully raised £18 million in additional equity capital to finance its continued expansion. The funding round was led by IPGL, Lord Spencer’s private investment group, and
01-12-2020 17:18

SASE 101: Why All the Buzz?
Wide area networking and network security services unite to provide secure, cloud-based connectivity for enterprises' remote employees -- and these days that means billions of workers.
01-12-2020 16:35

The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.
01-12-2020 14:00

Call Fraud Operator Ordered to Pay $9M to Victims
Indian national will serve 20 years in prison for running a large call center fraud operation.
01-12-2020 13:00

Ivanti Acquires MobileIron & Pulse Secure
The company plans to use these acquisitions to strengthen and secure IT connections across remote devices and infrastructure.
01-12-2020 11:50

Security flaw could manipulate scientists into creating viruses
Cyber-security researchers at Ben-Gurion University of the Negev have discovered a cyber attack which could allow hackers to remotely manipulate laboratory scientists into creating viruses and toxins. Medical researchers use synthetic DNA for a variety o
01-12-2020 11:28

MacOS users targeted with updated malware
A new form of malware has been discovered to be targeting Apple MacOS user, with researches saying that it is tied to a state-backed hacking operation. The malware campaign has been identified by cybersecurity analysts at Trend Micro, who have linked cam
01-12-2020 11:11

Sophos 2021 Threat Report: Navigating Cybersecurity in an Uncertain World
SPONSORED: Sophos' principal research scientist discusses the fast-changing attacker behaviors of 2020 and how security pros need to evolve.
01-12-2020 11:00

Vietnamese state-backed hackers linked to crypto-mining malware campaign by Microsoft
Microsoft has recently identified Vitemanese government-backed hackers to be deploying cryptocurrency-mining malware alongside their usual cyber-espionage toolkits. The report by Microsoft highlights a growing trend in cyber-security where an increasing
01-12-2020 10:58

Can't Afford a Full-time CISO? Try the Virtual Version
A vCISO can align a company's information security program to business strategy and budgeting guidance to senior management.
01-12-2020 10:00

Former NSS Labs CEO Launches New Security Testing Organization
Member-based CyberRatings.org to offer free to tiered paid access to tested security product and services ratings.
01-12-2020 10:00

2020 Cybersecurity Holiday Gift Guide for Kids
Grab some wrapping paper: These STEM toys and games are sure to spark creativity and hone coding and logic skills among a future generation of cybersecurity pros.
01-12-2020 08:00

Does Tor provide more benefit or harm? New paper says it depends
Tor use is likely more harmful in “free countries,” researchers say. Tor isn’t so sure.
30-11-2020 23:00

Driven by Ransomware, Cyber Claims Rise in Number & Value
Companies are on track to file 27% more cyber claims in 2020, one insurer estimates, while another underwriter finds five out of every 100 companies file a claim each year.
30-11-2020 18:05

Manchester United Cyberattack Highlights Controversy in Paying Ransomware Attackers
The Premier League English football (soccer) club team is reportedly being held to ransom by cyberattackers. Manchester United may face a difficult decision: whether to pay a ransom for release of its stolen data.
30-11-2020 18:00

Baltimore County Public Schools Closed Due to Ransomware Attack
The incident struck the day before Thanksgiving and interfered with online classes for some 115,000 students, officials report.
30-11-2020 17:30

Industrial Computer Maker Confirms Ransomware, Data Theft
Advantech reports the stolen data was confidential but did not contain high-value documents.
30-11-2020 14:30

COVID-19 vaccine manufacturer targeted by hackers
The British drug manufacturer AstraZeneca has recently been targetted by what are suspected to be North Korean hackers, who have tried to break into their systems. AstraZeneca is one of the many pharmaceutical companies racing to release a vaccine for CO
30-11-2020 11:11

Why Vulnerable Code Is Shipped Knowingly
The business priority of speed of development and deployment is overshadowing the need for secure code.
30-11-2020 07:00

WarGames for real: How one 1983 exercise nearly triggered WWIII
From the archives: Say hello to the KGB software model that forecasted mushroom clouds.
29-11-2020 15:30

Why the power to neutralise the threat of ransomware lies within your network
Ransomware attacks are on the up. Due to low execution costs, high rates of return, as well as a low risk of being caught, ransomware has become the preferred method of attack for those operating illegally within the online space. In fact, research highl
27-11-2020 16:24

AI can run your work meetings now
"Optimizing" meetings, from automated scheduling to facial recognition to measure attention.
27-11-2020 13:00

Canon confirms data theft in August’s ransomware attack
Months after the attack Canon publically confirmed that the cyberattack in August was caused by ransomware, and that data was stolen from servers by hackers during this attack. The attack was first reported by BleepingComputer when they found that there
27-11-2020 11:19

Fertility patients’ data stolen in ransomware attack
One of the largest group of fertility clinics in the United States, U.S. Fertility, has recently been hit by a ransomware attack, with patient and company data stolen. U.S. Fertility said that hackers “acquired a limited number of files” while they were
27-11-2020 10:56

Personal data of 16 million COVID-19 patients in Brazil leaked online
The personal and health data of over 16 million Brazilian COVID-19 patients has been exposed after a hospital employee foolishly uploaded a spreadsheet or names, passwords, and access keys to sensetive government systems on GitHub. Two government databas
27-11-2020 10:36

5 Signs Someone Might be Taking Advantage of Your Security Goodness
Not everyone in a security department is acting in good faith, and they'll do what they can to bypass those who do. Here's how to spot them.
27-11-2020 09:00

Failing Toward Zero: Why Your Security Needs to Fail to Get Better
Each security incident should lead to a successive reduction in future incidences of the same type. Organizations that fail toward zero embrace failure and learn from their mistakes.
27-11-2020 08:00

Entersekt releases findings from State of Online Shopping Report UK
Entersekt has released results of its State of Online Shopping Report that examined the shopping habits of 1000 UK consumers since the start of the COVID-19 pandemic. Carried out by Censuswide and completed on the 6th November 2020, the study looked at c
26-11-2020 16:26

Researchers discover Windows zero-day vulnerability
A French security research firm has accidentality discovered a zero-day vulnerability that affects the Windows 7 and Windows Server 2008 R2 operating systems. The researchers found the vulnerability while they were working on updating a Windows security
26-11-2020 11:08

Fake Among Us app used to distribute malware
InterSloth’s ‘Among Us’ is one of the latest games to be hitting the world by storm, with it being popular among PC and mobile gamers alike. Cybercriminals have noted the games popularity and begun to take advantage of it, creating fake
26-11-2020 10:59

Hackers could get anyone’s email on Xbox Live due to bug
A flaw in Xbox Live has allowed hackers to find out anyone’s email address that was used for an Xbox gamertag. An anonymous hacker told Motherboard last week that they were able to discover the email addresses of anyone who had registered for an Xb
26-11-2020 10:38

Hackers could get anyones email on Xbox Live due to bug
A flaw in Xbox Live has allowed hackers to find out anyone’s email address that was used for an Xbox gamertag. An anonymous hacker told Motherboard last week that they were able to discover the email addresses of anyone who had registered for an Xb
26-11-2020 10:38

Comcast raising TV and Internet prices, including a big hike to hidden fees
Internet prices to rise $3 a month; “Broadcast TV” hidden fee going up $4.50.
25-11-2020 18:07

Feedzai’s Financial Crime Report shows increase in fraud rate by 60% during the pandemic
Feedzai has published its Quarterly Financial Crime Report.  The report analysed financial crime indicators and consumer trends while drawing spending comparisons during one of the most complex shifts in consumer behaviour – the COVID-19 pandemic. The re
25-11-2020 17:26

Is 2FA by SMS a bad idea?
Two-factor authentication is ubiquitous and it’s a really valuable tool to protect systems and data assets. But with increasing reliance on home working and remote access in the current pandemic, what mechanism should we choose? It’s very common these da
25-11-2020 17:21

Android users targeted by WAPDropper malware
The security firm Check Point has recently discovered a new malware called WAPDropper. The malware is spread through malicious apps and is targeting Android users in Southeast Asia. If victims download the infected app through unofficial app stores then
25-11-2020 14:16

Do You Know Who's Lurking in Your Cloud Environment?
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
25-11-2020 13:50

Look Beyond the 'Big 5' in Cyberattacks
Don't ignore cyber operations outside US and European interests, researcher says. We can learn a lot from methods used by attackers that aren't among the usual suspects.
25-11-2020 13:15

Ritzau news agency suffers cyberattack
One of Denmark’s largest news agency that delivers text and photos to the Danish media has recently been pushed offline after they were targetted by a hacking attack. The CEO of Ritzau, Lars Vesterloekke, said “Ritzau has been the target of a
25-11-2020 11:22

Baidu caught collecting sensitive data from Android users
Two Android applications owned by Chinese tech giant Baidu have recently been removed from the Google Play Store following a scandal where they were found to be collecting sensitive data from their users. Two of Baidu’s apps, Baidu Maps and Baidu S
25-11-2020 11:15

Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
25-11-2020 10:00

Why Security Awareness Training Should Be Backed by Security by Design
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
25-11-2020 09:45

SpaceX Starlink engineers take questions in Reddit AMA—here are highlights
Expanded beta is coming in January, and there's no plan for data caps.
24-11-2020 19:18

Latest Version of TrickBot Employs Clever New Obfuscation Trick
The malware takes advantage of how the Windows command line interpreter works to try and slip past anti-detection tools, Huntress Labs says.
24-11-2020 17:50

Baidu Apps Leaked Location Data, Machine Learning Reveals
Several apps available on the Google Play Store, including two made by Chinese Internet giant Baidu, leaked information about the phone's hardware and location without the user's knowledge, research finds.
24-11-2020 17:00

How Ransomware Defense is Evolving With Ransomware Attacks
As data exfiltration threats and bigger ransom requests become the norm, security professionals are advancing from the basic "keep good backups" advice.
24-11-2020 16:50

CISA Warns of Holiday Online Shopping Scams
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
24-11-2020 16:20

Alexa, Disarm the Victim's Home Security System
Researchers who last year hacked popular voice assistants with laser pointers take their work to the next level.
24-11-2020 15:50

Cloud Security Startup Lightspin Emerges From Stealth
The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.
24-11-2020 14:35

US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
24-11-2020 14:00

What's in Store for Privacy in 2021
Changes are coming to the privacy landscape, including more regulations and technologies.
24-11-2020 13:50

Brazilian government recovers from their worst cyberattack yet
Brazil’s public sector institution, the Superior Electoral Court (STJ, in the Portuguese acronym), recently suffered the most server cyberattack to ever target their government. Following this attack, the STJ is finally managing to get their system
24-11-2020 12:18

Tesla’s bluetooth vulnerabilities mean X models can be stolen in a matter of minutes
Security researcher, Lennert Wouters, at Belgian university KU Leuven has discovered a number of security vulnerabilities in Tesla Model X cars and their keyless entry fobs. Wouters found that a combination of the uncovered vulnerabilities could be explo
24-11-2020 11:45

Spotify passwords stored on a cloud database by a hacker with no password
Hackers who stole 350,000 Spotify passwords stored them on a cloud server without a password. The hackers access the passwords using a cache of login credentials stolen from other data breaches, as all of the the users who had their Spotify passwords sto
24-11-2020 11:34

Printers' Cybersecurity Threats Too Often Ignored
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
24-11-2020 11:00

OneWeb exits bankruptcy and is ready to launch more broadband satellites
OneWeb plans satellite launches in December and throughout 2021 and 2022.
23-11-2020 20:56

Security Researchers Sound Alarm on Smart Doorbells
A new analysis of 11 relatively inexpensive video doorbells uncovered high-risk vulnerabilities in all of them.
23-11-2020 18:05

Comcast to enforce 1.2TB data cap in entire 39-state territory in early 2021
Data cap comes to 12 more US states over four years after everyone else got it.
23-11-2020 17:45

As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
23-11-2020 17:45

Ransomware Grows Easier to Spread, Harder to Block
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
23-11-2020 17:30

source : arstechnica, darkreading, itsecurityguru