 Contactless Payment Card Hack Affects Apple Pay, Visa: Researchers have demonstrated how fraudsters could steal money from iPhone owners who use Apple Pay and Visa via a contactless hack. Read More Hackers Can Exploit Apple AirTag Vulnerability to Lure Users to Malicious Sites: Hackers can exploit a stored XSS vulnerability in Apple AirTag to lure unsuspecting users to phishing and other malicious websites. Read More Facebook Open-Sources 'Mariana Trench' Tool: Mariana Trench is an open-source tool that Facebook's security team has used internally to identify vulnerabilities in Android and Java applications. Read More Xage Lands DOE Contract to Bring Zero Trust Principles to Emergency Responders: The Department of Energy has contracted with Xage, a zero-trust access provider, to expand its existing Xage Fabric application to provide secure and controlled access to emergency responders. Read More Telemetry Report Shows Patch Status of High-Profile Vulnerabilities: Security researchers selected a range of high profile vulnerabilities, and used Shodan to detect instances of the vulnerabilities still extant on the internet. The results are not encouraging. Read More GriftHorse Android Trojan Infects Over 10 Million Devices Worldwide: Running since November 2020, the mobile premium services campaign hid behind innocent-looking malicious applications. Read More New CISA Tool Helps Organizations Assess Insider Threat Risks: By responding to a series of questions, organizations can check whether they are vulnerable to insider threats. Read More Turkish National Charged for DDoS Attack on U.S. Company: The man, Izzet Mert Ozek, allegedly used the WireX botnet to target the hospitality company's website and prevent access to it. Read More ImmuniWeb Launches Free Tool for Identifying Unprotected Cloud Storage: ImmuniWeb has launched a free online tool that organizations can use to identify unprotected cloud storage. Read More Behavioral Analytics Provider ForMotiv Raises $6 Million: Real-time user behavior analysis platform ForMotiv this week announced it has raised $6 million in a third seed funding round. Read More Akamai to Acquire Guardicore in $600M Zero Trust Tech Deal: Akamai adds new capabilities to help customers thwart ransomware attacks by blocking the spread of malware within an already-compromised enterprise. Read More Cyberespionage Implant Delivered via Targeted Government DNS Hijacking: The newly discovered Tomiris backdoor contains technical artifacts that suggest the possibility of common authorship or shared development practices with the group that executed the SolarWinds supply chain compromise. Read More China Intensified Attacks on Major Afghan Telecom Firm as U.S. Finalized Withdrawal: Four China-linked cyberespionage groups targeted a major Afghan telecom firm as the U.S. was finalizing its withdrawal from the country. Read More COVID-19's Healthcare Feeding Frenzy for Cybercriminals: The vast increase in staff from all industries working from home, outside of their corporate network defenses and often on poorly protected home computers, has been a treasure trove for hackers. Read More Google Announces Rewards for Tsunami Security Scanner Plugins: The search giant seeks to quickly extend the network scanner's vulnerability detection and web application fingerprinting capabilities. Read Feature CISA Warns of Hikvision Camera Flaw as U.S. Aims to Rid Chinese Gear From Networks: CISA is telling organizations to patch their Hikvision cameras, just as the FCC announced taking steps toward removing Chinese equipment from U.S. networks. Read Feature Russia Detains Head of Cybersecurity Group on Treason Charges: A Moscow court ordered the co-founder of Group-IB, one of Russia's leading cybersecurity firms, to be detained on charges of treason. Read Feature Microsoft Details FoggyWeb Backdoor Used by SolarWinds Hackers: Microsoft has detailed FoggyWeb, a post-exploitation backdoor that the hackers behind the SolarWinds attack have used to remotely exfiltrate data from AD FS servers. Read Feature Colossus Ransomware Hits Automotive Company in the U.S.: The cybercriminals are demanding $400,000 to be paid in exchange for the decryption key. Read Feature FinSpy Surveillance Spyware Fitted With UEFI Bootkitk: Security researchers at Kaspersky have spotted signs of the notorious FinSpy surveillance spyware hijacking -- and replacing -- the Windows UEFI bootloader to perform stealthy infections on target machines. Read Feature Tokenization vs. Encryption for Data Protection Compliance: Cloud-based vaultless tokenization offers many advantages over current methods of protecting data and ensuring data compliance conformance. But it is in its infancy. It offers the potential for many new possibilities in the coming years. Read Feature QNAP Patches Critical Vulnerabilities in QVR Software: Affecting only certain QNAP EOL devices running QVR, the security flaws can be exploited remotely to run arbitrary commands. Read More Enterprises Warned About Zix-Themed Credential Phishing Attacks: Enterprise users have been warned that cybercriminals may be trying to phish their credentials using emails that spoof security company Zix. Read More Trend Micro Patches Critical Vulnerability in Server Protection Solution: Tracked as CVE-2021-36745 (CVSS score of 9.8), the security hole exists because input during authentication isn't properly validated. Read More | 
Comments
Post a Comment