SEARCH
All Articles
Attackers Verify O365 Credentials On Microsoft Entra ID
Attackers are cross-checking stolen Office 365 credentials on Microsoft Entra ID in real-time after victims type them into a malicious phishing page, researchers from Armorblox said.
Raccoon Attack Can Compromise Some TLS Connections
A new technique called the Raccoon attack can break the confidentiality of some TLS connections under certain circumstances.
Traditional is Best When Converting Stolen Money to Clean Cash
SWIFT and BAE Systems analyzed the web of businesses, money mules, and intermediate accounts used to transfer stolen money around the world until it becomes hard to trace.
Attackers Use Cloud Tool to Target Docker, Kubernetes
An attack group TeamTNT is using Weave Scope, an open source cloud monitoring and control tool to compromise Docker and Kubernetes instances as part of a cryptocurrency mining operation, security company Intezer said.
Attacks Target Critical Flaw in WordPress File Manager Plugin
Attackers are actively exploiting a critical bug in the File Manager WordPress plugin.
CISA Issues Final Order on Federal Vulnerability Disclosure, But Questions Remain
Federal agencies must publish a vulnerability disclosure policy by March 1, per a new CISA directive, but there is no provision for maturity assessments or resources to build a bug handling process.
UK Says Children’s Apps Must Have Built-in Privacy
New rules from the United Kingdom's Information Commissioner's took effect requiring office apps, social media platforms and online games specifically targeted at children to be designed with privacy in mind. Violators will be fined 4 percent of total revenue.
Gartner Warns CEOs Will be Personally Liable for Breaches by 2024
By 2024, 75 percent of CEOs will be held personally responsible and accountable for cyber-physical security incidents, research firm Garner said.
Notarized Malware Slips Into Mac App Store
A piece of malware made its way into the macOS app store after being accidentally notarized by Apple, allowing it to run on victims' Macs.
Cisco Warns of Exploits Against IOS XR Flaws
Attackers are actively trying to exploit a memory exhaustion vulnerability (CVE-2020-3566) in Cisco's IOS XR royter software.
Bug Allows Theft of Local Files Via Safari
An issue with the Safari Web Share API can allow an attacker to steal local files from a victim in some circumstances.
CISA Releases 5G Security Strategy
The United States Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has released the National Strategy to Secure 5G for securely deploying 5G networks in the United States.
Medical Data Leaks Linked to Hardcoded Credentials in Code
Data of more than 150,000 to 200,000 patient were exposed in at least nine GitHub repositories—the result of improper access controls and hardcoded credentials in source code, according to a DataBreaches.net.
Serious DoS Bug Patched in BIND 9
A vulnerability in several versions of BIND 9 can allow an attacker to knock vulnerable name servers offline.
EU Delays GDPR Decision in Twitter Case
Irish privacy regulators are still working with other European Union data protection authorities to hammer out the final decision of its GDPR case against Twitter over a 2018 security incident.