SecurityWeek

A Russian national has been indicted in the United States for conspiring to recruit a Tesla employee to install malware onto the company’s network.

Warner Music Group last week started informing customers of its e-commerce websites that their personal information may have been compromised as a result of a data breach suffered by an external service provider.

A fearless campaigner for democratic openness? Or a criminal trying to avoid justice? WikiLeaks founder Julian Assange is a highly polarising figure.

A JavaScript skimmer identified earlier this year uses dynamic loading to avoid detection by static malware scanners, Visa warns.Referred to as Baka, the e-commerce skimmer was first discovered in February 2020, but has already impacted several merchant websites across numerous global regions.

The Army command dedicated to defending against hackers and other online threats celebrated its move into a new $366 million headquarters in Georgia on Thursday.

Facebook is giving third-party application developers three weeks to respond to vulnerability reports and three months to patch bugs before public disclosure. 

Apple said on Thursday it would give developers until next year to comply with a software change expected to stymie targeted advertising in iPhone and iPad apps.An update coming to Apple's iOS mobile software includes a requirement for apps to ask users' permission to collect and share device-identifying data used to make ads more relevant.

A Colorado man was sentenced this week to eleven years in prison for his role as a moderator on the AlphaBay cybercrime marketplace.

Post-mortem analysis of data breaches shows that most of today’s cyber-attacks are front ended by phishing campaigns. The most recent CryptoForHealth Twitter Hacker is just one of many examples. This is not surprising, since the easiest way for a threat actor to gain access to sensitive data is by compromising an end user’s identity and credentials.

The highly popular WordPress plugin File Manager this week received a patch to address an actively exploited zero-day vulnerability. 

A Chinese threat actor was observed targeting both European diplomatic entities and the Tibetan community with the same strain of malware.

Google this week increased the reward amounts paid to researchers for reporting abuse risk as part of its bug bounty program. 

A new Malicious Domain Blocking and Reporting (MDBR) service will help organizations improve security by preventing IT systems from connecting to malicious domains. 

Recent attacks targeting QNAP Network Attached Storage (NAS) devices were attempting to exploit a vulnerability that was addressed in July 2017, 360 Netlab security researchers say. 

A recently identified adware campaign targeting macOS users is leveraging malicious code that has received Apple’s approval. 

Lack of Clarity in the Threat Intelligence Space is Causing Confusion

Cisco has warned that hackers are targeting not one, but two unpatched vulnerabilities in the DVMRP feature of IOS XR software that runs on many carrier-grade routers. 

Facebook on Tuesday said that it caught a budding Russia-linked campaign to fuel political chaos in the US, working off a tip from the FBI in its latest take-down of coordinated inauthentic behavior at the leading social network.

Norway's parliament said Tuesday it had been the target of a "vast" cyber attack that enabled hackers to access the emails of some lawmakers. The hackers' identities were not immediately known.