Security News

Find latest security news in the field of PC, Computer, Network Security.

• CloudLinux releases UChecker security tool for Linux servers
  CloudLinux, best known for its CentOS work, is releasing UChecker, its Linux server security scanner.
  
• Deloitte scoops up digital risk protection company Terbium Labs
  Deloitte said that adding the Terbium Labs business to its portfolio would enable the company to offer clients another way to continuously monitor for data exposed on the open, deep, or dark web.
  
• Critical remote code execution flaw in thousands of VMWare vCenter servers remains unpatched
  Close to a month on, internet-facing servers remain vulnerable to attack.
  
• NATO: Series of cyberattacks could be seen as the same threat as an armed attack
  The age of ransomware raises questions over NATO's policies on state-sponsored cyberattacks and ransomware.
  
• Microsoft disrupted this large cloud-based business email scam operation
  Microsoft uncovers how scammers used phishing and email-forwarding rules to target businesses' financial information.
  
• Western Australia finally thinks about quarantining COVID check-in info from cops
  In June 2021, the Australian hard border state has begun the process of protecting COVID contact tracing information from law enforcement, after WA Police have already used it.
  
• Pandemic prompts digital ‘boom’ in account creation - as well as password fatigue
  Lockdown forced many of us online and this hasn't helped our security postures.
  
• Nationally-known Australian company lawyered up to resist ASD help
  The hacked company resisted Australian Signals Directorate involvement for weeks, and accepted only generic advice. Three months later, they were reinfected.
  
• Stripe launches Stripe Identity, an identity verification tool for online businesses
  The self-service tool is designed to help businesses reduce payments fraud, prevent account takeovers and stop bad actors.
  
• This data and password-stealing malware is spreading in an unusual way
  Malicious PDF documents and pages are being used to push web users to malware.
  
• Malicious PDFs Flood the Web, Lead to Password-Snarfing
  SolarMarker makers are using SEO poisoning, stuffing thousands of PDFs with tens of thousands of pages full of SEO keywords & links to redirect to the malware.
  
• Microsoft Disrupts Large-Scale, Cloud-Based BEC Campaign
  Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations.
  
• Insider Risks In the Work-From-Home World
  Forcepoint’s Michael Crouse talks about risk-adaptive data-protection approaches and how to develop a behavior-based approach to insider threats and risk, particularly with pandemic-expanded network perimeters.
  
• SASE & Zero Trust: The Dream Team
  Forcepoint’s Nico Fischbach, global CTO and VPE of SASE, and Chase Cunningham, chief strategy officer at Ericom Software, on using SASE to make Zero Trust real.
  
• Microsoft Gets Second Shot at Banning hiQ from Scraping LinkedIn User Data
  Decision throws out previous ruling in favor of hiQ Labs that prevented Microsoft’s business networking platform to forbid the company from harvesting public info from user profiles.
  
• Apple Hurries Patches for Safari Bugs Under Active Attack
  Apple patched two bugs impacting its Safari browser WebKit engine that it said are actively being exploited.
  
• Utilities ‘Concerningly’ at Risk from Active Exploits
  Utilities’ vulnerability to application exploits goes from bad to worse in just weeks.  
  
• Microsoft Teams: Very Bad Tabs Could Have Led to BEC
  Attackers could have used the bug to get read/write privileges for a victim user’s email, Teams chats, OneDrive, Sharepoint and loads of other services.
  
• Moobot Milks Tenda Router Bugs for Propagation
  An analysis of the campaign revealed Cyberium, an active Mirai-variant malware hosting site.
  
• Volkswagen Vendor Exposed Data of 3.3m Drivers
  Nearly all of the leaked data was for owners or wannabe owners of the automaker’s luxury brand of Audis, now at greater risk for phishing, ransomware or car theft.