Security feed

Earlier
A Brisk Private Trade in Zero-Days Widens Their Use
More zero-day exploits coming up for sale by NSO Group and others is democratizing the attack vector and placing them within reach of less sophisticated attackers. [...]
Mon, Apr 06, 2020
Source: Threat Post
FBI Threatens ‘Zoom Bombing’ Trolls With Jail Time
The FBI is cracking down on the practice of Zoom bombing, saying the hijacking of web conferences can be punishable by jail time. [...]
Mon, Apr 06, 2020
Source: Threat Post
Magecart Hackers Continue Improving Skimmers
A Magecart threat actor tracked as “Group 7” has been using a skimmer that creates iframes to steal payment card data, RiskIQ reveals. read more [...]
Mon, Apr 06, 2020
Source: securityweek
Apple Safari Flaws Enable One-Click Webcam Access
The white hat hacker who discovered the vulnerabilities received a $75,000 from Apple's bug-bounty program. [...]
Mon, Apr 06, 2020
Source: Threat Post
South Korea-Linked Hackers Targeted Chinese Government via VPN Zero-Day
A threat actor linked to South Korea has launched attacks against Chinese government agencies using a zero-day vulnerability affecting a local VPN service, Chinese cybersecurity firm Qihoo 360 reported on Monday. read more [...]
Mon, Apr 06, 2020
Source: securityweek
Government VPN Servers Targeted in Zero-Day Attack
The attacks are being carried out against Chinese government interests worldwide, according to Qihoo 360. [...]
Mon, Apr 06, 2020
Source: Threat Post
8,000 Unprotected Redis Instances Accessible From Internet
Trend Micro's security researchers discovered roughly 8,000 unsecured Redis instances that were exposed to anyone with an Internet connection. Spread all over the world, the unsecured instances were found to lack Transport Layer Security (TLS) encryption and without any password protection. Some of these instances were even deployed in public clouds. read [...]
Mon, Apr 06, 2020
Source: securityweek
Microsoft Launches Free Zero Trust Assessment Tool
Microsoft last week announced the availability of a tool designed to help organizations see where they are in their journey to implement a zero trust security model. read more [...]
Mon, Apr 06, 2020
Source: securityweek
Kinsing Linux Malware Deploys Crypto-Miner in Container Environments
A campaign that has been ongoing for months is targeting misconfigured open Docker Daemon API ports to install a piece of malware named Kinsing, which in turn deploys a cryptocurrency miner in compromised container environments. read more [...]
Mon, Apr 06, 2020
Source: securityweek
Google Rolls Back Recently Introduced Chrome CSRF Protection
Google last week announced that it has started rolling back a cross-site request forgery (CSRF) protection introduced in early February with the release of Chrome 80 in the stable channel. read more [...]
Mon, Apr 06, 2020
Source: securityweek


Print pagePDF pageEmail page