RSS Cyber News…

  • Targeted Phishing Attacks Strike High-Ranking Company Executives January 26, 2021
    An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 password expiration
  • TikTok Bug Could Have Exposed Users' Profile Data and Phone Numbers January 26, 2021
    Cybersecurity researchers on Tuesday disclosed a now-patched security flaw in TikTok that could have potentially enabled an attacker to build a database of the app's users and their associated phone numbers for future malicious activity. Although this flaw only impacts those users who have linked a phone number with their account or logged in with […]
  • vCISO Shares Most Common Risks Faced by Companies With Small Security Teams January 26, 2021
    Most companies with small security teams face the same issues. They have inadequate budgets, inadequate staff, and inadequate skills to face today's onslaught of sophisticated cyberthreats. Many of these companies turn to virtual CISOs (vCISOs) to provide security expertise and guidance. vCISOs are typically former CISOs with years of experience building and managing information security
  • Enhancing Email Security with MTA-STS and SMTP TLS Reporting January 26, 2021
    In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a […]
  • N. Korean Hackers Targeting Security Experts to Steal Undisclosed Researches January 26, 2021
    Google on Monday disclosed details about an ongoing campaign carried out by a government-backed threat actor from North Korea that has targeted security researchers working on vulnerability research and development. The internet giant's Threat Analysis Group (TAG) said the adversary created a research blog and multiple profiles on various social media platforms such as Twitter, […]
  • Beware — A New Wormable Android Malware Spreading Through WhatsApp January 25, 2021
    A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a link to [a] malicious Huawei Mobile app," ESET researcher Lukas […]
  • Pen Testing By Numbers: Tracking Pen Testing Trends and Challenges January 25, 2021
    Over the years, penetration testing has had to change and adapt alongside the IT environments and technology that need to be assessed. Broad cybersecurity issues often influence the strategy and growth of pen-testing. In such a fast-paced field, organizations get real value from learning about others' penetration testing experiences, identifying trends, and the role they play in […]
  • Exclusive: SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product January 25, 2021
    SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x and Secure Mobile Access (SMA) […]
  • Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw January 24, 2021
    Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers end-to-end
  • Experts Detail A Recent Remotely Exploitable Windows Vulnerability January 23, 2021
    More details have emerged about a security feature bypass vulnerability in Windows NT LAN Manager (NTLM) that was addressed by Microsoft as part of its monthly Patch Tuesday updates earlier this month. The flaw, tracked as CVE-2021-1678 (CVSS score 4.3), was described as a "remotely exploitable" flaw found in a vulnerable component bound to the network stack, although exact […]

Stay updated with the latest news and trends on Cyber Security…