The Hacker News
Most trusted, widely-read independent cybersecurity news source for everyone; supported by hackers and IT professionals.
- High-Severity Vulnerability in 3 WordPress Plugins Affected 84,000 Websitesby noreply@blogger.com (Ravie Lakshmanan) on January 17, 2022 at 5:18 am
Researchers have disclosed a security shortcoming affecting three different WordPress plugins that impact over 84,000 websites and could be abused by a malicious actor to take over vulnerable sites. “This flaw made it possible for an attacker to update arbitrary site options on a vulnerable site, provided they could trick a site’s administrator into performing an action, such as clicking on a
- Ukrainian Government Officially Accuses Russia of Recent Cyberattacksby noreply@blogger.com (Ravie Lakshmanan) on January 17, 2022 at 4:29 am
The government of Ukraine on Sunday formally accused Russia of masterminding the attacks that targeted websites of public institutions and government agencies this past week. “All the evidence points to the fact that Russia is behind the cyber attack,” the Ministry of Digital Transformation said in a statement. “Moscow continues to wage a hybrid war and is actively building forces in the
- A New Destructive Malware Targeting Ukrainian Government and Business Entitiesby noreply@blogger.com (Ravie Lakshmanan) on January 17, 2022 at 3:34 am
Cybersecurity teams from Microsoft on Saturday disclosed they identified evidence of a new destructive malware operation dubbed “WhisperGate” targeting government, non-profit, and information technology entities in Ukraine amid brewing geopolitical tensions between the country and Russia. “The malware is disguised as ransomware but, if activated by the attacker, would render the infected
- New Unpatched Apple Safari Browser Bug Allows Cross-Site User Trackingby noreply@blogger.com (Ravie Lakshmanan) on January 17, 2022 at 3:34 am
A software bug introduced in Apple Safari 15’s implementation of the IndexedDB API could be abused by a malicious website to track users’ online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software company FingerprintJS, which reported the issue to the iPhone maker on November 28, 2021. IndexedDB
- First Patch Tuesday of 2022 Brings Fix for a Critical ‘Wormable’ Windows Vulnerabilityby noreply@blogger.com (Ravie Lakshmanan) on January 16, 2022 at 8:40 am
Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical “wormable” vulnerability. Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known at the time of the release. This is in
Security Magazine
Security magazine provides security industry news and trends on video surveillance, cyber security, physical security, security guards, access management and more for security executives and the security industry.
- 10 cognitive biases that can derail cybersecurity programson January 17, 2022 at 5:02 am
Most security breaches aren’t a consequence of inadequate security controls but are a direct result of human failure. So why do humans make mistakes? What triggers our behavior, and why are we so susceptible to manipulation? Understanding these triggers will greatly help organizations change their approach to information security.
- Firewall hardening – A critical business needon January 17, 2022 at 5:01 am
Enterprises globally must harden existing firewall configurations; this is a non-negotiable activity. Over time firewall configurations experience a “drift” between what the business requires and what’s become obsolete.
- Even the most experienced cyber professionals agree: We can’t prevent all breacheson January 17, 2022 at 5:00 am
Instead of focusing on preventing breaches, cybersecurity professionals should focus on improving security hygiene and resilience. More important than building up walls, organizations should prioritize minimizing costs, downtime and disruption in the case of an eventual cyberattack.
- 3 Texas public safety resources maintaining school securityon January 14, 2022 at 5:42 pm
The Texas Department of Public Safety has provided three resources to school communities to prevent potential violence, including tip reporting software called iWatchTexas, an alert system and school safety education.
- 7 trends that will impact the security and identity industry in 2022on January 14, 2022 at 5:30 pm
Supply chain shortages, a focus on sustainability and a changing workforce to reshape technologies — what are seven trends that will impact the physical security industry in 2022?
Threatpost
The first stop for security news.
- Top Illicit Carding Marketplace UniCC Abruptly Shuts Down by Becky Bracken on January 14, 2022 at 5:31 pm
UniCC controlled 30 percent of the stolen payment-card data market; leaving analysts eyeing what’s next.
- Real Big Phish: Mobile Phishing & Managing User Fallibilityby Daniel Spicer on January 14, 2022 at 4:43 pm
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.
- Critical Cisco Contact Center Bug Threatens Customer-Service Havocby Tara Seals on January 14, 2022 at 4:37 pm
Attackers could access and modify agent resources, telephone queues and other customer-service systems – and access personal information on companies’ customers.
- ‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sitesby Lisa Vaas on January 14, 2022 at 4:06 pm
As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be afraid” was scrawled on the Foreign Ministry site.
- Russian Security Takes Down REvil Ransomware Gangby Tara Seals on January 14, 2022 at 2:45 pm
The country’s FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil’s infrastructure.
Security Weekly
Connecting the Security Industry with the Security Community
- Ransomware Damage Claims Driving Insurance Hikesby Deb Radcliff on January 12, 2022 at 11:12 pm
The costs of cyber insurance policies are rising exponentially while underwriters are tightening the rules around who qualifies for cyber insurance, and at the same time, insurer capacity is constricting dramatically. The numbers are all over the place, but the latest statistics from the Council of Insurance Agents and Brokers reported a 25.5% increase in The post Ransomware Damage Claims Driving Insurance Hikes appeared first on Security Weekly.
- Decrypt As If Your Security Depends on Itby Bill Brenner on November 2, 2021 at 5:35 pm
Encryption has reached near-full adoption by internal teams hoping to implement stronger security and privacy practices. Simultaneously, attackers are using the same mechanisms to hide their malicious activity from the defender’s line of sight. According to the Ponemon Institute’s 2021 Global Encryption Trends Study, 50% of organizations have an encryption plan consistently applied across their The post Decrypt As If Your Security Depends on It appeared first on Security Weekly.
- DevSecOps Scanning Challenges & Tipsby Bill Brenner on October 26, 2021 at 3:57 pm
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed The post DevSecOps Scanning Challenges & Tips appeared first on Security Weekly.
- It Should Be ‘Cybersecurity Culture Month’by Bill Brenner on October 19, 2021 at 4:41 pm
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program The post It Should Be ‘Cybersecurity Culture Month’ appeared first on Security Weekly.
- The Power of Developer-First Securityby Bill Brenner on October 11, 2021 at 5:26 pm
Developers want to write good code. Secure code. Tools that optimize developer workflows for handling security issues can take a large burden off security practitioners and make triaging, understanding, prioritizing, and resolving vulnerabilities much easier and faster for the developer. That’s what DevSecOps is all about. One company that has developed such tools is GitLab. The post The Power of Developer-First Security appeared first on Security Weekly.