News

Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do task lists, and over 4,610,000 users have been using its Evernote Web Clipper Extension for Chrome

Telegram, one of the most popular encrypted messaging app, briefly went offline yesterday for hundreds of thousands of users worldwide after a powerful distributed denial-of-service (DDoS) attack hit its servers. Telegram founder Pavel Durov later revealed that the attack was mainly coming from the IP addresses located in China, suggesting the Chinese government could be behind it to sabotage

Real-time visibility into IT assets and activities introduces speed and efficiency to many critical productivity and security tasks organizations are struggling with—from conventional asset inventory reporting to proactive elimination of exposed attack surfaces. However, gaining such visibility is often highly resource consuming and entails manual integration of various feeds. Cynet is now

In April this year, a software update from Google overnight turned all Android phones, running Android 7.0 Nougat and up, into a FIDO-certified hardware security key as part of a push to encourage two-step verification. The feature made it possible for users to confirm their identity when logging into a Google account more effortless and secure, without separately managing and plugging-in a

A new threat has hit head the headlines (Robinhood anyone?), and you need to know if you're protected right now. What do you do? Traditionally, you would have to go with one of the options below. Option 1 – Manually check that IoCs have been updated across your security controls. This would require checking that security controls such as your email gateway, web gateway, and endpoint

A team of cybersecurity researchers yesterday revealed details of a new side-channel attack on dynamic random-access memory (DRAM) that could allow malicious programs installed on a modern system to read sensitive memory data from other processes running on the same hardware. Dubbed RAMBleed and identified as CVE-2019-0174, the new attack is based on a well-known class of DRAM side channel

After Adobe, the technology giant Microsoft today—on June 2019 Patch Tuesday—also released its monthly batch of software security updates for various supported versions of Windows operating systems and other Microsoft products. This month's security updates include patches for a total of 88 vulnerabilities, 21 are rated Critical, 66 are Important, and one is rated Moderate in severity. The

It's Patch Tuesday week! Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign. Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform—all critical in severity—that could lead to arbitrary

Security researchers have been warning about a critical vulnerability they discovered in one of a popular WordPress Live Chat plugin, which, if exploited, could allow unauthorized remote attackers to steal chat logs or manipulate chat sessions. The vulnerability, identified as CVE-2019-12498, resides in the "WP Live Chat Support" that is currently being used by over 50,000 businesses to

Linux users, beware! If you haven't recently updated your Linux operating system, especially the command-line text editor utility, do not even try to view the content of a file using Vim or Neovim. Security researcher Armin Razmjou recently discovered a high-severity arbitrary OS command execution vulnerability (CVE-2019-12735) in Vim and Neovim—two most popular and powerful command-line

An anonymous security researcher going by the name of SandboxEscaper today publicly shared a second zero-day exploit that can be used to bypass a recently patched elevation of privilege vulnerability in the Microsoft Windows operating system. SandboxEscaper is known for publicly dropping zero-day exploits for unpatched Windows vulnerabilities. In the past year, the hacker has disclosed over half

Security researchers have discovered an ongoing sophisticated botnet campaign that is currently brute-forcing more than 1.5 million publicly accessible Windows RDP servers on the Internet. Dubbed GoldBrute, the botnet scheme has been designed in a way to escalate gradually by adding every new cracked system to its network, forcing them to further find new available RDP servers and then brute

The Information Technology industry has seen exponential growth over the years. It is essential for everyone to earn cybersecurity certification if you want to be a part of this growing industry. Organizations always prefer employees with strong internationally-recognized professional certifications. It proofs your skills, knowledge, and gives more credibility to advance your career. IT

Are you using Komodo's Agama Wallet to store your KMD and BTC cryptocurrencies? Were your funds also unauthorisedly transferred overnight to a new address? If yes, don't worry, it's probably safe, and if you are lucky, you will get your funds back. Here's what exactly happened… Komodo, a cryptocurrency project and developer of Agama wallet, adopted a surprisingly unique way to protect its

Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers at CheckPoint, the vulnerabilities reside in the administrative panel of Ministra TV platform,

A security researcher today revealed details of a newly unpatched vulnerability in Microsoft Windows Remote Desktop Protocol (RDP). Tracked as CVE-2019-9510, the reported vulnerability could allow client-side attackers to bypass the lock screen on remote desktop (RD) sessions. Discovered by Joe Tammariello of Carnegie Mellon University Software Engineering Institute (SEI), the flaw exists

As promised, Mozilla has finally enabled "Enhanced Tracking Protection" feature on its Firefox browser by default, which from now onwards would automatically block all third-party tracking cookies that allow advertisers and websites to track you across the web. Tracking cookies, also known as third-party cookies, allows advertisers to monitor your online behavior and interests, using which

Just like 'login with Google,' 'login with Facebook,' Twitter, LinkedIn or any other social media site, you would now be able to quickly sign-up and log into third-party websites and apps using your Apple ID. What's the difference? Well, Apple claims that signing-in with Apple ID would protect users' privacy by not disclosing their actual email addresses to the 3rd-party services and also

A security researcher who last year bypassed Apple's then-newly introduced macOS privacy feature has once again found a new way to bypass security warnings by performing 'Synthetic Clicks' on behalf of users without requiring their interaction. Last June, Apple introduced a core security feature in MacOS that made it mandatory for all applications to take permission ("allow" or "deny") from

I have said it before, and I will say it again — Smart devices are one of the dumbest technologies, so far, when it comes to protecting users' privacy and security. As more and more smart devices are being sold worldwide, consumers should be aware of security and privacy risks associated with the so-called intelligent devices. When it comes to internet-connected devices, smart TVs are the

If you have swiped your payment card at the popular Checkers and Rally's drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction. Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday that affected an

Cyber Security researchers at Guardicore Labs today published a detailed report on a widespread cryptojacking campaign attacking Windows MS-SQL and PHPMyAdmin servers worldwide. Dubbed Nansh0u, the malicious campaign is reportedly being carried out by an APT-style Chinese hacking group who has already infected nearly 50,000 servers and are installing a sophisticated kernel-mode rootkit on

Memorial Day has come and gone, but you still have time to land some of the best deals on some of the best apps and tech training bundles around. Whether you're looking for a world-class VPN or want to begin a career as a high-paid ethical hacker or IT pro, this list of ultra-discounted apps and course bundles has you covered. Ethical Hacking A to Z Training Bundle MSRP: $1273 - Sale Price

Flipboard, a popular social sharing and news aggregator service used by over 150 million people, has disclosed that its databases containing account information of certain users have been hacked. According to a public note published yesterday by the company, unknown hackers managed to gain unauthorized access to its systems for nearly 10 months—between June 2, 2018, and March 23, 2019, and

Nearly 1 million Windows systems are still unpatched and have been found vulnerable to a recently disclosed critical, wormable, remote code execution vulnerability in the Windows Remote Desktop Protocol (RDP)—two weeks after Microsoft releases the security patch. If exploited, the vulnerability could allow an attacker to easily cause havoc around the world, potentially much worse than what

The evolving cyber threat landscape has taken a new leap. The recent past shows a startling rise in the number of incidences of phishing attacks, where visitors have been lured into clicking fraudulent links, under the cover of security marks like padlock icon and ‘HTTPS’. Considering the rising number of…

The cyber threat landscape is evolving every second, with thousands of new potential threats being detected every single day. With people becoming more and more conscious about their privacy and private data, such evolving threats can have a significant impact on the personal and financial life of people. In order…

In today’s world data is everything, and to store and process this large amount of data, everyone started using computing devices. Database servers which are used for storing this precious data on computing devices include MySQL, MongoDB, MSSQL, etc. But unfortunately, not everyone is conscious about its security. In fact, approximately…

Red Hat engineers and experts discovered a memory corruption vulnerability in Linux kernel, which is basically a flaw while implementation of RDS (Remote desktop Protocol) over TCP. This flaw has affected Red Hat, Ubuntu, Debian and SUSE and security advisories have been issued for all. This flaw could enable an…

As part of the Windows 10 Updates, Microsoft has now come up with a new update for Windows 10 PCs. It’s called Windows 10 19H1 (Windows 10 May 2019 Update). This post lists down some of the highlights of this particular update and Quick Heal’s compatibility with the OS. Highlights…

Emotet malware was first identified in 2014 as Banking trojan. Emotet has evolved from banking trojan to threat distributor till now. It has hit many organizations very badly in 2018 with its functionalities like spamming and spreading. Further with its widespread rich/existence at many organizations, it became threat distributor. Since…

This is an important security advisory related to a recently patched Critical remote code execution vulnerability in Microsoft Windows Remote Desktop Service (RDP). The vulnerability is identified as “CVE-2019-0708 – Remote Desktop Services Remote Code Execution Vulnerability”. MSRC blog mentions This vulnerability is pre-authentication and requires no user interaction. In other…

From the last one year, Quick Heal Security Labs has been observing a boost in the number of mining malware. One of the ways to earn cryptocurrencies is to mine them. Nowadays cryptocurrency miner malware have become hot attack vectors for cybercriminals due to its ease of deployment and instant…

Phishing is a fraudulent activity to trick you into revealing your personal and confidential information. This information usually includes bank account details, net banking details, credit/debit card numbers, login ID and passwords. Every day, countless people become unsuspecting victims of phishing attacks. With cyber criminals adopting sophisticated modes of phishing…

Quick Heal and Seqrite users are reporting that PCs fails to boot up / Freeze after installing 9th April Windows Updates and Rebooting the system. Symptoms:  Users have Quick Heal or Seqrite product installed and running on their systems. The PCs fail to boot up / Freeze after installing Windows Updates of 9-April-2019 and Rebootingthe system. There are…

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

Well this was a big one. The simple stuff first - I'm back in Norway running workshops and getting ready for my absolute favourite event of the year, NDC Oslo. I'm also talking about Scott's Hack Yourself First UK Tour where he'll be hitting up Manchester, London and Glasgow with

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

It's the Hack Yourself First UK Tour! I've been tweeting a bit about this over recent times and had meant to write about it earlier, but I've been a little busy of late. Last year, I asked good friend and fellow security person Scott Helme to help me out running

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

Back in 2013, I was beginning to get the sense that data breaches were becoming a big thing. The prevalence of them seemed to be really ramping up as was the impact they were having on those of us that found ourselves in them, myself included. Increasingly, I was writing

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

I made it to the Infosecurity hall of fame! Yesterday was an absolutely unreal experience that was enormously exciting:

It was an absolute honour to induct the fantastic @troyhunt into the @Infosecurity @InfosecurityMag Hall of Fame today at #Infosec19. Troy is a credit to our industry and also a really

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

Another week, another conference. This time, Scott and I have just wrapped up the AusCERT event which is my local home town conference (I can literally see my house from Scott's balcony). We're talking about the event, upcoming ones, Scott's Hack Yourself First UK tour, some funky default values in

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

I'm a day and a half behind with this week's update again - sorry! Thursday and Friday were solid with training in Melbourne so I recorded Saturday and am pushing this out in the early hours of Sunday before going wakeboarding - is that work / life balance? But there's been

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

Sometimes the discussion around extended validation certificates (EV) feels a little like flogging a dead horse. In fact, it was only September that I proposed EV certificates are already dead for all sorts of good reasons that have only been reinforced since that time. Yet somehow, the discussion does seem

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

Per the beginning of the video, it's out late, I'm jet lagged, all my clothes are dirty and I've had to raid the conference swag cupboard to even find a clean t-shirt. But be that as it may, I'm yet to miss one of these weekly vids in the 2

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

After a mammoth 30-hour door-to-door journey, I'm back in the USA! It's Minnesota this week and I've just wrapped up a couple of days of Hack Yourself First workshop followed by the opening keynote at NDC followed by PubConf. All great events but combined with the burden of travel, all

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

It's the last one from home for a few weeks, both for Scott and myself. Whilst I head off to the US for a couple of weeks, he's back home to the UK before other Europe travel then we'll both end up back on the Gold Coast in a few

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

Scott is still here with me on the Gold Coast lapping up the sunshine before NDC Security next week so I thought we'd do this week's video next to the palm trees and jet ski 😎 But, of course, there's still a heap of stuff happening that's worthy of discussion, everything

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

It's another episode with Scott Helme this week as he's back in town for NDC Security on the Gold Coast (still a got a week to get those tickets, folks!) The timing actually works out pretty well as there was this week's announcement around Let's Encrypt transition of their root

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

Do you ever hear those stories from your parents along the lines of "when I was young..." and then there's a tale of how risky life was back then compared to today. You know, stuff like having to walk themselves to school without adult supervision, crazy stuff like that which

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

That's the second update in a row I've done on time! It's also another one with a bunch of other things in common with last week, namely commentary on yet more data breaches. It's not just the breaches in HIBP, but the ones I'm busily trying to disclose. This is

Presently sponsored by: Live Workshop! Watch the Varonis DFIR team investigate a cyberattack using our data-centric security stack

Wow, a weekly update back on the normal schedule! I also realised when watching this back how less tired I look compared to the last few weeks. Travel takes its toll so I touched on that a bit in this week's update, along with the usual raft of new data

ESET analysis uncovers a novel technique bypassing SMS-based two-factor authentication while circumventing Google’s recent SMS permissions restrictions

The post Malware sidesteps Google permissions policy with new 2FA bypass technique appeared first on WeLiveSecurity

What are the main security concerns associated with smart buildings and why are they in the crosshairs of cybercriminals?

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

On the other hand, a surprisingly high number of Europeans haven't even heard of the landmark legislation

The post GDPR one year on: Most Europeans know at least some of their rights appeared first on WeLiveSecurity

La Liga has taken substantial flak for tapping into microphones and geolocation services in fans‘ phones in a bid to root out piracy

The post Spain’s top soccer league fined over its app’s ‘tactics’ appeared first on WeLiveSecurity

A recent talk by ESET's Global Security Evangelist Tony Anscombe looks at the key security challenges facing intelligent buildings

The post Why cybercriminals are eyeing smart buildings appeared first on WeLiveSecurity

The images, collected over one and a half months, were taken as the travelers crossed an unspecified border point

The post Cyberattack exposes travelers’ photos, says US border agency appeared first on WeLiveSecurity

ESET research shows how Wajam has evolved into an adware operation that keeps coming up with new tricks in order to evade detection

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

If exploited, the security hole in Exim could allow attackers to run arbitrary commands on vulnerable mail servers

The post Critical bug found in popular mail server software appeared first on WeLiveSecurity

The alert comes on the heels of Microsoft’s second advisory calling on people to take action before it’s too late

The post NSA joins chorus urging Windows users to patch ‘BlueKeep’ appeared first on WeLiveSecurity

How a Montreal-made "social search engine" application has managed to become widely-spread adware, while escaping consequences

The post Wajam: From start-up to massively-spread adware appeared first on WeLiveSecurity

It is the second major breach that the Australian National University suffered in 2018

The post Hackers steal 19 years’ worth of data from a top Australian university appeared first on WeLiveSecurity

Millions of files that are sitting out in the open across various file storage technologies are actually encrypted by ransomware

The post Over 2.3 billion files exposed online appeared first on WeLiveSecurity

ESET researchers show how Turla has refreshed its malicious toolkit and how, in an effort to evade detection, the group uses PowerShell to inject malware directly into memory

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Criminals used my account to launder credit card transactions into cash, at least where the company transacted with was willing to refund

The post The aftermath of a data breach: A personal story appeared first on WeLiveSecurity

ESET researchers analyze new TTPs attributed to the Turla group that leverage PowerShell to run malware in-memory only

The post A dive into Turla PowerShell usage appeared first on WeLiveSecurity

Add that to the US$1.4 billion that the massive security incident two years ago has cost the company so far

The post Equifax stripped of ‘stable’ outlook over 2017 breach appeared first on WeLiveSecurity

ESET researchers zero in on commands executed by Zebrocy, a piece of malware from the extensive toolkit of the Sednit APT group

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

ESET researchers have analyzed fake cryptocurrency wallets emerging on Google Play at the time of bitcoin’s renewed growth

The post Fake cryptocurrency apps crop up on Google Play as bitcoin price rises appeared first on WeLiveSecurity

What you need to know about the critical security hole that could enable the next WannaCryptor

The post Patch now! Why the BlueKeep vulnerability is a big deal appeared first on WeLiveSecurity

ESET sheds light on commands used by the favorite backdoor of the Sednit group

The post A journey to Zebrocy land appeared first on WeLiveSecurity

Free resources for cybersecurity awareness and training are out there – links to many of them are provided here

The post Cybersecurity training and awareness: Helpful resources for educators appeared first on WeLiveSecurity

As San Francisco moves to regulate the use of facial recognition systems, we reflect on some of the many ‘faces’ of the fast-growing technology

The post What the ban on facial recognition tech will – and will not – do appeared first on WeLiveSecurity

ESET researchers detail how ASUS's cloud service has been abused to distribute the Plead malware; in other news, ESET's telemetry shows that the use of the EternalBlue exploit is reaching new highs

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Attack attempts involving the exploit are in hundreds of thousands daily

The post EternalBlue reaching new heights since WannaCryptor outbreak appeared first on WeLiveSecurity

The ESET survey of thousands of people in Asia-Pacific (APAC) provides valuable insight into their perceptions of cyber-threats and various common aspects of online security

The post Survey: What should companies do to restore trust post-breach? appeared first on WeLiveSecurity

You think you’re watching the games for free, but are you sure that's the case? Let’s review some of the risks that may come with free live streaming websites

The post Ice Hockey World Championship: The risks of free live streaming appeared first on WeLiveSecurity

ESET researchers have discovered that the attackers have been distributing the Plead malware via compromised routers and man-in-the-middle attacks against the legitimate ASUS WebStorage software

The post Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage appeared first on WeLiveSecurity

What are some of the most interesting takeaways from Verizon’s latest annual security report?

The post Verizon’s data breach report: What the numbers say appeared first on WeLiveSecurity

ESET researchers detail the modus operandi of LightNeuron, a Microsoft Exchange backdoor that leverages a previously unseen persistence mechanism

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

What are the main types of backup operations and how can you avoid the sinking feeling that comes with the realization that you may not get your data back?

The post Types of backup and five backup mistakes to avoid appeared first on WeLiveSecurity

The thieves bade their time before running off with more than 7,000 Bitcoin ‘in one fell swoop’

The post Hackers steal US$41 million worth of Bitcoin from cryptocurrency exchange appeared first on WeLiveSecurity

ESET research uncovers Microsoft Exchange malware remotely controlled via steganographic PDF and JPG email attachments

The post Turla LightNeuron: An email too far appeared first on WeLiveSecurity

ESET researchers document how cybercriminals abused the advertising network of Russia's leading search engine for malicious campaigns targeting accountants

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

A reflection on whether this approach to addressing IoT security challenges can ‘deliver the goods’ and how consumer awareness can help

The post The UK plans to legislate to secure IoT, but is it really the answer? appeared first on WeLiveSecurity

So, do you think you’ve been ‘pwned’? That’s the question to ask yourself today

The post World Password Day: A day to review your defenses appeared first on WeLiveSecurity

ESET researchers highlight a series of security holes in a device intended to make homes and offices more secure

The post D-Link camera vulnerability allows attackers to tap into the video stream appeared first on WeLiveSecurity

Criminal activities against accountants on the rise – Buhtrap and RTM still active

The post Buhtrap backdoor and ransomware distributed via major advertising platform appeared first on WeLiveSecurity

An analysis finds that '123456' is by far the most-commonly re-occurring password on breached accounts

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

On the good news front, the FBI notes the success of its newly-established team in recovering some of the funds lost in BEC scams

The post BEC fraud losses almost doubled last year appeared first on WeLiveSecurity

The notorious six-digit string continues to 'reign supreme' among the most-hacked passwords

The post Over 23 million breached accounts used ‘123456’ as password appeared first on WeLiveSecurity

Marcus Hutchins, who is best known for his inadvertent role in blunting the WannaCryptor outbreak two years ago, may now face a stretch behind bars

The post WannaCryptor ‘accidental hero’ pleads guilty to malware charges appeared first on WeLiveSecurity

Microsoft has admitted that some users of its web-based email services such as Outlook.com have had their account information and, in some cases, even email contents exposed

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

How approaching cybersecurity with creativity in mind can lead to better protection from digital threats

The post Embracing creativity to improve cyber-readiness appeared first on WeLiveSecurity

The gaming company has rolled out a fix for the remote code execution vulnerability, so make sure you run the platform's latest version

The post Bug in EA’s Origin client left gamers open to attacks appeared first on WeLiveSecurity

An extra layer of security never hurt anybody, and now you can turn your phone into a physical security key

The post Your Android phone can now double as a security key appeared first on WeLiveSecurity

Some users of Microsoft’s web-based email services such as Outlook.com had their account information exposed in an incident that, as it later emerged, also impacted email contents

The post Microsoft reveals breach affecting webmail users appeared first on WeLiveSecurity

More than 50 universities in the United Kingdom had their cyber-defenses tested by ethical hackers, and the 'grades' aren’t pretty

The post Hackers crack university defenses in just two hours appeared first on WeLiveSecurity

ESET researchers publish their findings on a new malware variant that the OceanLotus group uses to target Mac users

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The new wireless security protocol contains multiple design flaws that hackers could exploit for attacks on Wi-Fi passwords

The post WPA3 flaws may let attackers steal Wi-Fi passwords appeared first on WeLiveSecurity

Streaming media feature among services that take the spotlight in a report on credential-stuffing attacks in 2018

The post Credential-stuffing attacks behind 30 billion login attempts in 2018 appeared first on WeLiveSecurity