Month: February 2021
Online Trackers Increasingly Switching to Invasive CNAME Cloaking Technique
24 February 2021With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. Called CNAME Cloaking, the practice of blurring the distinction between first-party and third-party cookies not only results in leaking sensitive private information without users’ […]
Read More
Experts Warns of Notable Increase in QuickBooks Data Files Theft Attacks
24 February 2021New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software. “A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software,” researchers from ThreatLocker said in […]
Read More
Everything You Need to Know About Evolving Threat of Ransomware
24 February 2021The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down. Falling victim to a ransomware attack can cause significant data loss, data breach, operational downtime, costly recovery, legal consequences, and […]
Read More
Data protection companies Arcserve and StorageCraft to merge
24 February 2021Visitors crowd a cloud computing presentation at the CeBIT technology trade fair on March 2, 2011 in Hanover, Germany. (Sean Gallup/Getty Images) Two data protection companies, Arcserve and StorageCraft, announced today they are merging into a single company. Arcserve and StorageCraft both sell a range of data management and protection services, including data backup, disaster […]
Read More
Critical RCE Flaws Affect VMware ESXi and vSphere Client — Patch Now
24 February 2021VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the […]
Read More
Experts Find a Way to Learn What You’re Typing During Video Calls
23 February 2021A new attack framework aims to infer keystrokes typed by a target user at the opposite end of a video conference call by simply leveraging the video feed to correlate observable body movements to the text being typed. The research was undertaken by Mohd Sabra, and Murtuza Jadliwala from the University of Texas at San […]
Read More
5 Security Lessons for Small Security Teams for the Post COVID19 Era
23 February 2021A full-time mass work from home (WFH) workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy was forced to become a 3-week sprint during which offices […]
Read More
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs
23 February 2021Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called “Shadow attacks” by academics from Ruhr-University Bochum, the technique uses the “enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant.” The […]
Read More
Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks
23 February 2021Cybersecurity researchers on Monday tied a string of attacks targeting Accellion File Transfer Appliance (FTA) servers over the past two months to data theft and extortion campaign orchestrated by a cybercrime group called UNC2546. The attacks, which began in mid-December 2020, involved exploiting multiple zero-day vulnerabilities in the legacy FTA software to install a new […]
Read More
Google Alerts used to launch fake Adobe Flash Player updater
22 February 2021Hackers have been using Google Alerts to promote a fraudulent Flash Player updater that installs other unwanted programs on their computers. (Originally appeared on Flickr by brionv/CC BY 2.0) Taking advantage of users who may not realize support for Adobe Flash Player expired on Dec. 31, hackers have been using Google Alerts to promote a […]
Read More