• Three Charged in July 15 Twitter Compromise

    Three individuals have been charged for their alleged roles in the July 15 hack on Twitter, an incident that resulted in Twitter profiles for some of the world's most recognizable celebrities, executives and public figures sending out tweets advertising a bitcoin scam. 

  • Is Your Chip Card Secure? Much Depends on Where You Bank

    Chip-based credit and debit cards are designed to make it infeasible for skimming devices or malware to clone your card when you pay for something by dipping the chip instead of swiping the stripe. But a recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology to sidestep key chip card security features and effectively create usable, counterfeit cards.

  • Here’s Why Credit Card Fraud is Still a Thing

    Most of the civilized world years ago shifted to requiring computer chips in payment cards that make it far more expensive and difficult for thieves to clone and use them for fraud. One notable exception is the United States, which is still lurching toward this goal. Here's a look at the havoc that lag has wrought, as seen through the purchasing patterns at one of the underground's biggest stolen card shops that was hacked last year.

  • Business ID Theft Soars Amid COVID Closures

    Identity thieves who specialize in running up unauthorized lines of credit in the names of small businesses are having a field day with all of the closures and economic uncertainty wrought by the COVID-19 pandemic, KrebsOnSecurity has learned. This story is about the victims of a particularly aggressive business ID theft ring that's spent years targeting small businesses across the country and is now pivoting toward using that access for pandemic assistance loans and unemployment benefits.

  • Thinking of a Cybersecurity Career? Read This

    Thousand of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here's a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields can better stand out from the crowd.

Hacker News
  • 17-Year-Old 'Mastermind', 2 Others Behind the Biggest Twitter Hack Arrested

    A 17-year-old teen and two other 19 and 22-year-old individuals have reportedly been arrested for being the alleged mastermind behind the recent Twitter hack that simultaneously targeted several high-profile accounts within minutes as part of a massive bitcoin scam. According to the U.S. Department of Justice, Mason Sheppard, aka "Chaewon," 19, from the United Kingdom, Nima Fazeli, aka "Rolex,"

  • EU sanctions hackers from China, Russia, North Korea who're wanted by the FBI

    The Council of the European Union has imposed its first-ever sanctions against persons or entities involved in various cyber-attacks targeting European citizens, and its member states. The directive has been issued against six individuals and three entities responsible for or involved in various cyber-attacks, out of which some publicly known are 'WannaCry', 'NotPetya', and 'Operation Cloud

  • New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks

    Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server. Remote timing attacks that work over a network connection are predominantly affected by variations in network transmission time (or jitter), which, in turn, depends on the load of the network

  • Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes

    Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but according to Tom Anthony, VP Product at SearchPilot who identified the issue, the lack of rate

  • Critical GRUB2 Bootloader Bug Affects Billions of Linux and Windows Systems

    A team of cybersecurity researchers today disclosed details of a new high-risk vulnerability affecting billions of devices worldwide—including servers and workstations, laptops, desktops, and IoT systems running nearly any Linux distribution or Windows system. Dubbed 'BootHole' and tracked as CVE-2020-10713, the reported vulnerability resides in the GRUB2 bootloader, which, if exploited, could

US-Cert Alert
ISO...
10...
How...
How...
About...
  • Vulnerability Summary for the Week of July 20, 2020

    Original release date: July 27, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info adobe -- […]

  • Vulnerability Summary for the Week of July 13, 2020

    Original release date: July 20, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info advantech -- iview   […]

  • Vulnerability Summary for the Week of July 6, 2020

    Original release date: July 13, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info atlassian -- […]

  • Vulnerability Summary for the Week of June 29, 2020

    Original release date: July 6, 2020 | Last revised: July 13, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available. High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info […]

  • Vulnerability Summary for the Week of June 22, 2020

    Original release date: June 29, 2020 | Last revised: July 13, 2020 The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.   High Vulnerabilities Primary Vendor -- Product Description Published CVSS Score Source & Patch Info […]


  • Cisco Releases Security Updates for Multiple Products

    Original release date: July 30, 2020Cisco has released security updates to address vulnerabilities affecting multiple products. An unauthenticated, remote attacker could exploit some of these […]

  • GNU GRUB2 Vulnerability

    Original release date: July 30, 2020 | Last revised: July 31, 2020Free Software Foundation GNU Project's multiboot boot loader, GNU GRUB2, contains a vulnerability—CVE-2020-10713—that a […]

Security Highlights
  • Week in security with Tony Anscombe

    New ESET Threat Report is out – Defending against Thunderspy attacks – Thousands of databases wiped in Meow attacks The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

  • Twitter breach: Staff tricked by ‘phone spear phishing’

    The attackers exploited the human factor to gain access to Twitter’s internal systems and the accounts of some of the world’s most prominent figures The post Twitter breach: Staff tricked by ‘phone spear phishing’ appeared first on WeLiveSecurity

  • 10 billion records exposed in unsecured databases, study says

    The databases contain personal information that could be used for phishing attacks and identity theft schemes The post 10 billion records exposed in unsecured databases, study says appeared first on WeLiveSecurity

  • ESET Threat Report Q2 2020

    A view of the Q2 2020 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts The post ESET Threat Report Q2 2020 appeared first on WeLiveSecurity

  • FBI warns of disruptive DDoS amplification attacks

    The Bureau expects cybercriminals to increasingly abuse new threat vectors for large-scale DDoS attacks The post FBI warns of disruptive DDoS amplification attacks appeared first on WeLiveSecurity