Threat Level as of APRIL 2020

MS ISAC Last Mnt Alert Level May 2019

On April 2020, the Cyber Threat Alert Level was evaluated and because of COVID-19 Pandemic, has been raised to "GUARDED" security levels.

Organizations and users are advised to update and apply all appropriate vendor security patches to vulnerable systems and to continue to update their antivirus signatures daily. Another line of defense includes user awareness training regarding the threats posed by attachments and hypertext links contained in emails especially from un-trusted sources.

MS ISAC Last Mnt Hot Topics MAR2020 2
MS ISAC Last Mnt Hot Topics MAR2020 3
MS ISAC Last Mnt Hot Topics MAR2020
MS ISAC Last Mnt Alert Map May 2019

"Knowledge about your enemies will help you win. Thus, treat threat intelligence with the respect it deserves and use it to protect your organization from all the relevant adversaries."

- How to Collect, Refine, Utilize and Create Threat Intelligence, October 2016, Gartner

Are you living in a SMART HOME?

SMART HOMES based on the IoT (Internet of Things - Amazon Alexa, Google Siri, Ring Doorbell etc) provide comfort & convenient management of our complicated life, however, SMART HOMES are also the largest threat to our privacy and risk of identity theft --

RSS Threats with IoTs

RSS IoT For All

  • How “Work From Home” During Covid-19 Has Transformed The World Of Telecommunications August 13, 2020
    The post How “Work From Home” During Covid-19 Has Transformed The World Of Telecommunications appeared first on IoT For All Service providers have enhanced their attention on work from home networks to provide more reliable home-based communication and collaboration solutions during Covid-19. The post How “Work From Home” During Covid-19 Has Transformed The World Of […]
  • IoT Attacks, Hacker Motivations, and Recommended Countermeasures August 12, 2020
    The post IoT Attacks, Hacker Motivations, and Recommended Countermeasures appeared first on IoT For All Robust IoT device security is crucial for a successful IoT solution. Understanding the vulnerabilities that hackers take advantage of, as well as their motivations, is the first step towards guarding your IoT solution against external manipulation. The post IoT Attacks, […]
  • Preparing Cybersecurity Measures for a Post-COVID, Hyperconnected World August 12, 2020
    The post Preparing Cybersecurity Measures for a Post-COVID, Hyperconnected World appeared first on IoT For All COVID-19 has plunged us into a hyperconnected world—with heightened opportunities for attacks on IoT devices, companies need to act now to increase security measures. The post Preparing Cybersecurity Measures for a Post-COVID, Hyperconnected World appeared first on IoT For […]
  • Standardization: The Master Key to Unlocking the Full Potential of IoT August 11, 2020
    The post Standardization: The Master Key to Unlocking the Full Potential of IoT appeared first on IoT For All The potential of IoT is promising, however, as the market continues to expand, it's crucial now more than ever to establish IoT industry standards. The post Standardization: The Master Key to Unlocking the Full Potential of […]
  • The Edge vs. The Cloud: A Hybrid Approach for Manufacturing August 10, 2020
    The post The Edge vs. The Cloud: A Hybrid Approach for Manufacturing appeared first on IoT For All As manufacturing companies move towards integrated IoT systems, a combination of edge computing with cloud computing will maximize a business' potential for growth. The post The Edge vs. The Cloud: A Hybrid Approach for Manufacturing appeared first […]

NIST National Vulnerabilty Database

Search the NIST database for a known vulnerability now ---

RSS National Vulnerability Database

  • CVE-2020-17463 (fuel_cms) August 13, 2020
    FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
  • CVE-2020-4589 (websphere_application_server) August 13, 2020
    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. The vulnerability only occurs if an undocumented customization has been applied by an administrator. IBM X-Force ID: 184585.
  • CVE-2019-4582 (maximo_asset_management) August 13, 2020
    IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 167288.
  • CVE-2020-17450 (php-fusion) August 12, 2020
    PHP-Fusion 9.03 allows XSS on the preview page.
  • CVE-2020-17449 (php-fusion) August 12, 2020
    PHP-Fusion 9.03 allows XSS via the error_log file.
  • CVE-2020-17362 (nova_lite) August 12, 2020
    search.php in the Nova Lite theme before 1.3.9 for WordPress allows Reflected XSS.
  • CVE-2020-8904 (asylo) August 12, 2020
    An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 […]
  • CVE-2020-8905 (asylo) August 12, 2020
    A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not […]
  • CVE-2020-6309 (netweaver) August 12, 2020
    SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.
  • CVE-2020-6300 (businessobjects_business_intelligence_platform) August 12, 2020
    SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability.

RSS National Vulnerability Database

  • CVE-2019-20383 August 13, 2020
    ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
  • CVE-2020-7360 August 13, 2020
    An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering […]
  • CVE-2020-24348 August 13, 2020
    njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
  • CVE-2020-24349 August 13, 2020
    njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
  • CVE-2020-24342 August 13, 2020
    Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.
  • CVE-2020-24344 August 13, 2020
    JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
  • CVE-2020-24345 August 13, 2020
    ** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option.
  • CVE-2020-24346 August 13, 2020
    njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
  • CVE-2020-24347 August 13, 2020
    njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
  • CVE-2020-24343 August 13, 2020
    Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c.

RSS Tenable Product Security Advisories

  • [R1] Nessus 8.11.0 Fixes One Vulnerability July 10, 2020
    Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. An authenticated, remote attacker could potentially exploit this vulnerability to execute arbitrary code in a user's session. Tenable has implemented additional input validation mechanisms to correct this issue.
  • [R1] Nessus Network Monitor 5.11.1 Fixes One Third-party Vulnerability June 2, 2020
    Nessus Network Monitor leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled OpenSSL components to address the potential impact of […]
  • [R1] Nessus Agent 7.6.3 Fixes Multiple Third-party Vulnerabilities April 28, 2020
    Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain a multiple vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled library to address the potential impact of […]
  • [R2] Tenable.sc 5.14.0 Fixes Multiple Vulnerabilities April 13, 2020
    Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component (jQuery) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of these issues. Tenable.sc versions 5.14.0 […]
  • [R1] SimpleSAMLPHP Stand-alone Patch Available for Tenable.sc versions 5.9.x to 5.12.x January 6, 2020
    Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (SimpleSAMLPHP) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to provide a stand-alone patch to address the potential impact of these issues in […]
  • [R1] Tenable.sc 5.13.0 Fixes Multiple Third-Party Vulnerabilities December 30, 2019
    Tenable.sc leverages third-party software to help provide underlying functionality. Three separate third-party components (OpenSSL, Apache HTTP Server, SimpleSAMLphp) were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the bundled libraries to address the potential impact of […]
  • [R1] Nessus Network Monitor 5.11.0 Fixes Multiple Third-party Vulnerabilities December 19, 2019
    Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several third-party components (OpenSSL, jQuery and moment.js) were found to contain vulnerabilities, and updated versions have been made available by the providers.
  • [R1] PHP Stand-alone Patch Available for Tenable.sc versions 5.7.x to 5.11.x November 4, 2019
    Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (PHP) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to provide a stand-alone PHP patch to address the potential impact of these issues […]
  • [R1] Nessus 8.7.0 Fixes One Vulnerability October 22, 2019
    Nessus versions 8.6.0 and earlier were found to contain a Denial of Service vulnerability due to improper validation of specific imported scan types. An authenticated, remote attacker could potentially exploit this vulnerability to cause a Nessus scanner to become temporarily unresponsive.
  • [R1] Nessus 8.6.0 Fixes One Vulnerability August 13, 2019
    Nessus versions 8.5.2 and earlier on Windows platforms were found to contain a flaw where certain files could be overwritten arbitrarily. An authenticated, remote attacker could potentially exploit this vulnerability to create a denial of service condition.

RSS The State of Security

  • Integrating the Risk Management Framework (RMF) with DevOps August 14, 2020
    Information security should be at the heart of every system launched. In accordance with the Federal Information Security Management Act (FISMA), an information technology system is granted an Authority to Operate (ATO) after passing a risk-based cybersecurity assessment. The ATO Problem However, the ATO process can pose several challenges to the modern DevOps processes, as […]
  • CISA Warns of Phishing Emails Leading to Spoofed COVID-19 Relief Page August 13, 2020
    The Cybersecurity & Infrastructure Security Agency (CISA) warned that phishing emails are redirecting recipients to spoofed COVID-19 loan relief pages. On August 12, CISA announced its discovery of the attack campaign in Alert (AA20-225A): The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business […]
  • Cybercriminals Are Infiltrating Netgear Routers with Ancient Attack Methods August 13, 2020
    It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us. If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a […]
  • Google App Engine, Azure App Service Abused in Phishing Campaign August 12, 2020
    A phishing campaign abused both the Google App Engine and the Azure App Service to steal victims’ Microsoft Outlook credentials. Netskope observed that the attack campaign started with a shortened link “https://bitly[.]com/33nMLkZ” distributed by a phishing email. This link redirected a recipient of the email to a Google App Engine domain “https://o365apps[.]oa.r.appspot.com.” A Google Cloud […]
  • Survey: 76% of IT Pros Say It’s Difficult to Maintain Security Configs in the Cloud August 12, 2020
    Cloud misconfigurations are no laughing matter. In its “2020 Cloud Misconfigurations Report,” DivvyCloud revealed that 196 separate data breaches involving cloud misconfigurations had cost companies a combined total of approximately $5 trillion between January 1, 2018 and December 31, 2019. The problem is that those costs could be even higher; as reported by ZDNet, 99% […]
  • Managing Information Security Skepticism by Changing Workplace Culture August 12, 2020
    Imagine a workplace in which all of the staff support the function of information security. Employees report suspicious events, are committed to data privacy and see the value in completing the regularly scheduled compliance trainings. How much easier life would be for security professionals! Naturally, it’s hard for people to get behind something that feels […]
  • VERT Threat Alert: August 2020 Patch Tuesday Analysis August 11, 2020
    Today’s VERT Alert addresses Microsoft’s August 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-899 on Wednesday, August 12th. In-The-Wild & Disclosed CVEs CVE-2020-1464 A vulnerability exists in the way that Windows validates file signatures. An attacker could load improperly signed files by bypassing security features that […]
  • New Agent Tesla Variants Capable of Stealing Data from VPNs, Browsers August 11, 2020
    Some new variants of the Agent Tesla infostealer family are capable of stealing data from multiple VPN clients and web browsers. SentinelOne observed that attackers continue to deploy Agent Tesla across various stages of their operations, as this malware enables criminals with even low levels of technical expertise to manipulate and manage their victims’ infected […]
  • The Importance of Content for Security Tools like Tripwire August 11, 2020
    Have you ever stood in the airport security line when the agents bring the dog out to inspect everyone’s luggage? I’m always so fascinated watching the dog go down the line and do her work. Wow she’s so smart! How does she know what to look for? My own dog has talents of her own, […]
  • Phishers Send Out Fake cPanel Security Vulnerabilities Advisory August 10, 2020
    Fraudsters launched a new phishing attack in which they sent out a fake cPanel advisory warning recipients about fabricated security vulnerabilities. On August 5, cPanel and WebHost Manager (WHM) users began reporting of having received a fake advisory that appeared to have originated from the company. The fake advisory informed recipients that cPanel had released […]

RSS Attacks!

RSS Network Threats

RSS Mobile Device Threats

  • Security Standards For 5G March 24, 2020
    Gartner predicts that the 5G enterprise IoT endpoint installed base will more than triple between 2020 and 2021, from 3.5 million units in 2020 to 11.4 million units in 2021. By 2023, the enterprise 5...
  • RSAC2020: IoT Is Officially Part Of Enterprise Mobility March 6, 2020
    Risk that comes from mobile and IoT devices must be factored into the enterprise security program. Security leaders need to be looking at those risks holistically and strategically, rather than operat...
  • Email Phishing Overshadows Risk Of Mobile Malware January 2, 2020
    Like the mobile device’s counterpart, workstations and laptops, many loaded malware campaigns begin with phishing attempts. Cyber Security Hub developed a market report to explore the perceptions, cha...
  • Incident Of The Week: FaceApp Now Viral For Security Risks July 19, 2019
    FaceApp has become popular for its ability to take a photo of anyone’s face and age it, or transform its features. Developed by a Russian-based company, it has gone viral because many are questioning...
  • BYOD Rules And The Future Of Medical Data Security April 24, 2019
    Healthcare organizations have always been extremely attractive targets to cyber criminals, so the increasing use of personal or third party mobile devices highlights a need for the implementation of m...
  • Incident Of The Week: Group FaceTime Glitch Exposes Privacy Breach February 1, 2019
    According to The New York Times, on Jan. 19, a 14-year-old from Arizona discovered a glitch using FaceTime, Apple’s video chatting software — he could eavesdrop on his friend’s phone before his friend...
  • 5 Reasons To Use Biometrics To Secure Mobile Devices January 24, 2019
    It is no secret that mobile devices are under attack. From phishing scams to a host of other issues, mobile devices are increasingly seen as a vulnerability in the enterprise, and as an easy target fo...
  • 7 Mobile Security Bloggers To Follow January 15, 2019
    With new enterprise mobile device security threats and vulnerabilities being discovered on a frequent basis, it helps to read analysis from numerous industry leaders.
  • 11 Ways To Boost Your Mobile Device Security Now January 11, 2019
    Since mobile devices can represent an enormous security risk, enterprises need to be aware of every solution. Here are 11 initiatives from IQPC's Enterprise Mobility Exchange, to enhance mobile device...
  • Palo Alto Networks CSO Talks Risk Metrics, Algorithms & Automation October 30, 2018
    On the May 14 episode of “Task Force 7 Radio,” host George Rettas sat down with Palo Alto Networks CSO, Rick Howard, to outline risk management, the security kill-chain and much more.

RSS Threats From Malware

RSS Threats to Data

RSS Cloud Threats

RSS Executive Decisions

RSS Security Strategy

  • Patchwork of Privilege June 26, 2020
    Product marketing manager from Thycotic, Erin Duncan, discusses privilege in this Digital Summit session. Erin sets the stage with this: “We know that cyber attackers are utilizing new technology and...
  • Identity Access, Endpoint Security & User Productivity June 25, 2020
    No matter where you currently are on the “return” continuum, some form of accentuated remote work, it seems- it’s here to stay. The days of 30%ish of your workforce remotely accessing your systems som...
  • Reducing Threat Impact With CIS Controls June 3, 2020
    Lane Roush, vice-president of Presales Systems Engineering at Arctic Wolf Networks, discusses CIS roles, controls, and tools in this digital summit session.
  • Detecting And Responding At The Speed Of Business May 28, 2020
    Tim Condello, the global technology leader for Siemplify, details how to detect and respond to threats at the speed of business in this fun, informative 2020 Cyber Security Summit session.
  • Best Practices For Thriving In An Ambiguous World May 28, 2020
    Christine Vanderpool is the VP of IT security and the chief information security officer for Florida Crystals Corporation and ASR Group.. When she started, there was no defined cyber security strategy...
  • Implementing A Layered Approach To Phishing And Whaling May 27, 2020
    During this digital summit panel, Suresh Chawdhary, head of security & privacy for Nokia, stresses the importance of a layered, multi-pronged cyber security approach to best protect from phishing and...
  • What Is The Current State Of Cyber Security May 27, 2020
    Michael Oberlaender joins host George Rettas on this episode of Task Force 7. Michael is a globally recognized thought leader, author, publisher, and speaker. With three decades of IT experience, Mic...
  • Enable Secure Velocity At Scale: DevOps Automation With Identity May 14, 2020
    Ivan Dwyer, group product marketing manager with Okta, begins this virtual session by acknowledging the challenges of security professionals as an increasing number of organizations adopt cloud and De...
  • Protecting People from the #1 Threat Vector May 4, 2020
    The FBI reported losses attributed to business email compromise (BEC) and Email Account Compromise (EAC) totalling over $26B between July 2016 and July 2019. While the scale of losses is staggering, h...
  • Scaling Enterprise Threat Detection And Response Is The Theme Of Cyber Security... April 20, 2020
    Cyber Security Hub has united experts from every aspect of this space to present their most compelling case studies and real-world advice. By the end of the event, you will have the tools necessary to...

RSS InfoSecurity Magazine

RSS Application and Cybersecurity Blog

  • Debuting our newest Cyber Range at DEF CON 28 August 11, 2020
    Last Saturday, we hosted our totally re-imagined CMD+CTRL Cloud Cyber Range at DEF CON 28 “Safe Mode”. Security Innovation has been participating in the Contests and Events at DEF CON for years. Still, this year was unique for two huge reasons: it was totally remote, and we debuted our first ever Cloud Infrastructure Cyber Range.
  • CMD+CTRL Mid-Year Review August 6, 2020
    If anything that the past few months have brought to light, it’s that community is invaluable. It provides strength, growth, and opportunities that may not arise otherwise, while also occasionally providing an unexpected framework and support for growth. These attributes recently shone brightly in our Hot Dogs and Hacking event, where many skilled cybersecurity professionals […]
  • Proxying Unaware Thick Clients August 5, 2020
    Here we force obtuse thick clients to send traffic our way
  • The Seven Sins of Anti-CSRF Tokens July 29, 2020
    How attackers chain weak Anti-CSRF with other vulnerabilities to cause maximum damage
  • Computer-Based Training: July 2020 Release in Review July 23, 2020
    Our release this quarter focuses on two areas:

RSS Naked Security

RSS Cyber security

RSS Cyber Security

  • PenLink PLX - How police sniffs your phone August 13, 2020
    submitted by /u/adhoc_zone [link] [comments]
  • Security Concerns August 8, 2020
    Hello Reddit Cyber Security Community, I have been having some issues with my computer, and believe that someone has been accessing my chromebook remotely. I am worried about my emails being read and intercepted, among other things. Viewing my desktop remotely as I access personal items and accounts. Would anyone here be willing/able to help […]
  • Struggled to answer a question the other day and was wondered if you could help me answer/understand the question... August 7, 2020
    TLDR: What can countries like China really do with data from US citizens? ​ Background: My Wife: Non-technical, TikTok fan, Democrat. Me: CS-Student, not a TikTok fan, Left-leaning independent. ​ My wife asked me today, "What can foreign countries like China do with our data?" I fumbled with the question and she followed up my […]
  • Do I need to be good at competitive programming to excel in Cybersecurity profession ? July 23, 2020
    I am just starting out to specialize in Cybersecurity. I am very confused about practicing competitive programming (Codechef etc). Is it required for job interviews or any other kind of work later in this field ? Please enlighten me. submitted by /u/Agent_1620 [link] [comments]
  • Determine if ASLR is enabled on MacOS July 22, 2020
    Does anyone know what command i can run to determine if Address Space Layout Randomization (ASLR) is enabled on MacOS? I know that by default it is enabled, but i want to find out if someone in my company has disabled it. I am really attempting to cover CIS 8.3 - Enable OS Anti-Exploitations Features […]
  • just a quick question July 14, 2020
    my buddy and i made a bet that he could hide from me for 48 hours, but i know he loves wings so i was gonna send him a promo for wings from a burner email and i wanted to put a file disguised as a flyer in the email so when he downloads it […]
  • free courses July 13, 2020
    for anyone interested it looks like Cybrary is offering 7 courses free through the end of July https://www.cybrary.it/blog/free-courses-at-cybrary-in-july/ I am always on the look out for free learning and wanted to pass this along. submitted by /u/inferno19d [link] [comments]
  • Major AWS Privacy Issue July 11, 2020
    Referencing this article that I was sent. ​ https://www.cbronline.com/news/aws-user-data ​ Pretty crazy as that could be a massive implication of misconfigurations with many enterprises leading to massive privacy breaches of their customers. submitted by /u/fplooker [link] [comments]
  • How do I pass my Certified Threat Intelligence Analyst (CTIA) Exam July 11, 2020
    Im a student who is interested in threat intel after completing my internship in a threat intel department in a bank. I decided to take CTIA (EC-Council) certification but have no idea what is going to be tested after reading through the material. No dumps or info available online. Could anyone who has taken it […]
  • Got a personal / home question about cybersecurity or digital privacy? /r/cybersecurity101 is here to help! July 6, 2020
    submitted by /u/InfosecMod [link] [comments]

RSS Cyber Attacks, Cyber Crime and Cyber Security

RSS Krebs on Security

  • Why & Where You Should You Plant Your Flag August 12, 2020
    Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.
  • Microsoft Patch Tuesday, August 2020 Edition August 11, 2020
    Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. Yes, good people of the Windows world, it's time once again to backup and patch up!
  • Hacked Data Broker Accounts Fueled Phony COVID Loans, Unemployment Claims August 6, 2020
    A group of thieves thought to be responsible for collecting millions in fraudulent small business loans and unemployment insurance benefits from COVID-19 economic relief efforts gathered personal data on people and businesses they were impersonating by leveraging several compromised accounts at a little-known U.S. consumer data broker, KrebsOnSecurity has learned.
  • Porn Clip Disrupts Virtual Court Hearing for Alleged Twitter Hacker August 5, 2020
    Perhaps fittingly, a Web-streamed court hearing for the 17-year-old alleged mastermind of the July 15 mass hack against Twitter was cut short this morning after mischief makers injected a pornographic video clip into the proceeding.
  • Robocall Legal Advocate Leaks Customer Data August 3, 2020
    A California company that helps telemarketing firms avoid getting sued for violating a federal law that seeks to curb robocalls has leaked the phone numbers, email addresses and passwords of all its customers, as well as the mobile phone numbers and other data on people who have hired lawyers to go after telemarketers.
  • Three Charged in July 15 Twitter Compromise July 31, 2020
    Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world's most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam. 
  • Is Your Chip Card Secure? Much Depends on Where You Bank July 30, 2020
    Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have […]
  • Here’s Why Credit Card Fraud is Still a Thing July 29, 2020
    Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal. Here's a look at the havoc that lag has […]
  • Business ID Theft Soars Amid COVID Closures July 27, 2020
    Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that's spent years […]
  • Thinking of a Cybersecurity Career? Read This July 24, 2020
    Thousand of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here's a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these […]

RSS WeLiveSecurity

  • Mekotio: These aren’t the security updates you’re looking for… August 13, 2020
    Another in our occasional series demystifying Latin American banking trojans The post Mekotio: These aren’t the security updates you’re looking for… appeared first on WeLiveSecurity
    ESET Research
  • What is the cost of a data breach? August 12, 2020
    The price tag is higher if the incident exposed customer data or if it was the result of a malicious attack, an annual IBM study finds The post What is the cost of a data breach? appeared first on WeLiveSecurity
    Amer Owaida
  • Twitter working to fix issue with 2FA feature August 11, 2020
    An apparent glitch is preventing a number of users from signing in to their accounts The post Twitter working to fix issue with 2FA feature appeared first on WeLiveSecurity
    Amer Owaida
  • Black Hat 2020: Fixing voting – boiling the ocean? August 10, 2020
    With the big voting day rapidly approaching, can the security of the election still be shored up? If so, how? The post Black Hat 2020: Fixing voting – boiling the ocean? appeared first on WeLiveSecurity
    Cameron Camp
  • Week in security with Tony Anscombe August 7, 2020
    ESET highlights new research at Black Hat 2020 – What to if your data was stolen in the Blackbaud breach The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
    Editor
  • Stadeo: Deobfuscating Stantinko and more August 7, 2020
    We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware The post Stadeo: Deobfuscating Stantinko and more appeared first on WeLiveSecurity
    Vladislav Hrčka
  • Small and medium‑sized businesses: Big targets for ransomware attacks August 7, 2020
    Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion? The post Small and medium‑sized businesses: Big targets for ransomware attacks appeared first on WeLiveSecurity
    Amer Owaida
  • Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping August 6, 2020
    At Black Hat USA 2020, ESET researchers delved into details about the KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs affect more chip brands than previously thought The post Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping appeared first on WeLiveSecurity
    Miloš Čermák
  • Blackbaud data breach: What you should know August 6, 2020
    Here’s what to be aware of if your personal data was compromised in the breach at the cloud software provider The post Blackbaud data breach: What you should know appeared first on WeLiveSecurity
    Tony Anscombe
  • NSA shares advice on how to limit location tracking August 5, 2020
    The intelligence agency warns of location tracking risks and offers tips for how to reduce the amount of data shared The post NSA shares advice on how to limit location tracking appeared first on WeLiveSecurity
    Amer Owaida

RSS We Live CyberSecurity Feed

  • Mekotio: These aren’t the security updates you’re looking for… August 13, 2020
    Another in our occasional series demystifying Latin American banking trojans The post Mekotio: These aren’t the security updates you’re looking for… appeared first on WeLiveSecurity
  • What is the cost of a data breach? August 12, 2020
    The price tag is higher if the incident exposed customer data or if it was the result of a malicious attack, an annual IBM study finds The post What is the cost of a data breach? appeared first on WeLiveSecurity
  • Twitter working to fix issue with 2FA feature August 11, 2020
    An apparent glitch is preventing a number of users from signing in to their accounts The post Twitter working to fix issue with 2FA feature appeared first on WeLiveSecurity
  • Black Hat 2020: Fixing voting – boiling the ocean? August 10, 2020
    With the big voting day rapidly approaching, can the security of the election still be shored up? If so, how? The post Black Hat 2020: Fixing voting – boiling the ocean? appeared first on WeLiveSecurity
  • Week in security with Tony Anscombe August 7, 2020
    ESET highlights new research at Black Hat 2020 – What to if your data was stolen in the Blackbaud breach The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
  • Stadeo: Deobfuscating Stantinko and more August 7, 2020
    We introduce Stadeo – a set of scripts that can help fellow threat researchers and reverse engineers to deobfuscate the code of Stantinko and other malware The post Stadeo: Deobfuscating Stantinko and more appeared first on WeLiveSecurity
  • Small and medium‑sized businesses: Big targets for ransomware attacks August 7, 2020
    Why are SMBs a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion? The post Small and medium‑sized businesses: Big targets for ransomware attacks appeared first on WeLiveSecurity
  • Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping August 6, 2020
    At Black Hat USA 2020, ESET researchers delved into details about the KrØØk vulnerability in Wi-Fi chips and revealed that similar bugs affect more chip brands than previously thought The post Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping appeared first on WeLiveSecurity
  • Blackbaud data breach: What you should know August 6, 2020
    Here’s what to be aware of if your personal data was compromised in the breach at the cloud software provider The post Blackbaud data breach: What you should know appeared first on WeLiveSecurity
  • NSA shares advice on how to limit location tracking August 5, 2020
    The intelligence agency warns of location tracking risks and offers tips for how to reduce the amount of data shared The post NSA shares advice on how to limit location tracking appeared first on WeLiveSecurity