Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees

The Phosphorous APT has launched successful attacks against world leaders who are attending the Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia, Microsoft warns.

Holiday Shopping Craze, COVID-19 Spur Retail Security Storm

Veracode's Chris Eng discusses the cyber threats facing shoppers who are ... Holiday Shopping Craze, COVID-19 Spur Retail Security Storm.

IoT Device Takeovers Surge 100 Percent in 2020

The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a swelling in IoT infections observed on wireless networks.

Election Security: Beyond Mail-In Voting

There are many areas of the election process that criminal hackers can target to influence election results.

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

Experts Weigh in on E-Commerce Security Amid Snowballing Threats. How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike. ... But experts are warning retailers not to focus only on one threat or on protecting one particular system.

IBM Spectrum Protect Plus Security Open to RCE

Two high-severity bugs (CVE-2020-4703 and CVE-2020-4711) in IBM's Spectrum Protect Plus data-storage protection solution could enable remote code execution.

Facebook: A Top Launching Pad For Phishing Attacks

Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks – including a recent strike on a half-million Facebook users.

Mobile Browser Bugs Open Safari, Opera Users to Malware

A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.

Nvidia Warns Gamers of Severe GeForce Experience Flaws

Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more. The flaw specifically stems from the Nvidia Web Helper NodeJS Web Server.

DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks

DOJ Charges 6 Sandworm APT Members in NotPetya Cyberattacks. DOJ charges six Russian nationals for their alleged part in the NotPetya, Ukraine power grid and Olympics cyberattacks. The Department of Justice (DOJ) on Monday announced charges against six Russian nationals who are allegedly tied to the Sandworm APT.

Google’s Waze Can Allow Hackers to Identify and Track Users

A security researcher found a vulnerability in Google's Waze, a GPS navigation software, that can allow hackers to track and identify users by their location. Security DevOps engineer Peter Gasper discovered a flaw in the API that lets hackers track movements of drivers and identify the users.

Microsoft Teams Phishing Attack Targets Office 365 Users

Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a “missed chat” from Microsoft Teams. Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams.

Facebook, News and XSS Underpin Complex Browser Locker Attack

An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam. Facebook, News and XSS Underpin Complex Browser Locker Attack ... it involves exploiting a cross-site scripting (XSS) vulnerability on a popular news site, ...

Cisco Warns of Severe DoS Flaws in Network Security Software

The majority of the bugs in Cisco’s Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable denial of service (DoS) on affected devices.

Oracle Kills 402 Bugs in Massive October Patch Update

Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; two have CVSS scores of 10 out of 10.

Top 10 C++ Open Source Project Bugs Found in 2019

Another year is drawing to an end, and it's a perfect time to make yourself a cup of coffee and reread the reviews of bugs collected across open-source projects over this year. This would take quite a while, of course, so we prepared this article to make it easier for you. Today we'll be recalling the most interesting dark spots that we came across in open-source C/C++ projects in 2019.

Microsoft Exchange, Outlook Under Siege By APTs

A new threat report shows that APTs are switching up their tactics when exploiting Microsoft services like Exchange and OWA, in order to avoid detection.

Microsoft Fixes RCE Flaws in Out-of-Band Windows Update

Microsoft has issued out-of-band patches for two “important” severity vulnerabilities, which if exploited could allow for remote code execution. One flaw (CVE-2020-17023) exists in Microsoft's Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS.

Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy

Kết quả hình ảnh cho Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy1 ngày trước Hackers sent Joe Biden's presidential campaign staffers malicious emails that impersonated anti-virus software company McAfee, and used a mix of legitimate services (such as Dropbox) to avoid detection. The emails were an attempt to steal staffers' credentials and infect them with malware.

Phishing Lures Shift from COVID-19 to Job Opportunities

Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.