Ransomware Cyber Attack Forced the Largest U.S. Fuel Pipeline to Shut Down
Colonial Pipeline, which carries 45% of the fuel consumed on the U.S. East Coast, on Saturday said it halted operations due to a ransomware attack, once again demonstrating how infrastructure is vulnerable to cyberattacks. "On May 7, the Colonial Pipeli
09-05-2021 01:28

Facebook Will Limit Your WhatsApp Features For Not Accepting Privacy Policy
WhatsApp on Friday disclosed that it won't deactivate accounts of users who don't accept its new privacy policy rolling out on May 15, adding it will continue to keep reminding them to accept the new terms. "No one will have their accounts deleted or lo
09-05-2021 00:50

Cyberattack Forces Shutdown of Major U.S. Pipeline
Colonial Pipeline halts all fuel pipeline operations in response to a cyberattack
08-05-2021 14:11

New Pingback Malware Using ICMP Tunneling to Evade C&C Detection
Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems. Called 'Pingback,' the Windows malware leverages In
08-05-2021 05:35

Top 12 Security Flaws Russian Spy Hackers Are Exploiting in the Wild
Cyber operatives affiliated with the Russian Foreign Intelligence Service (SVR) have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies from
08-05-2021 05:32

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking
The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named '21Nails
08-05-2021 04:47

New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices
Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm's mobile station modems (MSM) that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undete
08-05-2021 02:32

New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers
Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. The flaw,
08-05-2021 02:32

4 Major Privacy and Security Updates From Google You Should Know About
Google has announced a number of user-facing and under-the-hood changes in an attempt to boost privacy and security, including rolling out two-factor authentication automatically to all eligible users and bringing iOS-styled privacy labels to Android app
08-05-2021 02:31

US-UK Gov Warning: SolarWinds Attackers Add Open-Source PenTest Tool to Arsenal
Agencies in the United States and the United Kingdom on Friday published a joint report providing more details on the activities of the Russian cyberspy group that is believed to be behind the attack on IT management company SolarWinds. The report reveal
07-05-2021 16:32

Week in security with Tony Anscombe
Ousaban banking trojan targeting Brazil – How to help your kids use safe passwords – DDoS attack takes Belgian government websites offline The post appeared first on
07-05-2021 14:30

Under the Microscope: ISACA Survey on Cybersecurity Workforce, Resources and Budgets
A major survey that like all surveys needs to be examined carefully rather than accepted blindly.
07-05-2021 14:28

CISA Analyzes FiveHands Ransomware
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the FiveHands ransomware, roughly one week after FireEye’s Mandiant security researchers reported seeing the malware in recent attacks.
07-05-2021 14:03

Android App Developers Required by Google to Share More Info on Data Handling
Google this week announced that it is introducing a new policy for the Google Play app store, requiring all developers to provide information on their data collection practices.
07-05-2021 13:04

TsuNAME Vulnerability Can Be Exploited for DDoS Attacks on DNS Servers
Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service (DDoS) attacks against authoritative DNS servers, a group of researchers warned this week.
07-05-2021 12:36

DevOps is getting code released faster than ever. But security is lagging behind
DevOps is speeding up software release cycles like never before. But according to GitLab's latest survey, finger-pointing over who should be in charge of security remains an issue.
07-05-2021 12:34

VMware Patches Critical Flaw Reported by Sanctioned Russian Security Firm
VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was recently by the United States.
07-05-2021 10:50

4 Major Privacy and Security Updates From Google You Should Know About
Google has announced a number of user-facing and under-the-hood changes in an attempt to boost privacy and security, including rolling out two-factor authentication automatically to all eligible users and bringing iOS-styled privacy labels to Android app
07-05-2021 08:52

6 Unpatched Flaws Disclosed in Remote Mouse App for Android and iOS
As many as six zero-days have been uncovered in an application called Remote Mouse, allowing a remote attacker to achieve full code execution without any user interaction. The unpatched flaws, collectively named 'Mouse Trap,' were disclosed on Wednesday
07-05-2021 06:20

New Stealthy Rootkit Infiltrated Networks of High-Profile Organizations
An unknown threat actor with the capabilities to evolve and tailor its toolset to target environments infiltrated high-profile organizations in Asia and Africa with an evasive Windows rootkit since at least 2018. Called 'Moriya,' the malware is a "passi
07-05-2021 05:56

New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers
When Spectre, a class of critical vulnerabilities impacting modern processors, was publicly revealed in January 2018, the researchers behind the discovery said, "As it is not easy to fix, it will haunt us for quite some time," explaining the inspiration
07-05-2021 04:52

New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers
Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. The flaw,
07-05-2021 04:49

Insurer AXA Halts Ransomware Crime Reimbursement in France
In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals.
06-05-2021 23:53

Popular routers found vulnerable to hacker attacks
Millions of Brits could be at risk of cyberattacks due to poor default passwords and a lack of firmware updates The post appeared first on
06-05-2021 22:02

World Password Day: Computer credentials are just as important as passwords—protect them, too
Expert discusses the importance of keeping internal computer credentials as safe as your passwords. The need for security never goes away.
06-05-2021 21:13

The need for cybersecurity "never goes away," expert says: World Password Day
More than just passwords, internal computer credentials must also be secured.
06-05-2021 21:12

Cybersecurity: Don't blame employees—make them feel like part of the solution
Scientists find that blaming employees is counterproductive and suggest creating a safe environment for people to admit their mistakes and learn from them. One company already puts that into practice.
06-05-2021 20:10

New Spectre Flaws in Intel and AMD CPUs Affect Billions of Computers
When Spectre, a class of critical vulnerabilities impacting modern processors, was publicly revealed in January 2018, the researchers behind the discovery said, "As it is not easy to fix, it will haunt us for quite some time," explaining the inspiration
06-05-2021 18:51

Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software
Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, an
06-05-2021 18:50

Qualcomm Modem Chip Flaw Exploitable From Android: Researchers
Billions of Android devices are exposed to a vulnerability in Qualcomm’s Mobile Station Modem (MSM) chip A vulnerability in Qualcomm’s Mobile Station Modem (MSM) chip– installed in around 30% of the world’s mobile devices – can be exploited from within
06-05-2021 16:59

How to integrate Linux Malware Detection and ClamAV for automated malware detection on Linux servers
Jack Wallen walks you through the steps of installing both Linux Malware Detection and ClamAV for a reliable one-two punch of malware and virus prevention.
06-05-2021 16:00

Android phones may be vulnerable to security flaw in Qualcomm chip
Patched on Qualcomm's end, the flaw could allow attackers to access your call history and text messages and eavesdrop on your phone conversations, says Check Point Research.
06-05-2021 15:56

Russian 'Evil Corp' Cybercriminals Possibly Evolved Into Cyberspies
The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports.
06-05-2021 15:29

Google to Automatically Enable Two-Step Verification for Some Accounts
Google is marking World Password Day with a blog post summarizing the password management features it offers, and the company announced that it will automatically enroll some accounts in two-step verification (2SV).
06-05-2021 14:24

World Password Day: How to keep your personal and work data safe
The first Thursday in May is World Password Day. Keeping your data safe isn't as difficult as you think. Here are some strategies.
06-05-2021 14:24

MDR Firm Huntress Raises $40 Million in Series B Funding Round
Managed detection and response (MDR) solutions provider Huntress on Thursday announced raising $40 million in a Series B funding round, which brings the total raised by the company to $60 million.
06-05-2021 13:05

Cisco Patches Critical Flaws in SD-WAN, HyperFlex HX Products
Cisco on Wednesday released patches to address tens of vulnerabilities across its product portfolio, including critical flaws in SD-WAN software and the HyperFlex HX data platform.
06-05-2021 12:28

Cybersecurity Experts Share Thoughts for World Password Day
World Password Day was created by Intel in 2013 to raise awareness of the need for strong passwords, but many experts now use the occasion to urge organizations to replace passwords with other, more secure authentication methods.
06-05-2021 11:30

Microsoft Pledges to Store European Cloud Data in EU
US tech giant Microsoft pledged Thursday to process and store all European cloud-based client data in the European Union amid unease in the region over the reach of US legislation on personal data collection.
06-05-2021 11:05

Knowledge of security risks hasn't fixed the password problem
On world password day, data from Onfido serves as a reminder that most people don't follow password recommendations, probably never will, and that means it's time to find a new security standard.
06-05-2021 11:00

Attackers Use Obscurity, Enterprises Should Too
As threat actors attempt to remain undetected to carry out attacks, they often use a variety of tools to obscure their identities and activity. Organizations meanwhile leave their networks and activity open for inspection by anyone who chooses to perform
06-05-2021 10:56

Fantastic passwords and where your children can find them
How witches, wizards and superheroes can help your kids stay safe from cyber-villains, plus other parenting hacks to encourage your children to use secure passwords The post appeared first on
06-05-2021 09:30

CISO Challenge: Check Your Cybersecurity Skills On This New Competition Site
InfoSec leaders tend to be a specific type. Their jobs require them to think of possible threats, take actions that may not pay immediate results, plan for unknown security risks, and react quickly when emergencies arise, often before the morning's first
06-05-2021 07:56

New Qualcomm Chip Bug Could Let Hackers Spy On Android Devices
Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm's mobile station modems (MSM) that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undete
06-05-2021 05:18

New Study Warns of Security Threats Linked to Recycled Phone Numbers
A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even pr
06-05-2021 05:18

States Push Back Against Use of Facial Recognition by Police
Law enforcement agencies across the U.S. have used technology to solve homicides and bust human traffickers, but concern about its accuracy and the growing pervasiveness of video surveillance is leading some state lawmakers to hit the pause button.
06-05-2021 02:07

Security teams plan a new pandemic quarantine for BYOD devices headed back to the office
A survey from Blackberry finds that IT departments are worried about unpatched devices connecting to corporate networks as offices reopen.
05-05-2021 20:59

DOD Expands Vulnerability Disclosure Program to Web-Facing Targets
The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems.
05-05-2021 19:09

World Password Day: How to keep yourself and your company data secure
The first Thursday in May is World Password Day. Learn some tips for what your organization should do to foster good password management techniques.
05-05-2021 18:23

How one phony vaccine website tried to capture your personal information
Recently seized by the government, the site spoofed an actual company developing a coronavirus vaccine in an effort to steal personal data for malicious purposes.
05-05-2021 18:04

DDoS attack knocks Belgian government websites offline
The attack overwhelmed the systems of a Belgian ISP, leading to widespread service outages and disruptions The post appeared first on
05-05-2021 15:51

Poor collaboration between NOC and SOC hampers digital transformation efforts
Even though they both seek common ends, networking and security teams are often at odds with each other, slowing their companies down.
05-05-2021 15:31

IBM Security announces new ways for customers to adopt a zero trust approach
In addition to new blueprints, IBM Security also announced a partnership with the cloud and network security provider Zscaler.
05-05-2021 14:50

3 Steps to Disrupt Threat Actors Selling Access to Your Environment
Unmasking a threat actor at an individual level could help you to gain more context, determine why the attack occurred, and quantify future risk
05-05-2021 14:39

Red Hat Open-Sourcing StackRox Security Technology
Red Hat this week announced that it’s taking the first steps towards open-sourcing the StackRox container security product for Kubernetes.
05-05-2021 13:41

Cymulate Raises $45 Million to Grow Its Attack Simulation Platform
Israeli cybersecurity testing firm  announced today that it has raised $45 million through a Series C funding round.
05-05-2021 13:35

Chrome for Windows Gets Hardware-enforced Exploitation Protection
Google makes Chrome for Windows more resilient to vulnerability exploitation with new mitigation technology Starting in version 90, Chrome for Windows improves resilience against vulnerability exploitation by adopting Hardware-enforced Stack Protection.
05-05-2021 13:19

U.S. Organizations Targeted by New Cybercrime Group With Sophisticated Malware
A new threat actor that appears to be financially motivated has targeted many organizations in the United States and other countries using several new pieces of malware, FireEye reported on Tuesday.
05-05-2021 12:34

Cyber Asset Management Startup JupiterOne Raises $30 Million
Cyber asset management and governance solutions provider JupiterOne on Tuesday announced that it raised $30 million in Series B funding, which brings the total raised by the company to more than $49 million. The funding round was led by Sapphire Venture
05-05-2021 10:41

The VC View: Cloud Security and Compliance
I’m glad this column is coming out now instead of earlier this year. Cloud security is more topical than ever when considering all the fun things that have happened in 2021 with security startups!
05-05-2021 10:02

Ousaban: Private photo collection hidden in a CABinet
Another in our occasional series demystifying Latin American banking trojans The post appeared first on
05-05-2021 09:30

New Study Warns of Security Threats Linked to Recycled Phone Numbers
A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even pr
05-05-2021 06:51

Android Updates for May 2021 Patch Over 40 Vulnerabilities
The Android operating system updates released by Google for May 2021 patch a total of 42 vulnerabilities, including four considered critical severity.
05-05-2021 04:00

BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide
PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition. The issues, reported
05-05-2021 03:13

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking
The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named '21Nails
05-05-2021 02:36

Belgian Government, Parliament, Colleges Hit by Cyberattack
The company providing internet services for Belgium’s parliament, government agencies, universities and scientific institutions said Tuesday that its network was under cyberattack, with connections to several customers disrupted.
05-05-2021 02:16

ID Verification Platform Provider Persona Raises $50 Million
Armed with $68 million in funding to date, the company plans to double its team and scale up its business
05-05-2021 01:09

Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks
Apple on Monday released security updates for iOS, macOS, and watchOS to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild. <!--adsense--> The weaknesses all con
04-05-2021 20:21

Qualys Flags Gaping Security Holes in Exim Mail Server
Security researchers document 21 major security vulnerabilities in Exim and warn that users are exposed to remote code execution flaws 
04-05-2021 19:31

Expert: The cloud is more secure than on-prem, but the speed of adoption is making it less so
Companies are accelerating their use of the cloud, but should slow down and make sure security is built in from the beginning.
04-05-2021 19:08

Cloud adoption is accelerating, but cloud security might be an issue
The problem is not the cloud, one expert said. It's the speed at which companies are moving items to the cloud without considering security controls.
04-05-2021 19:05

Microsoft will soon remove Flash Player from Windows 10 devices
The Patch Tuesday security update due in July should hammer the last nail in the coffin of Adobe Flash Player The post appeared first on
04-05-2021 16:50

Facebook: Don't expect full end-to-end encryption on Messenger until 2022 'at the earliest'
Facebook says it wants to make E2EE the default across all of its messaging platforms, but this will be a gradual process.
04-05-2021 15:35

High-Severity Dell Driver Vulnerabilities Impact Hundreds of Millions of Devices
Owners of Dell devices were informed on Tuesday that a firmware update driver present on a large number of systems is affected by a series of high-severity vulnerabilities.
04-05-2021 15:10

New Variant of Buer Malware Loader Written in Rust to Evade Detection
A new variant of the Buer malware loader has been detected, written in Rust. The original version is written in C. Rust is efficient, easy-to-use, and an increasingly popular programming language – Microsoft uses it, and joined the Rust Foundation in Feb
04-05-2021 15:07

Trend Micro Unveils New OT Endpoint Security Solution Made by TXOne
Cybersecurity firm Trend Micro on Monday announced a new endpoint security solution developed by TXOne Networks for devices in operational technology (OT) environments.
04-05-2021 13:26

Acronis Raises $250 Million at $2.5 Billion Valuation
Cyber protection solutions provider Acronis on Tuesday announced that it has raised $250 million at a valuation of $2.5 billion.
04-05-2021 12:09

This ambitious Microsoft project aims to fix cloud computing security
Microsoft Research's Project Freta aims to find invisible malware running on the cloud.
04-05-2021 10:48

ATT&CK v9 Introduces Containers, Google Workspace
MITRE announced last week that the latest update to the popular ATT&CK framework introduces techniques related to containers and the Google Workspace platform.
04-05-2021 08:39

LuckyMouse Hackers Target Banks, Companies and Governments in 2020
An adversary known for its watering hole attacks against government entities has been linked to a slew of newly detected intrusions targeting various organizations in Central Asia and the Middle East. The malicious activity, collectively named "Emissary
04-05-2021 06:08

Researchers Uncover Iranian State-Sponsored Ransomware Operation
Iran has been linked to yet another state-sponsored ransomware operation through a contracting company based in the country, according to new analysis. "Iran's Islamic Revolutionary Guard Corps (IRGC) was operating a state-sponsored ransomware campaign
04-05-2021 06:08

New Pingback Malware Using ICMP Tunneling to Evade C&C Detection
Researchers on Tuesday disclosed a novel malware that uses a variety of tricks to stay under the radar and evade detection, while stealthily capable of executing arbitrary commands on infected systems. Called 'Pingback,' the Windows malware leverages In
04-05-2021 06:02

How Should the Service Desk Reset Passwords?
Ask the average helpdesk technician what they do all day, and they will probably answer by saying that they reset passwords. Sure, helpdesk technicians do plenty of other things too, but in many organizations, a disproportionate number of helpdesk calls
04-05-2021 05:39

Apple Warns of New Zero-Day Attacks on iOS, MacOS
Apple’s problems with zero-day attacks continued this week with news of another mysterious in-the-wild compromise affecting iPhones, iPads and MacOS devices.
04-05-2021 02:32

Critical Patch Out for Critical Pulse Secure VPN 0-Day Under Attack
Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors. Tracked as CVE-2021-22893 (
04-05-2021 01:21

Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks
Apple on Monday released security updates for iOS, macOS, and watchOS to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild. <!--adsense--> The weaknesses all con
03-05-2021 23:38

A Rust-based Buer Malware Variant Has Been Spotted in the Wild
Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called "Buer" written in Rust, illustrating how adversaries are constantly honing their malware toolsets to evade analysis. Dubbed "Rus
03-05-2021 20:42

Phishing attacks imitate Wells Fargo and Chase the most
These popular banks are being spoofed in attacks targeting people filing taxes, getting stimulus checks and ordering deliveries, says Check Point.
03-05-2021 19:20

Alaska Court System Briefly Forced Offline Amid Cyber Threat
The Alaska Court System has temporarily disconnected most of its operations from the internet after a cybersecurity threat on Saturday, including its website and removing the ability to look up court records.
03-05-2021 19:07

A security flaw in AirDrop found by users
Someone who knows how can obtain your phone number and email address when you try to share a file from your iPhone, say researchers at the University of Darmstadt.
03-05-2021 19:05

How to set up camera privacy settings in Windows 10
Before you can use a camera app in Windows 10 you have to allow access to the camera itself. Only then can you allow access to the app. We walk you through it.
03-05-2021 18:04

INTERPOL aims to deal a blow to digital piracy
The agency’s new initiative will also warn about the high cost of the free lunch – the increased risk of malware exposure The post appeared first on
03-05-2021 16:39

Pulse Secure Ships Belated Fix for VPN Zero-Day
Embattled VPN technology vendor Pulse Secure on Monday updated an “out-of-cycle” advisory with patches for four major security vulnerabilities, including belated cover for an issue that’s already been exploited by advanced threat actors.
03-05-2021 16:26

Cybersecurity M&A Roundup: 31 Deals Announced in April 2021
03-05-2021 13:22

Cybersecurity M&A Roundup: 30 Deals Announced in April 2021
03-05-2021 13:22

These breached "Star Wars"-themed passwords need more than the force to save them
Turns out, even the most sci-fi-inspired passwords still need the occasional capital letter and special character splashed in.
03-05-2021 12:30

These breached "Star Wars"-themed passwords need more than the force to save them
Turns out, even the most sci-fi-inspired passwords still need the occasional capital letter and special character splashed in.
03-05-2021 12:30

Tesla Car Hacked Remotely From Drone via Zero-Click Exploit
Two researchers have shown how a Tesla — and possibly other cars — can be hacked remotely without any user interaction. They carried out the attack from a drone.
03-05-2021 12:29

NSA Issues Guidance on Securing IT-OT Connectivity
The U.S. National Security Agency (NSA) last week released a cybersecurity advisory focusing on the security of operational technology (OT) systems, particularly in terms of connectivity to IT systems.
03-05-2021 11:25

The Anti-Fraud Lifecycle
It is a known fact that cybercriminals choose the path of least resistance. Naturally, easy cashout methods with good returns are much more favorable than methods that are high risk, complicated or yield small profits. While this is not the only factor i
03-05-2021 11:06

source : hackernews, securityweek, techrepublicsecurity, welivesecurity