April 09, 2021Ravie Lakshmanan APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat...
Year: 2021
The Hacker News – RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
April 12, 2021Ravie Lakshmanan An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other...
The Hacker News – BRATA Malware Poses as Android Security Scanners on Google Play Store
April 12, 2021Ravie Lakshmanan A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute...
The Hacker News – Detecting the “Next” SolarWinds-Style Cyber Attack
April 13, 2021The Hacker News The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade...
The Hacker News – Hackers Using Website’s Contact Forms to Deliver IcedID Malware
April 13, 2021Ravie Lakshmanan Microsoft has warned organizations of a “unique” attack campaign that abuses contact forms published on websites to deliver malicious links to businesses...
threatpost – 1.3M Clubhouse Users’ Data Dumped in Hacker Forum for Free
Author:Becky BrackenApril 12, 2021 4:18 pm3:30 minute read Write a comment Clubhouse denies it was ‘breached’ and says the data is out there for anyone to grab. Clubhouse, the...
threadpost – Chrome Zero-Day Exploit Posted on Twitter
Author:Elizabeth MontalbanoApril 13, 2021 9:40 am2:30 minute read Write a comment An update to Google’s browser that fixes the flaw is expected to be released on Tuesday. A researcher...
Google Security Blog – Rust in the Android platform
April 6, 2021Posted by Jeff Vander Stoep and Stephen Hines, Android Team Correctness of code in the Android platform is a top priority for the security,...
CSO Online – The SolarWinds hack timeline: Who knew what, and when?
Impact, detection, response, and ongoing fallout from the attack on SolarWinds’ Orion remote IT management software. Details of the 2020 SolarWinds attack continue to unfold, and it may...
CSO Online – Top cybercrime gangs use targeted fake job offers to deploy stealthy backdoor
The Golden Chickens cybercriminal gang is believed to sell its more_eggs backdoor for spear phishing campaigns executed using information gleaned from victims’ LinkedIn profiles. By Lucian Constantin...
CSO Online – Coca-Cola trade secret theft underscores importance of insider threat early detection
A research engineer used basic exfiltration techniques to steal trade secrets from Coca-Cola, but wasn’t caught until she attempted to steal similar data from another company....
CSO Online – How data poisoning attacks corrupt machine learning models
Data poisoning can render machine learning models inaccurate, possibly resulting in poor decisions based on faulty outputs. With no easy fixes available, security pros must focus...
WeLive Security – FBI: Cybercrime losses topped US$4.2 billion in 2020
The Bureau received over 28,000 reports of COVID-19-themed scams last year Amer Owaida18 Mar 2021 – 05:23PMShare The United States’ Federal Bureau of Investigation (FBI) received...
Welive Security – $38 million worth of gift cards stolen and sold on dark web
Easy to redeem and hard to trace, gift cards remain a hot commodity in the criminal underground Amer Owaida7 Apr 2021 – 07:00PMShare A cybercriminal has...
WeLive Security – Does data stolen in a data breach expire?
Some personal information just doesn’t age – here’s what the Facebook data leak may mean for you Tony Anscombe8 Apr 2021 – 03:00PMShare ‘Half a billion...
Telefonica TECH – What Do Criminals in the Ransomware Industry Recommend so that Ransomware Does Not Affect You?
Gabriel Bergel 9 February, 2021 This post is about zombies and social engineering, the image in figure 1 is free and royalty free as long as you...
Telefonica TECH – WhatsApp, Telegram or Signal, Which One?
ElevenPaths 17 February, 2021 In the world of smartphones, 2021 began with a piece of news that has left no one indifferent: the update of WhatsApp’s terms and...
Telefonica TECH – Everything You Need to Know About SSL/TLS Certificates
ElevenPaths 23 March, 2021 What is a digital certificate? Secure Sockets Layer/Transport Layer Security digital certificate is the most widely used security protocol that enables encrypted data transfer...
Telefonica TECH – No Pain, No Gain: Let´s Hack 2021
ElevenPaths 8 April, 2021 “No pain, no gain”, you have probably heard this on more than one occasion. An expression that is used endlessly in different environments,...
Telefonica TECH – Cyber Security Mechanisms for Everyday Life
ElevenPaths 26 March, 2021 It is becoming more and more common to find in the general media news related to cyber-attacks, data breaches, privacy scandals and, in short, all...
The Hacker News – Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021 April 12, 2021Ravie Lakshmanan The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8...
The Hacker News – Alert — There’s A New Malware Out There Snatching Users’ Passwords
A previously undocumented malware downloader has been spotted in the wild in phishing attacks to deploy credential stealers and other malicious payloads. Dubbed “Saint Bot,” the...
naked security – Apple devices get urgent patch for zero-day exploit – update now!
Apple devices get urgent patch for zero-day exploit – update now! 27 MAR 2021 7Apple, Apple Safari, iOS, Vulnerability Get the latest security news in your inbox. Don’t show me this...
threadpost – Chinese Hackers Selling Intimate Stolen Camera Footage
Chinese Hackers Selling Intimate Stolen Camera Footage Author:Becky BrackenApril 6, 2021 4:54 pm2:30 minute read Write a comment Share this article: A massive operation offers access to hacked camera...
threadpost – Critical Cloud Bug in VMWare Carbon Black Allows Takeover
Critical Cloud Bug in VMWare Carbon Black Allows Takeover Author:Tara SealsApril 6, 2021 4:55 pm1:30 minute read Write a comment Share this article: CVE-2021-21982 affects a platform designed to...
threadpost – How To Defend the Extended Network Against Web Risks
How To Defend the Extended Network Against Web Risks InfoSec InsiderAamir LakhaniApril 5, 2021 1:28 pm3 minute read Write a comment Share this article: Aamir Lakhani, cybersecurity researcher for...
threadpost – SAP Bugs Under Active Cyberattack, Causing Widespread Compromise
SAP Bugs Under Active Cyberattack, Causing Widespread Compromise Author:Tara SealsApril 6, 2021 2:47 pm5 minute read Write a comment Share this article: Cyberattackers are actively exploiting known security vulnerabilities...
DARKReading – Kaspersky Uncovers New APAC Cyberespionage Campaign
A group related to Chinese-speaking threat group Cycldek is targeting government and military organizations in Vietnam. Kaspersky researchers have uncovered an advanced cyberespionage campaign targeting government...
DARKReading – 9 Modern-Day Best Practices for Log Management
Log management is nothing new. But doing so smartly, correctly, and concisely in today’s data-driven world is another story.(Image: 123tin via Adobe Stock) Logs are central...
Schneier on Security – Malware Hidden in Call of Duty Cheating Software
Most troublingly, Activision says that the “cheat” tool has been advertised multiple times on a popular cheating forum under the title “new COD hack.” (Gamers looking...