Security feed

Earlier
More zero-day exploits coming up for sale by NSO Group and others is democratizing the attack vector and placing them within reach of less sophisticated attackers. [...]
Mon, Apr 06, 2020
Source: Threat Post
The FBI is cracking down on the practice of Zoom bombing, saying the hijacking of web conferences can be punishable by jail time. [...]
Mon, Apr 06, 2020
Source: Threat Post
A Magecart threat actor tracked as “Group 7” has been using a skimmer that creates iframes to steal payment card data, RiskIQ reveals. read more [...]
Mon, Apr 06, 2020
Source: securityweek
The white hat hacker who discovered the vulnerabilities received a $75,000 from Apple's bug-bounty program. [...]
Mon, Apr 06, 2020
Source: Threat Post
A threat actor linked to South Korea has launched attacks against Chinese government agencies using a zero-day vulnerability affecting a local VPN service, Chinese cybersecurity firm Qihoo 360 reported on Monday. read more [...]
Mon, Apr 06, 2020
Source: securityweek
The attacks are being carried out against Chinese government interests worldwide, according to Qihoo 360. [...]
Mon, Apr 06, 2020
Source: Threat Post
Trend Micro's security researchers discovered roughly 8,000 unsecured Redis instances that were exposed to anyone with an Internet connection. Spread all over the world, the unsecured instances were found to lack Transport Layer Security (TLS) encryption and without any password protection. Some of these instances were even deployed in public clouds. read [...]
Mon, Apr 06, 2020
Source: securityweek
Microsoft last week announced the availability of a tool designed to help organizations see where they are in their journey to implement a zero trust security model. read more [...]
Mon, Apr 06, 2020
Source: securityweek
A campaign that has been ongoing for months is targeting misconfigured open Docker Daemon API ports to install a piece of malware named Kinsing, which in turn deploys a cryptocurrency miner in compromised container environments. read more [...]
Mon, Apr 06, 2020
Source: securityweek
Google last week announced that it has started rolling back a cross-site request forgery (CSRF) protection introduced in early February with the release of Chrome 80 in the stable channel. read more [...]
Mon, Apr 06, 2020
Source: securityweek


Print pagePDF pageEmail page