News aggregator

Botnet blasts WordPress sites with configuration download attacks

Sophos - Naked Security - 2 hours 24 min ago
A million sites attacked by 20,000 different computers.

You DID change your password after that data breach, didn’t you?

Sophos - Naked Security - Thu, 04/06/2020 - 13:36
Apparently, some people consider their passwords "invincible", even after a data breach. Don't be those people.

Nuclear missile contractor hacked in Maze ransomware attack

Sophos - Naked Security - Thu, 04/06/2020 - 08:54
Attackers hacked and encrypted the computers of a contractor whose clients include the US military, government agencies and major military contractors.

Google deletes Indian app that deleted Chinese apps

Sophos - Naked Security - Thu, 04/06/2020 - 06:38
Google has deleted an app from the Play Store that offered to delete Android software associated with China.

New USBCulprit Espionage Tool Steals Data From Air-Gapped Computers

THN - Thu, 04/06/2020 - 05:31
A Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage, according to a newly published research by Kaspersky yesterday. The APT, known as Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks, including previously unreported custom

Firefox fixes cryptographic data leakage in latest security update

Sophos - Naked Security - Wed, 03/06/2020 - 13:37
How time flies - the latest four-weekly Firefox update is out.

Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat

THN - Wed, 03/06/2020 - 12:53
If you're using Zoom—especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers. No, it's not about the arrival of the most-awaited "real" end-to-end encryption feature, which apparently, according to the latest news,

VMware flaw allows takeover of multiple private clouds

Sophos - Naked Security - Wed, 03/06/2020 - 12:23
VMWare’s VMware Cloud Director has a security flaw that researchers believe could be exploited to compromise multiple customer accounts using the same cloud infrastructure.

Amtrak breached, some customers’ logins and PII potentially exposed

Sophos - Naked Security - Wed, 03/06/2020 - 12:09
The US rail service hasn't disclosed the number of passengers affected in a 16 April breach.

Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers

THN - Wed, 03/06/2020 - 10:10
A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in Sybase Adaptive Server Enterprise (ASE), a relational database management software geared towards

New Skill Testing Platform For 6 Most In-Demand Cybersecurity Jobs

THN - Wed, 03/06/2020 - 08:16
Building a security team is a necessity for organizations of all industries and sizes. It makes selecting the right person for the job a critical task in which testing candidates' domain knowledge is a core component of the hiring process. A common practice is for each organization to put together a dedicated set of questions for each role. Today, Cynet launches the Cybersecurity Skill Tests

We won! Naked Security scoops “Legends of security” award

Sophos - Naked Security - Wed, 03/06/2020 - 04:54
We're absolutely delighted - delighted and proud! - to report that we won not one but two awards at last night's European Security Blogger Awards 2020.

The mystery of the expiring Sectigo web certificate

Sophos - Naked Security - Tue, 02/06/2020 - 13:48
If you're getting TLS connection errors that suddenly started this weekend, a tired old encryption library might be the problem.

Hacker posts database stolen from Dark Net free hosting provider DH

Sophos - Naked Security - Tue, 02/06/2020 - 10:26
Some 7,600 dark-web sites were obliterated in an attack on the most popular provider of .onion free hosting services, Daniel's Hosting.

Crime agency turns to Google ads to deter teen DDoS hackers

Sophos - Naked Security - Tue, 02/06/2020 - 10:01
The UK's National Crime Agency has hit on a simple way to stop teens from being sucked into cybercrime – using Google Ads.

Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers

THN - Tue, 02/06/2020 - 02:37
Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. Tracked as CVE-2020-3956, the code injection flaw stems from an improper input handling that could be abused by an authenticated attacker to

No password required! “Sign in with Apple” account takeover flaw patched

Sophos - Naked Security - Mon, 01/06/2020 - 12:19
A bug bounty hunter found a way to login using "Sign in with Apple"... but without the part where you have to put in a password.

How to Create a Culture of Kick-Ass DevSecOps Engineers

THN - Mon, 01/06/2020 - 09:06
Much like technology itself, the tools, techniques, and optimum processes for developing code evolve quickly. We humans have an insatiable need for more software, more features, more functionality… and we want it faster than ever before, more qualitative, and on top of that: Secure. With an estimated 68% of organizations experiencing zero-day attacks from undisclosed/unknown vulnerabilities

Joomla Resources Directory (JRD) Portal Suffers Data Breach

THN - Mon, 01/06/2020 - 08:34
Joomla, one of the most popular Open-source content management systems (CMS), last week announced a new data breach impacting 2,700 users who have an account with its resources directory (JRD) website, i.e., The breach exposed affected users' personal information, such as full names, business addresses, email addresses, phone numbers, and encrypted passwords. The

Github uncovers malicious ‘Octopus Scanner’ targeting developers

Sophos - Naked Security - Mon, 01/06/2020 - 07:28
GitHub has uncovered a form of malware that spreads via infected repositories on its system.


Subscribe to Shiga Tecnologia aggregator