Security News

Find latest security news in the field of PC, Computer, Network Security.

• Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities
  XCSSET malware focuses on exploiting Safari and other browsers.
  
• CactusPete hackers go on European rampage with Bisonal backdoor upgrade
  The APT is attacking banks and military organizations in Eastern Europe.
  
• A simple telephony honeypot received 1.5 million robocalls across 11 months
  Researchers say that most campaigns take place in short-burst storms and that answering a robocall doesn't mean you'll be targeted more often in the future.
  
• 300,000 links taken down in crackdown on investment scams with bogus celebrity endorsements
  NCSC issues warning to criminals stealing money from people with the promise of get-rich-quick schemes from phoney celebrity testimonials that cost victims hundreds of millions a year.
  
• FBI and NSA expose new Linux malware Drovorub, used by Russian state hackers
  The FBI and NSA issue joint security alert containing technical details about new Linux malware developed by Russia's military hackers.
  
• Google: We'll test hiding the full URL in Chrome 86 to combat phishing
  Google aims to find out if showing only a domain name in the address bar will help Chrome users spot scams.
  
• Signal adds message requests to stop spam and protect user privacy
  New feature lets Signal users control who can text or voice call, add them to groups.
  
• In one click: Amazon Alexa could be exploited for theft of voice history, PII, skill tampering
  Subdomains belonging to the service were found to be harboring CORS errors and vulnerable to XSS attacks.
  
• FireEye’s bug bounty program goes public
  42 vulnerabilities in FireEye domains have, so far, been resolved.
  
• RedCurl cybercrime group has hacked companies for three years
  New stealthy Russian-speaking hacker group discovered.
  
• UPDATE: Canon Ransomware Attack Results in Leaked Data, Report
  The consumer-electronics giant had suffered partial outages across its U.S. website and internal systems reportedly, thanks to the Maze gang.
  
• Instagram Retained Deleted User Data Despite GDPR Rules
  The photo-sharing app retained people’s photos and private direct messages on its servers even after users removed them.
  
• NSA, FBI Warn of Linux Malware Used in Espionage Attacks
  A never before seen malware has been used for espionage purposes via Linux systems, warn the NSA and FBI in a joint advisory.
  
• CactusPete APT Hones Toolset, Resurfaces with New Espionage Targets
  The APT is becoming more sophisticated over time.
  
• Zoom Faces More Legal Challenges Over End-to-End Encryption
  The video-conferencing specialist has yet to roll out full encryption, but it says it's working on it.
  
• New Global Threat Landscape Report Reveals ‘Unprecedented’ Cyberattacks
  Fortinet's recently released Global Threat Landscape Report shows how the perimeter is extending to the home in the first half of 2020 - and what that means for cybercrime.
  
• ReVoLTE Attack Allows Hackers to Listen in on Mobile Calls
  Rare attack on cellular protocol exploits an encryption-implementation flaw at base stations to record voice calls.
  
• High-Severity TinyMCE Cross-Site Scripting Flaw Fixed
  The cross-site scripting flaw could enable arbitrary code execution, information disclosure - and even account takeover.
  
• Amazon Alexa ‘One-Click’ Attack Can Divulge Personal Data
  Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices.
  
• Citrix Warns of Critical Flaws in XenMobile Server
  Citrix said that it anticipates malicious actors "will move quickly to exploit" two critical flaws in its mobile device management software.