Rss Bot

The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. View the full article

Jason Kent, hacker-in-residence at Cequence, walks through online-retail card fraud and what to do about it. View the full article

Investigation reveals device sector is problem plagued when it comes to security bugs. View the full article

Saryu Nayyar of Gurucul discusses state and state-sponsored threat actors, the apex predators of the cybersecurity world. View the full article

The phones of 36 journalists were infected by four APTs, possibly linked to Saudi Arabia or the UAE. View the full article

The bugs rate 10 out of 10 on the vulnerability-severity scale, thanks to the ease of exploitation. View the full article

What are the riskiest links in the virtual healthcare chain? Threatpost readers weigh in as part of an exclusive telemed poll. View the full article

This post is originally published on Designmodo: How to Create Featured Images That Draw More Readers to Your Blog You’re familiar with how valuable images are on a website. They can: Break up otherwise long stretches of text. Visually complement the content on a page. Reinforce a brand’s visual identity and style. Simplify how many words are used to … For more information please contact Designmodo View the full article

Researchers predict software security will continue to struggle to keep up with cloud and IoT in the new year. View the full article

Examining the backdoor's DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign. View the full article

The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned. View the full article

Threat actors impersonate Google Play store in scam as Sony pulls the game off the PlayStation store due to myriad performance issues. View the full article

Sources said the DoE suffered "damage" in the attack, which also likely extends beyond the initially known SolarWinds Orion attack vector. View the full article

A critical unrestricted file upload bug in Contact Form 7 allows an unauthenticated visitor to take over a site running the plugin. View the full article

No charges for Dutch ethical hacker Victor Gevers who prosecutors say did actually access Trump’s Twitter account by guessing his password, “MAGA2020!” last October. View the full article

Meanwhile, Microsoft and other vendors are quickly moving to block the Sunburst backdoor used in the attack. View the full article

A poorly configured file opens users up to site takeover. View the full article

The worm returned in recent attacks against web applications, IP cameras and routers. View the full article

Mozilla Foundation releases Firefox 84 browser, fixing several flaws and delivering performance gains and Apple processor support. View the full article

Industrial, factory and medical gear remain largely unpatched when it comes to the URGENT/11 and CDPwn groups of vulnerabilities. View the full article

The insider threat will go to jail for two years after compromising Cisco's cloud infrastructure. View the full article

The attack was mounted via SolarWinds Orion, in a manual and targeted supply-chain effort. View the full article

Emails from legitimate, compromised accounts are being sent to numerous enterprise employees with the aim of stealing their O365 credentials. View the full article

The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims. View the full article

Software either is or will be vulnerable. It’s rare that you won’t have to update out-of-date, unsupported or end-of-life software. If your job description involves software or IT asset management (SAM/ITAM), this is part of your day-to-day and nothing particularly out of the ordinary. Then add onto those updates … Source View the full article