• The Now-Defunct Firms Behind 8chan, QAnon

    Some of the world's largest Internet firms have taken steps to crack down on disinformation spread by QAnon conspiracy theorists and the hate-filled anonymous message board 8chan. But according to a California-based security researcher, those seeking to de-platform these communities may have overlooked a simple legal solution to that end: Both the Nevada-based web hosting company owned by 8chan's current figurehead and the California firm that provides its sole connection to the Internet are defunct businesses in the eyes of their respective state regulators. In practical terms, what this means is that the legal contracts which granted these companies temporary control over large swaths of Internet address space are now null and void, and American Internet regulators would be well within their rights to cancel those contracts and reclaim the space.

  • QAnon/8Chan Sites Briefly Knocked Offline

    A phone call to an Internet provider in Oregon on Sunday evening was all it took to briefly sideline multiple websites related to 8chan/8kun -- a controversial online image board linked to several mass shootings -- and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global child sex-trafficking ring and plotting against President Donald Trump. Following a brief disruption, the sites have come back online with the help of an Internet company based in St. Petersburg, Russia.

  • Breach at Dickey’s BBQ Smokes 3M Cards

    One of the digital underground's most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the payment card data was stolen in a two-year-long data breach at more than 100 Dickey's Barbeque Restaurant locations around the country.

  • Microsoft Patch Tuesday, October 2020 Edition

    It's Cybersecurity Awareness Month! In keeping with that theme, if you (ab)use Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means it's once again time to backup and patch up.

  • Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

    Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot, a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant's trademarks. However, it appears the operation has not completely disabled the botnet.

Hacker News
  • New Framework Released to Protect Machine Learning Systems From Adversarial Attacks

    Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning (ML) systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to organize the different techniques employed by malicious adversaries in subverting ML systems. Just

  • New Chrome 0-day Under Active Attacks – Update Your Browser Now

    Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. Google released Chrome version 86.0.4240.111 today to patch several security high-severity issues, including a zero-day vulnerability that has been exploited in the wild by attackers to

  • Popular Mobile Browsers Found Vulnerable To Address Bar Spoofing Attacks

    Graphic for illustration Cybersecurity researchers on Tuesday disclosed details about an address bar spoofing vulnerability affecting multiple mobile browsers, such as Apple Safari and Opera Touch, leaving the door open for spear-phishing attacks and delivering malware. Other impacted browsers include UCWeb, Yandex Browser, Bolt Browser, and RITS Browser. The flaws were discovered by Pakistani

  • Windows GravityRAT Malware Now Also Targets macOS and Android Devices

    A Windows-based remote access Trojan believed to be designed by Pakistani hacker groups to infiltrate computers and steal users' data has resurfaced after a two-year span with retooled capabilities to target Android and macOS devices. According to cybersecurity firm Kaspersky, the malware — dubbed "GravityRAT" — now masquerades as legitimate Android and macOS apps to capture device data, contact

  • Download Ultimate 'Security for Management' Presentation Template

    There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization. Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we'll refer to this individual as the CISO. This person is the

US-Cert Alert
ISO...
10...
How...
How...
About...
  • Vulnerability Summary for the Week of October 12, 2020

    Original release date: October 19, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info foxitsoftware -- […]

  • Vulnerability Summary for the Week of October 5, 2020

    Original release date: October 12, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info artica -- […]

  • Vulnerability Summary for the Week of September 28, 2020

    Original release date: October 5, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info cpanel -- cpanel […]

  • Vulnerability Summary for the Week of September 21, 2020

    Original release date: September 28, 2020  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info aveva -- edna_enterprise_data_historian An SQL injection vulnerability exists in the Alias.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Parameter AliasName in Alias.asmx is vulnerable to unauthenticated SQL injection attacks. An attacker can send […]

  • Vulnerability Summary for the Week of September 14, 2020

    Original release date: September 21, 2020  High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info apache -- struts Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. 2020-09-14 7.5 CVE-2019-0230 MISC dlink -- covr-2600r_firmware D-Link COVR-2600R and COVR-3902 Kit before […]


Security Highlights
  • Week in security with Tony Anscombe

    Security challenges for connected medical devices – Zero-day in Chrome gets patched – How to avoid USB drive security woes The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

  • Securing medical devices: Can a hacker break your heart?

    Why are connected medical devices vulnerable to attack and how likely are they to get hacked? Here are five digital chinks in the armor. The post Securing medical devices: Can a hacker break your heart? appeared first on WeLiveSecurity

  • Fraudsters crave loyalty points amid COVID‑19

    Scammers even run their own dark-web “travel agencies”, misusing stolen loyalty points and credit card numbers The post Fraudsters crave loyalty points amid COVID‑19 appeared first on WeLiveSecurity

  • Google patches Chrome zero‑day under attack

    In addition to patching the actively exploited bug, the update also brings fixes for another four security loopholes The post Google patches Chrome zero‑day under attack appeared first on WeLiveSecurity

  • How safe is your USB drive?

    What are some of the key security risks to be aware of when using USB flash drives and how can you mitigate the threats? The post How safe is your USB drive? appeared first on WeLiveSecurity