News

Penetration tests have long been known as a critical security tool that exposes security weaknesses through simulated attacks on an organization's IT environments. These test results can help prioritize weaknesses, providing a road-map towards remediation. However, the results are also capable of doing even more. They identify and quantify security risk, and can be used as a keystone in

Great news for iOS users! You can now use your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication. Android users have had this feature on their smartphones since last year, but now Apple product owners can also use this advanced, phishing-resistant form of

After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products. What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019

Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator. It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users. Moreover, none of the security vulnerabilities patched this month were either publicly disclosed or

There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization. Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we'll refer to this individual as the CISO. This person is the

It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC

Attention! Are you using Firefox as your web browsing software on your Windows, Linux, or Mac systems? If yes, you should immediately update your free and open-source Firefox web browser to the latest version available on Mozilla's website. Why the urgency? Mozilla earlier today released Firefox 72.0.1 and Firefox ESR 68.4.1 versions to patch a critical zero-day vulnerability in its browsing

TikTok, the 3rd most downloaded app in 2019, is under intense scrutiny over users' privacy, censoring politically controversial content and on national-security grounds—but it's not over yet, as the security of billions of TikTok users would be now under question. The famous Chinese viral video-sharing app contained potentially dangerous vulnerabilities that could have allowed remote attackers

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store⁠—you have been hacked and being tracked. These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber

January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7. From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day. Cynet 360 autonomous breach protection is a

Internet-connected devices have been one of the most remarkable developments that have happened to humankind in the last decade. Although this development is a good thing, it also stipulates a high security and privacy risk to personal information. In one such recent privacy mishap, smart IP cameras manufactured by Chinese smartphone maker Xiaomi found mistakenly sharing surveillance footage

Landry's, a popular restaurant chain in the United States, has announced a malware attack on its point of sale (POS) systems that allowed cybercriminals to steal customers' payment card information. Landry's owns and operates more than 600 bars, restaurants, hotels, casinos, food and beverage outlets with over 60 different brands such as Landry's Seafood, Chart House, Saltgrass Steak House,

Advanced persistent threats (APTs) have emerged to be legitimate concerns for all organizations. APTs are threat actors that breach networks and infrastructures and stealthily lurk within them over extended spans of time. They typically perform complex hacks that allow them to steal or destroy data and resources. According to Accenture, APTs have been organizing themselves into groups that

The cybersecurity of a company is heavily reliant upon the skills and knowledge of the people who install, manage, and operate its security products. This means that recruiting and nurturing the best security team possible should be a CISO's top priority. Cynet's Ultimate Cybersecurity Job Posting Templates (download here) provide a list of the main responsibilities and skills for typical

A 22-year-old man who claimed to have access to over 300 million iCloud accounts and threatened to factory reset all accounts unless Apple pays ransom has pleaded guilty in London for trying to blackmail Apple. In March 2017, Kerem Albayrak from North London claimed to be a spokesman for a hacking group called the "Turkish Crime Family" and in possession of 319 million iCloud accounts.

Three members of an international organized cybercrime group that was behind a multi-million dollar theft primarily against U.S. businesses and financial institutions have been sentenced to prison, the U.S. Justice Department announced. The criminals used the GozNym banking Trojan to break into more than 4,000 victim computers globally, primarily in the United States and Europe, between 2015

As promised by Apple in August this year, the company today finally opened its bug bounty program to all security researchers, offering monetary rewards to anyone for reporting vulnerabilities in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company. Since its launch three years ago, Apple's bug bounty program was open only for selected security researchers based on invitation and

Have you stopped at any Wawa convenience store and used your payment card to buy gas or snacks in the last nine months? If yes, your credit and debit card details may have been stolen by cybercriminals. Wawa, the Philadelphia-based gas and convenience store chain, disclosed a data breach incident that may have exposed payment card information of thousands of customers who used their cards at

If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time. Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three "moderately critical" vulnerabilities in its core system. Considering that Drupal-powered websites are

There's hardly any business nowadays that don't use computers and connect to the Internet. Companies maintain an online presence through their official websites, blogs, and social media pages. People use online services to conduct day to day activities like banking. And of course, there are many businesses that are completely based on the web like online markets, e-Commerce websites and

A British man suspected to be a member of 'The Dark Overlord,' an infamous international hacking group, has finally been extradited to the United States after being held for over two years in the United Kingdom. Nathan Francis Wyatt, 39, appeared in federal court in St. Louis, Missouri, on Wednesday to face charges related to his role in hacking healthcare and accounting companies in the U.S.

Besides rewarding ethical hackers from its pocket for responsibly reporting vulnerabilities in third-party open-source projects, Google today announced financial support for open source developers to help them arrange additional resources, prioritizing the security of their products. The initiative, called "Patch Rewards Program," was launched nearly 6 years ago, under which Google rewards

LifeLabs, the largest provider of healthcare laboratory testing services in Canada, has suffered a massive data breach that exposed the personal and medical information of nearly 15 million Canadians customers. The company announced the breach in a press release posted on its website, revealing that an unknown attacker unauthorizedly accessed its computer systems last month and stole customers

Cybercriminals are busy innovators, adapting their weapons and attack strategies, and ruthlessly roaming the web in search of their next big score. Every manner of sensitive information, such as confidential employee records, customers' financial data, protected medical documents, and government files, are all subject to their relentless threats to cybersecurity. Solutions span a broad

2010-2019 decade will be remembered as the time in which cybersecurity became acknowledged as a critical concern for all organizations. With rapidly growing security needs and respective budgets, it is now more essential than ever for security decision-makers to zoom out of the 'products' mindset and assess their security stack in light of the overall breach protection value that their

With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data…

As we are about to enter the new year, it’s ritualistic to reflect on our experiences from the passing year and make resolutions for the New Year. Most people make resolutions around good heath, their life goals, etc. Here is a different angle to our routine resolutions’ list – Security…

With the growing incidences of cyber-attacks, it has become indispensable for us to prepare our kids to face the challenges of cyber security head-on, rather than shy away from them. While schools do their best to make kids aware of the good and bad of using the internet, parents are…

The year 2019 saw several new and recurring incidences of cyber-attacks, giving enterprises sleepless nights and the general public a run for security cover. However, there were a few trending malware that kept creating havoc and continued to keep the security experts on toes! Here’s a quick insight on few…

Cyber-attacks and cybercrimes are no more only about metro cities of India. In fact, cyber criminals are quick to shift their attention to smaller cities, owing to the fact that people/businesses in smaller cities are less familiar with the need or importance of cyber security. This makes it easier for…

The recent news of Pegasus spyware attack via WhatsApp that targeted lawyers, journalists and human rights activists, offers an astonishing revelation on the kind of havoc such spyware can create. We covered the topic extensively, recently. The frequent media buzz about the recent incident of snooping by Pegasus spyware which…

Microsoft has recently come up with a new update for Windows 10 PCs, called Windows 10 November 2019 Update (Build Version 1909). Here we’ll list down some of the highlights of this update and see how Quick Heal is compatible with this OS. Highlights of Windows 10 November 2019 Update Enhanced…

It’s Children’s Day and there couldn’t be a better day to pledge the security of our young minds, not just in the physical world but also virtual world. While technology has improved our lives in ways beyond our control and provided our kids with an ocean of knowledge, we cannot…

Most companies employ strict security practices when it comes to the security of their office and infrastructure. There are security guards to monitor the entry and exit, surveillance cameras in place for 360° view and system administrators to keep a check on the security of systems and networks. While most…

CVE-2019-0708, popularly known as BlueKeep, is a RDP pre-authentication vulnerability which allows attacker to compromise a vulnerable system without user’s interaction. This exploit is also wormable, meaning that it can spread to other vulnerable systems in a similar way as the WannaCry malware spread across the globe in 2017. Interestingly,…

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

In a continued bid to make breach data available to the government departments around the world tasked with protecting their citizens, I'm very happy to welcome the first country onto Have I Been Pwned for 2020 - Denmark! The Danish Centre for Cyber Security (CFCS) joins the existing 7 governments

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

I really should have started the video about 3 minutes earlier. Had I done that, you'd have caught me toppling backwards into the frangipani tree whilst trying to position my chair and camera which frankly, would have made for entertaining viewing. Instead, this week's update is focused primarily on a

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

This is a blog post about disclosure, specifically the difficulty with doing it in a responsible fashion as the reporter whilst also ensuring the impacted organisation behaves responsibly themselves. It's not a discussion we should be having in 2020, a time of unprecedented regulatory provisions designed to prevent precisely the

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

I couldn't get 2 days into the new decade without having to deal with ridiculous password criteria from Tik Tok followed by my phone automatically associating with what it thought was my washing machine whilst in a grocery store on the other side of the world (yep, you read that

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

Cookies like to get around. They have no scruples about where they go save for some basic constraints relating to the origin from which they were set. I mean have a think about it:

If a website sets a cookie then you click a link to another page on that

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

Sitting down to do this one today I thought it would be brief, turns out a bit more ended up on the agenda than I expected. The GoGetSSL bit in particular was unfolding as I recorded and to their credit, they later apologised for their "rude messages" which is a

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

When is data "public"? And what does "public" even mean? Does it mean it's merely visible to the public? Or does it mean the public can do anything they like with it? This discussion comes up time and time again as it did with the huge leak of PDL data

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

Monday: 40C and lapping up the Gold Coast sunshine. Wednesday: -8C and lapping up... Juicy IPA! I'm back in Oslo and catching up with the locals including running a roundtable discussion for CSOs at Microsoft, visiting the Norwegian National Cyber Security Centre (recently onboarded to HIBP) and chatting with Forbrukerrådet,

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

Back in July last year, Scott Helme and I shipped a little pet project that tracked the world's largest websites not implementing HTTPS by default. We called it Why No HTTPS? and it gave people a way to see the largest websites not taking transport layer security seriously. We also

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

I recorded this right before heading out for my final conference talk of the year at YOW! Melbourne where I was due to do the closing keynote of the event. That's now done, questions answered and beers drunk and I left the event feeling great. One of the things I

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

Last month, Disney launched their new streaming service Disney+; "The best stories in the world, all in one place", apparently. The service was obviously rather popular because within days the tech (and mainstream) headlines were proclaiming that thousands of hacked Disney+ accounts were already for sale on hacking forums. This

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

I'm presently on the YOW! conference tour which means doing the same keynote three times over in Sydney, Brisbane and Melbourne. It's my first time back at YOW! since 2015 and it's always a nice way to wrap up the year, especially the Brisbane leg I'm on at the moment

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

It's summer! Yes, I know it's back to front for many of you but Dec 1 means it's sunnier than ever here. Regardless, this week I've been at DDD in Brisbane, written my 10 year old son Ari and I running kids coding clubs in Oslo (cold) and London (rainy)

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

I recently had the pleasure of spending a few days in Switzerland, firstly in Geneva visiting (and speaking at) CERN followed by a visit to the nation's capital, Bern. There I spent some time with a delegation of the National Cybersecurity Centre discussing the challenges they face and where HIBP

Presently sponsored by: Shape – App Security & Fraud Summit. Join the Virtual Web Session: Protecting Against Compromised Credentials Before They Hit The Dark Web

When I first started writing code a few decades ago, it was a rather bland affair involving a basic text editor and physical books for reference. I didn't have an opportunity to create anything usable by others until years later and perhaps most importantly in the context of this blog

Microsoft plugs a serious hole in Windows – Your options after Windows 7 end of life – iPhones as security keys for Google accounts

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

A subscription to the trove of personal details could be had for as little as $2

The post FBI shuts down website selling billions of stolen records appeared first on WeLiveSecurity

And it doesn’t require much more than downloading a dedicated app

The post You can now turn your iPhone into a Google security key appeared first on WeLiveSecurity

An ESET-commissioned survey sheds light on the browsing habits of Australians and how they protect themselves online

The post Cyberawareness in Australia: The good and the bad appeared first on WeLiveSecurity

The company will also soon launch anti-fingerprinting measures aimed at detecting and mitigating covert tracking and workarounds

The post Google to end support for third‑party cookies in Chrome appeared first on WeLiveSecurity

The US intelligence agency expects attackers to waste no time in developing tools aimed at exploiting the vulnerability

The post Microsoft patches severe Windows flaw after tip‑off from NSA appeared first on WeLiveSecurity

Multiple cable modem models from various manufacturers found vulnerable to takeover attacks

The post Millions of modems at risk of remote hijacking appeared first on WeLiveSecurity

Today, Microsoft is officially pulling the plug on its support for Windows 7. What’s your plan?

The post Windows 7 end of life: Time to move on appeared first on WeLiveSecurity

When it comes to protection against this insidious type of scam, the telcos’ authentication procedures leave a lot be desired, a study finds

The post 5 major US wireless carriers vulnerable to SIM swapping attacks appeared first on WeLiveSecurity

Some takeaways from CES 2020 – Firefox update plugs a zero-day – Facebook cracks down on deepfakes

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

As software becomes more important than ever, how can engaging the security industry make the road ahead less winding?

The post Connected cars: How to improve their connection to cybersecurity appeared first on WeLiveSecurity

The US cybersecurity agency warns that the critical vulnerability could allow attackers to take control of people's computers

The post Mozilla rushes out patch for Firefox zero‑day appeared first on WeLiveSecurity

No one has a road map for securing a connected city – but there should be a whole atlas of such maps

The post CES – Taking a smart city for a test drive appeared first on WeLiveSecurity

Footage defined as parody or satire will be permitted, as the social network isn’t slamming the door on all types of manipulated media

The post Facebook bans deepfakes but not all altered content appeared first on WeLiveSecurity

ESET experts offered some valuable advice this week to help keep your digital life secure in the new year

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

A Xiaomi security camera owner reports receiving random images from strangers’ homes

The post Google disables Xiaomi smart home integration after camera bug appeared first on WeLiveSecurity

As we enter the New Year, be sure to keep up, or adopt, these good data security habits to avoid identity theft

The post Simple steps to protect yourself against identity theft appeared first on WeLiveSecurity

In the second blogpost of this two-part series we'll suggest handy tips to help enhance the security of your mobile devices

The post 20 tips for 2020: Be smarter with your smartphone appeared first on WeLiveSecurity

In the first instalment of this two-article series we will be looking at cybersecurity habits to avoid when using your computing devices

The post 20 tips for 2020: Mistakes to avoid appeared first on WeLiveSecurity

It’s not a stretch to surmise that the incident was enabled by poor security settings

The post Prison surveillance footage posted on YouTube appeared first on WeLiveSecurity

Disposing of old tech isn’t a one-click solution; there are multiple things you have to consider before moving on to greener pastures

The post How to get rid of your old devices safely appeared first on WeLiveSecurity

What are some of the key things you should do with your shiny new device as soon as you unbox it?

The post How to secure your digital Christmas presents appeared first on WeLiveSecurity

ESET's free BlueKeep vulnerability checker – Dangerous PayPal-themed scam – This year's worst passwords

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

An ongoing phishing scam uncovered by ESET researchers seeks to wreak havoc on your money and digital life in one fell swoop

The post Ambitious scam wants far more than just PayPal logins appeared first on WeLiveSecurity

Malware and legal requirements force academics and students to join a near-endless line in order to pick up their passwords

The post 38,000 people forced to pick up email passwords in person appeared first on WeLiveSecurity

Brute-force attacks and BlueKeep exploits usurp convenience of direct RDP connections; ESET releases a tool to test your Windows machines for vulnerable versions

The post It’s time to disconnect RDP from the internet appeared first on WeLiveSecurity

These passwords may win the popularity contest but lose flat out in security

The post The worst passwords of 2019: Did yours make the list? appeared first on WeLiveSecurity

ESET's Cybersecurity Trends 2020 report is out – New Chrome feature boosts account security – Hundreds of thousands of birth certificate applications leaked online

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

The second authentication factor might be a minor inconvenience, but it provides a major security boost

The post 2FA: Double down on your security appeared first on WeLiveSecurity

The browser’s latest version also aims to up the ante in phishing protection

The post Chrome now warns you if your password has been stolen appeared first on WeLiveSecurity

A variety of sensitive information has been there for the taking due to an unsecured cloud storage container

The post Data leak exposes 750,000 birth certificate applications appeared first on WeLiveSecurity

With 2019 ending, ESET experts offer their insights into how new innovations will impact our privacy, security and lives in the not so distant future

The post Cybersecurity Trends 2020: Technology is getting smarter – are we? appeared first on WeLiveSecurity

How can people who didn’t grow up with technology protect themselves against some of the most common types of online fraud?

The post 5 scam prevention tips for seniors appeared first on WeLiveSecurity

On the implications of facial recognition for privacy and security – Data privacy tips for businesses – Red flags for cyberbullying. All this in Week in security.

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

What are some of the most common warning signs that your child is experiencing online harassment?

The post How to spot if your child is a victim of cyberbullying appeared first on WeLiveSecurity

Google keeps pushing in its mission for broader encryption adoption

The post 80% of all Android apps encrypt traffic by default appeared first on WeLiveSecurity

What issues would face scanning attached to a mobile device resolve and, if used correctly, would it make the incursion into my privacy acceptable?

The post Face scanning – privacy concern or identity protection? appeared first on WeLiveSecurity

IM-RAT, which could be had for as little as US$25, was bought by nearly 15,000 people

The post Notorious spy tool taken down in global operation appeared first on WeLiveSecurity

Smart selections when starting small can ease the pain as you scale up your company’s privacy infrastructure

The post 5 personal (and cheap) data privacy tools that scale for business appeared first on WeLiveSecurity

ESET researchers detail how the operators of the Stantinko botnet have expanded their toolset with a new means of profiting from computers under their control

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

A device that is supposed to help parents keep track of their children and give them a peace of mind can be turned into a surveillance device

The post Smartwatch exposes locations and other data on thousands of children appeared first on WeLiveSecurity

Black Friday and Cyber Monday are just around the corner and scammers are gearing up to flood you with bogus offers

The post 5 scams to watch out for this shopping season appeared first on WeLiveSecurity

UPbit has announced that, as a precaution, all transactions will remain suspended for at least two weeks

The post Cryptocurrency exchange loses US$50 million in apparent hack appeared first on WeLiveSecurity

ESET researchers have discovered that the criminals behind the Stantinko botnet are distributing a cryptomining module to the computers they control

The post Stantinko botnet adds cryptomining to its pool of criminal activities appeared first on WeLiveSecurity

How the field of play has changed and why endpoint protection still often comes down to doing the basics, even in the face of increasingly complex threats

The post CyberwarCon – the future of nation‑state nastiness appeared first on WeLiveSecurity

ESET researchers publish their findings on Mispadu, a banking trojan targeting Brazil and Mexico, and on DePriMon, a downloader with a unique installation technique

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

Experts weigh in on whether schools should teach kids the skills they need to safely reap the benefits of the online world

The post Should cybersecurity be taught in schools? appeared first on WeLiveSecurity

ESET researchers have discovered a new downloader with a novel, not previously seen in the wild installation technique

The post Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon appeared first on WeLiveSecurity

From professional backgrounds to competitive salaries – a study delves into what it takes to build strong cybersecurity teams

The post What does it take to attract top cybersecurity talent? appeared first on WeLiveSecurity

Another in our occasional series demystifying Latin American banking trojans

The post Mispadu: Advertisement for a discounted Unhappy Meal appeared first on WeLiveSecurity