The Hacker News-- The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new advisory on Monday about a wave of cyberattacks carried by Chinese nation-state actors targeting US government agencies and private entities. "CISA has observed Chinese [Ministry of State Security]-affiliated cyber threat actors operating from the People's Republic of China using commercially available … Continue reading CISA: Chinese Hackers Exploiting Unpatched Devices to Target U.S. Agencies

The Hacker News-- Cybersecurity researchers have discovered an entirely new kind of Linux malware dubbed "CDRThief" that targets voice over IP (VoIP) softswitches in an attempt to steal phone call metadata. "The primary goal of the malware is to exfiltrate various private data from a compromised softswitch, including call detail records (CDR)," ESET researchers said … Continue reading New Linux Malware Steals Call Details from VoIP Softswitch Systems

The Hacker News-- Bluetooth SIG—an organization that oversees the development of Bluetooth standards—today issued a statement informing users and vendors of a newly reported unpatched vulnerability that potentially affects hundreds of millions of devices worldwide. Discovered independently by two separate teams of academic researchers, the flaw resides in the Cross-Transport Key Derivation (CTKD) of devices … Continue reading New Unpatched Bluetooth Flaw Lets Hackers Easily Target Nearby Devices

The Hacker News-- Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars. Eterbase, which has now entered maintenance mode until the security issue is resolved, described itself as Europe's Premier Digital … Continue reading Hackers Stole $5.4 Million From Eterbase Cryptocurrency Exchange

The Hacker News-- IT help desks everywhere are having to adjust to the 'new normal' of supporting mainly remote workers. This is a major shift away from visiting desks across the office and helping ones with traditional IT support processes. Many reasons end-users may contact the helpdesk. However, password related issues are arguably the most … Continue reading A Successful Self-Service Password Reset (SSPR) Project Requires User Adoption

The Hacker News-- A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions. Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract … Continue reading New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

The Hacker News-- We have all heard of the "cybersecurity skills gap" — firms' inability to hire and retain high-level cybersecurity talent. I see this gap manifesting in two ways. First, companies that want to hire cybersecurity talent simply cannot find candidates with sufficient skills. Second, companies that cannot afford specialized cybersecurity talent and therefore … Continue reading Cynet Takes Cyber Threat Protection Automation to the Next Level with Incident Engine

The Hacker News-- A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious attacks, according to new research. "To our knowledge, this is the first time attackers have been caught using legitimate third party software to target cloud … Continue reading Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor

The Hacker News-- As part of this month's Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software. Of the 129 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, … Continue reading Microsoft Releases September 2020 Security Patches For 129 Flaws

The Hacker News-- Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan, and New Zealand. "The emails contain malicious attachments or links that the receiver is encouraged to download," New Zealand's Computer Emergency Response Team (CERT) said. "These links and … Continue reading Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks