Author:Tara SealsApril 15, 2021 12:35 pm2:30 minute read Write a comment The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices....
nakedsecurity – S3 Ep28: Pwn2Own hacks, dark web hitmen and COVID-19 privacy [Podcast]
15 APR 2021 0Podcast, Privacy, Vulnerability Get the latest security news in your inbox. Don’t show me this again Previous: FBI hacks into hundreds of infected US servers (and disinfects them)by Paul...
Google Security Blog – A New Standard for Mobile App Security
April 15, 2021Posted by Brooke Davis and Eugene Liderman, Android Security and Privacy Team With all of the challenges from this past year, users have become...
The Hacker News – US Sanctions Russia and Expels 10 Diplomats Over SolarWinds Cyberattack
April 15, 2021Ravie Lakshmanan The U.S. and U.K. on Thursday formally attributed the supply chain attack of IT infrastructure management company SolarWinds with “high confidence” to...
DARKReading – Software Developer Arrested in Computer Sabotage Case
Officials say Davis Lu placed malicious code on servers in a denial-of-service attack on his employer. A software developer has been arrested and faces charges for...
threatpost – Biden Races to Shore Up Power Grid Against Hacks
Author:Becky BrackenApril 15, 2021 4:09 pm3 minute read Write a comment A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said. President...
Adrian Judzik – Cyber Security Advisor – Ciberseguridad: El Factor Humano.
Ciberseguridad: El Factor Humano. Published on April 5, 2021 “No es el conocimiento, sino el acto de aprendizaje, y no la posesión, sino el acto de...
The Hacker News – YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs
April 15, 2021Ravie Lakshmanan Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into seemingly legitimate Google sites that install a Remote Access...
DARKReading – Microsoft Warns of Malware Delivery via Google URLs
A new campaign abuses legitimate website contact forms to send URLs that ultimately deliver the IcedID banking Trojan. Microsoft has warned organizations of a new attack...
threathpost – Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes
Author:Tom SpringApril 14, 2021 8:46 am3 minute read Write a comment Share this article: Microsoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack....
threathpost – A Post-Data Privacy World and Data-Rights Management
InfoSec InsiderJoseph CarsonApril 14, 2021 1:21 pm2 minute read Write a comment Share this article: Joseph Carson, chief security scientist at Thycotic, discusses the death of data privacy and what...
DARKReading – CISA Urges Caution for Security Researchers Targeted in Attack Campaign
The agency urges researchers to take precautions amid an ongoing targeted threat campaign. The Cybersecurity and Infrastructure Security Agency (CISA) is cautioning cybersecurity researchers to keep...
threatpost – Security Bug Allows Attackers to Brick Kubernetes Clusters
Author:Tara SealsApril 14, 2021 4:56 pm3 minute read Write a comment The vulnerability is triggered when a cloud container pulls a malicious image from a registry. A vulnerability in...
The Hacker News – New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotely
April 14, 2021Ravie Lakshmanan Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code...
threathpost – Microsoft Has Busy April Patch Tuesday with Zero-Days, Exchange Fixes
Author:Tom SpringApril 14, 2021 8:46 am3 minute read Write a comment Microsoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack. Microsoft had its...
threathpost – 100,000 Google Sites Used to Install SolarMarket RAT
Author:Elizabeth MontalbanoApril 14, 2021 10:48 am2:30 minute read Write a comment Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates...
welivesecurity – Clubhouse in the spotlight after user records posted online
Reports of another trove of scraped user data add to the recent woes of popular social media platforms Amer Owaida12 Apr 2021 – 04:28PMShare It seems...
The Hacker News – New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
April 14, 2021Ravie Lakshmanan Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer...
DARKReading – FBI Operation Remotely Removes Web Shells From Exchange Servers
A court order authorized the FBI to remove malicious Web shells from hundreds of vulnerable machines running on-premises Exchange Server. A court order has authorized an...
threadpost – FBI Clears ProxyLogon Web Shells from Hundreds of Orgs
Author:Tara SealsApril 14, 2021 1:31 pm3:30 minute read Write a comment In a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand. The Feds have...
welivesecurity – WhatsApp flaw lets anyone lock you out of your account
An attacker can lock you out of the app using just your phone number and without requiring any action on your part Amer Owaida13 Apr 2021...
Dario Borges – Cyber Security Advisor – Ciberseguridad, ajedrez y esgrima; en todos ellos, gana quien comete el penúltimo error.
por Darío F. Borges. Minas, Lavalleja – Uruguay La situación sanitaria global y sus consecuencias han sido el catalizador de enormes cambios a nivel funcional y procedural...
Adrian Judzik – Cyber Advisor – Ciberseguridad: ¿Es el marketing el problema?
” El aumento del conocimiento depende por completo de la existencia del desacuerdo” Karl Popper Diariamente podemos leer noticias que alguna organismo o empresa ha sido vulnerada...
The Hacker News – Hackers Tampered With APKPure Store to Distribute Malware Apps
April 09, 2021Ravie Lakshmanan APKPure, one of the largest alternative app stores outside of the Google Play Store, was infected with malware this week, allowing threat...
The Hacker News – RCE Exploit Released for Unpatched Chrome, Opera, and Brave Browsers
April 12, 2021Ravie Lakshmanan An Indian security researcher has publicly published a proof-of-concept (PoC) exploit code for a newly discovered flaw impacting Google Chrome and other...
The Hacker News – BRATA Malware Poses as Android Security Scanners on Google Play Store
April 12, 2021Ravie Lakshmanan A new set of malicious Android apps have been caught posing as app security scanners on the official Play Store to distribute...
The Hacker News – Detecting the “Next” SolarWinds-Style Cyber Attack
April 13, 2021The Hacker News The SolarWinds attack, which succeeded by utilizing the sunburst malware, shocked the cyber-security industry. This attack achieved persistence and was able to evade...
The Hacker News – Hackers Using Website’s Contact Forms to Deliver IcedID Malware
April 13, 2021Ravie Lakshmanan Microsoft has warned organizations of a “unique” attack campaign that abuses contact forms published on websites to deliver malicious links to businesses...
threatpost – 1.3M Clubhouse Users’ Data Dumped in Hacker Forum for Free
Author:Becky BrackenApril 12, 2021 4:18 pm3:30 minute read Write a comment Clubhouse denies it was ‘breached’ and says the data is out there for anyone to grab. Clubhouse, the...
threadpost – Chrome Zero-Day Exploit Posted on Twitter
Author:Elizabeth MontalbanoApril 13, 2021 9:40 am2:30 minute read Write a comment An update to Google’s browser that fixes the flaw is expected to be released on Tuesday. A researcher...