Category: News

From latesthackingnews.com

Online data privacy is a prominent topic in the digital space. The increased transfer of data from analog to digital puts our data at risk. The world has, in recent years, experienced many cases of data breaches. One of the major data breaches is Equifax, which impacted millions. Cases of data breaches don’t just only lead to the loss of crucial user information. It also leads to monetary losses. For instance, Equifax paid about $700 million to consumers as settlements. With such facts, it makes a lot of sense to take the available measures to ensure data security.

Read more…

From gbhackers.com

The latest advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA) along with the FBI, states that they are aware of an Iranian Advanced Persistent Threat (APT) actor targeting US websites, including election websites.

It is believed that a group of hackers have accessed the voter data and have sent out thousands of threatening emails, reading “You will vote for Trump on Election Date or we will come after you”.

Read more…

From tenable.com

On October 29, Dr. Johannes Ullrich, Dean of Research at SANS Internet Storm Center (ISC), published a post disclosing active exploitation of a critical vulnerability in Oracle WebLogic Server just over a week after a patch was released in Oracle’s October 2020 Critical Patch Update (CPU). Ulrich observed the attacks against one of his honeypots within a day of a proof of concept (PoC) becoming publicly available. The post notes that the exploitation against the honeypot was only probing to determine if the device was vulnerable; follow-up requests could not be analyzed as the honeypot was configured to respond with an “incorrect” response. Ulrich assumes that all IPv4 addresses have been scanned for this vulnerability as he has witnessed scans slow down. Ulrich also warns that if your server is vulnerable “assume it has been compromised.”

Read more…

From itproportal.com

Much of a company’s reputation rests on the strength of its website. Performance, functionality, design, and usability must all be optimized to ensure prospective customers are impressed by your operation. Letting one element slip could see them turn to your competitors, impacting your bottom line. 

Read more…

From zdnet.com

Security researchers from Google have disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation.

The zero-day is expected to be patched on November 10, which is the date of Microsoft’s next Patch Tuesday, according to Ben Hawkes, team lead for Project Zero, Google’s elite vulnerability research team.

On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week.

Read more…

From scmagazine.com

New research found that business email compromise (BEC) attacks focused on invoice or payment fraud and targeting group mailboxes increased 212 percent from second to third quarter.

While invoice and payment fraud attacks on the c-suite are still prevalent, the sharp rise in attacks on group email boxes was significant because it pointed to a new favorite attack vector.

Read more…

From darkreading.com

Free program lets students solve real-world security problems – and learn about cybersecurity.

K-12 computer science teacher Scott Dooley a few years ago was facing a conundrum: he saw massive job growth in cybersecurity and a pipeline of great entry-level jobs, but he couldn’t find the right resources or content to connect his students with the opportunities to truly learn cybersecurity and gain an interest in the field.

“I wanted something they could actually use,” says Dooley, who teaches inner-city and low-income students at Indianapolis-based Christel House Academy South. But most of what was out there was “really dry,” he says.

“I found I was teaching about cybersecurity rather than teaching cybersecurity,” Dooley says. “I needed inquiry-based things where the kids could get in and play around with stuff.” Indeed, he went so far as to ask the school’s IT department to open up their network for his students to probe (they said no).

Read more…