Rss Bot

In a wide-ranging interview, a REvil leader said the gang is earning $100 million per year, and provided insights into the life of a cybercriminal. View the full article

The flaw in the console component of the WebLogic Server, CVE-2020-14882, is under active attack, researchers warn. View the full article

The most-rewarded flaw is XSS, which is among those that are relatively cheap for organizations to identify. View the full article

While Microsoft patched the bug known as CVE-2020-0796 back in March, more than one 100,000 Windows systems are still vulnerable. View the full article

The Phosphorous APT has launched successful attacks against world leaders who are attending the Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia, Microsoft warns. View the full article

With the election just a week away, cybercriminals are ramping up mobile attacks on citizens under the guise of campaign communications. View the full article

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike. View the full article

Popular chat apps, including LINE, Slack, Twitter DMs and others, can also leak location data and share private info with third-party servers. View the full article

Veracode's Chris Eng discusses the cyber threats facing shoppers who are going online due to the pandemic and the imminent holiday season. View the full article

The flaw (CVE-2020-15157) is located in the container image-pulling process. View the full article

This post is originally published on Designmodo: Are Website Pop-ups Still a Relevant Lead Generation Tool? Did you know that the creator of the first website pop-up in 1997 — Ethan Zuckerman — has since apologized for introducing them to us? At the time, website pop-ups were a way for websites to keep content and ads … For more information please contact Designmodo View the full article

Cybercriminals have already reportedly posted the details of 300 Vastaamo patients - and are threatening to release the data of others unless a ransom is paid. View the full article

The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a swelling in IoT infections observed on wireless networks. View the full article

There are many areas of the election process that criminal hackers can target to influence election results. View the full article

Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more. View the full article

An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam. View the full article

Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams. View the full article

The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities. View the full article

The majority of the bugs in Cisco’s Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable denial of service (DoS) on affected devices. View the full article

Over half of Oracle's flaws in its quarterly patch update can be remotely exploitable without authentication; 65 are critical, and two have CVSS scores of 10 out of 10. View the full article

The memory-corruption vulnerability exists in the browser’s FreeType font rendering library. View the full article

The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month. View the full article

Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users. View the full article

A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched. View the full article

The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it. View the full article