• 2FA bypass in cPanel potentially exposes tens of millions of websites to hack
    by Pierluigi Paganini on November 24, 2020 at 11:17 pm

    2FA bypass discovered in web hosting software cPanel More than 70 million sites are managed via cPanel software, according to the company. Researchers discovered a major issue in cPanel that could be exploited by attackers to bypass two-factor authentication for cPanel accounts. Security researchers from Digital Defense have discovered a major security issue in cPanel, a popular The post 2FA bypass in cPanel potentially exposes tens of millions of websites to hack appeared first on Security Affairs.

  • Baidu Android apps removed from Play Store because caught collecting user details
    by Pierluigi Paganini on November 24, 2020 at 9:21 pm

    Two Baidu Android apps have been removed from the Google Play Store in October after they’ve been caught collecting sensitive user details. Two apps belonging to Chinese tech giant Baidu, Baidu Maps and Baidu Search Box, have been removed from the Google Play Store at the end of October after they’ve been caught collecting sensitive The post Baidu Android apps removed from Play Store because caught collecting user details appeared first on Security Affairs.

  • US Proposes Funding to Clear Risk Assessment Backlog
    on November 24, 2020 at 7:45 pm

    CISA could get $58m to bring state and local authority cybersecurity checks up to date

  • Cyber-attacks Reported on Three US Healthcare Providers
    on November 24, 2020 at 6:56 pm

    New York hospital, Florida urgent care center, and Georgia dentist hit by cyber-criminals

  • A new Stantinko Bot masqueraded as httpd targeting Linux servers
    by Pierluigi Paganini on November 24, 2020 at 5:56 pm

    Researchers spotted a new variant of an adware and coin-miner botnet operated by Stantinko threat actors that now targets Linux servers. Researchers from Intezer have spotted a new variant of an adware and coin-miner botnet that is operated by Stantinko threat actors since 2012. The Stantinko botnet was first spotted by ESET in 2017, at the The post A new Stantinko Bot masqueraded as httpd targeting Linux servers appeared first on Security Affairs.

  • Bill Proposes Stricter Security for UK Telecom Companies
    on November 24, 2020 at 4:31 pm

    UK lawmakers propose new law to block high-risk telecommunications equipment suppliers

  • TrickBot operators continue to update their malware to increase resilience to takedown
    by Pierluigi Paganini on November 24, 2020 at 4:20 pm

    Following the recent takedown, the TrickBot operators have implemented various improvements to make it more resilient. In October, Microsoft’s Defender team, FS-ISAC, ESET, Lumen’s Black Lotus Labs, NTT, and Broadcom’s cyber-security division Symantec joined the forces and announced a coordinated effort to take down the command and control infrastructure of the infamous TrickBot botnet. Even if Microsoft and its partners have brought down the TrickBot The post TrickBot operators continue to update their malware to increase resilience to takedown appeared first on Security Affairs.

  • Organizations Should Use Psychology to Promote Secure Behavior Among Staff
    on November 24, 2020 at 3:30 pm

    ISF digest sets out how orgs can positively influence staff behavior

  • Apple’s Head of Global Security Facing Bribery Charges
    on November 24, 2020 at 1:01 pm

    Thomas Moyer is accused of offering $70,000 worth of iPads to police officers

  • Microsoft fixes Kerberos Authentication issues with an out-of-band Update
    by Pierluigi Paganini on November 24, 2020 at 12:27 pm

    Microsoft released an out-of-band update for Windows to address authentication flaws related to a recently patched Kerberos vulnerability. Microsoft released an out-of-band update to address authentication issues in Windows related to a recently patched Kerberos vulnerability tracked as CVE-2020-17049. “An out-of-band optional update is now available on the Microsoft Update Catalog to address a known The post Microsoft fixes Kerberos Authentication issues with an out-of-band Update appeared first on Security Affairs.