News aggregator

Critical RCE Flaw (CVSS 10) Affects F5 BIG-IP Application Security Servers

THN - Sat, 04/07/2020 - 11:26
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. The vulnerability, assigned CVE-2020-5902 and rated as critical with a CVSS score of 10 out of 10, could let remote attackers

Facebook hoaxes back in the spotlight – what to tell your friends

Sophos - Naked Security - Fri, 03/07/2020 - 12:05
At the risk of giving you a feeling of déjà vu all over again, it's time to talk about Facebook hoaxes once more.

Police Arrested Hundreds of Criminals After Hacking Into Encrypted Chat Network

THN - Fri, 03/07/2020 - 08:56
In a joint operation, European and British law enforcement agencies recently arrested hundreds of alleged drug dealers and other criminals after infiltrating into a global network of an encrypted chatting app that was used to plot drug deals, money laundering, extortions, and even murders. Dubbed EncroChat, the top-secret encrypted communication app comes pre-installed on a customized

Google buys AR smart-glasses company North

Sophos - Naked Security - Fri, 03/07/2020 - 07:36
They're not surveillance spectacles, says Google, just a piece in the jigsaw of "ambient computing", where helpfulness is all around you.

MongoDB ransom threats step up from blackmail to full-on wiping

Sophos - Naked Security - Thu, 02/07/2020 - 11:49
Still thinking "the crooks probably won't find me if I make a security blunder"?

133m records for sale as fruits of data breach spree keep raining down

Sophos - Naked Security - Thu, 02/07/2020 - 07:22
Databases can be had for as little as $100, on up to $1,100. Most, if not all, are being sold by the hacking group Shiny Hunters.

Critical Apache Guacamole Flaws Put Remote Desktops at Risk of Hacking

THN - Thu, 02/07/2020 - 06:59
A new research has uncovered multiple critical reverse RDP vulnerabilities in Apache Guacamole, a popular remote desktop application used by system administrators to access and manage Windows and Linux machines remotely. The reported flaws could potentially let bad actors achieve full control over the Guacamole server, intercept, and control all other connected sessions. According to a

Microsoft issues critical fixes for booby-trapped images – update now!

Sophos - Naked Security - Wed, 01/07/2020 - 10:26
Booby-trapped images could be used to attack Windows 10 and Windows Server 2019 - update now!

Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws

THN - Wed, 01/07/2020 - 09:25
Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users. To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly 'Patch Tuesday Updates' scheduled for 14th July. That's likely because both flaws reside in the Windows Codecs

Google stops pushing scam ads on Americans searching for how to vote

Sophos - Naked Security - Wed, 01/07/2020 - 09:20
No US entity charges citizens for registering to vote, but plenty of Google ads were happy to do so - and to grab your PII in the process.

Firefox 78 is out – with a mysteriously empty list of security fixes

Sophos - Naked Security - Wed, 01/07/2020 - 08:02
TLS 1.0 and TLS 1.1 are now considered security risks and blocked by default.

Use This Definitive RFP Template to Effectively Evaluate XDR solutions

THN - Wed, 01/07/2020 - 07:43
A new class of security tools is emerging that promises to significantly improve the effectiveness and efficiency of threat detection and response. Emerging Extended Detection and Response (XDR) solutions aim to aggregate and correlate telemetry from multiple detection controls and then synthesize response actions. XDR has been referred to as the next step in the evolution of Endpoint

A New Ransomware Targeting Apple macOS Users Through Pirated Apps

THN - Wed, 01/07/2020 - 06:08
Cybersecurity researchers this week discovered a new type of ransomware targeting macOS users that spreads via pirated apps. According to several independent reports from K7 Lab malware researcher Dinesh Devadoss, Patrick Wardle, and Malwarebytes, the ransomware variant — dubbed "EvilQuest" — is packaged along with legitimate apps, which upon installation, disguises itself as Apple's

Google joins Apple in limiting web certificates to one year

Sophos - Naked Security - Tue, 30/06/2020 - 13:53
Is it fair to expect everyone to renew all their web certificates every year? Apple says yes, and now Google does too.

iOS 14 flags TikTok, 53 other apps spying on iPhone clipboards

Sophos - Naked Security - Tue, 30/06/2020 - 08:11
TikTok, for one, promised to knock this off months ago but was caught red-handed, still at it, by the new clipboard notification in iOS 14.

Advanced StrongPity Hackers Target Syria and Turkey with Retooled Spyware

THN - Tue, 30/06/2020 - 04:45
Cybersecurity researchers today uncovered new details of watering hole attacks against the Kurdish community in Syria and Turkey for surveillance and intelligence exfiltration purposes. The advanced persistent threat behind the operation, called StrongPity, has retooled with new tactics to control compromised machines, cybersecurity firm Bitdefender said in a report shared with The Hacker

Beware “secure DNS” scam targeting website owners and bloggers

Sophos - Naked Security - Mon, 29/06/2020 - 11:15
If you run a website or a blog, watch out for emails promising "DNSSEC upgrades" - these scammers are after your whole site.

Russian Hacker Gets 9-Year Jail for Running Online Shop of Stolen Credit Cards

THN - Mon, 29/06/2020 - 08:21
A United States federal district court has finally sentenced a Russian hacker to nine years in federal prison after he pleaded guilty of running two illegal websites devoted to facilitating payment card fraud, computer hacking, and other crimes. Aleksei Yurievich Burkov, 30, pleaded guilty in January this year to two of the five charges against him for credit card fraud—one count of access

e-Commerce Site Hackers Now Hiding Credit Card Stealer Inside Image Metadata

THN - Mon, 29/06/2020 - 07:27
In what's one of the most innovative hacking campaigns, cybercrime gangs are now hiding malicious code implants in the metadata of image files to covertly steal payment card information entered by visitors on the hacked websites. "We found skimming code hidden within the metadata of an image file (a form of steganography) and surreptitiously loaded by compromised online stores," Malwarebytes

Satori IoT botnet author sentenced to 13 months in prison

Sophos - Naked Security - Mon, 29/06/2020 - 06:37
Kenneth Schuchman, the creator of the massive Satori botnet of enslaved devices, will be spending 13 months behind bars.

Pages

Subscribe to Shiga Tecnologia aggregator