Month: January 2021

The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.

Fuji Electric’s Tellus Lite V-Simulator and V-Server Lite can allow attackers to take advantage of operational technology (OT)-IT convergence on factory floors, at utility plants and more.

Apple has made structural improvements in iOS 14 to block message-based, zero-click exploits.

A phishing kit has been found running on at least 700 domains – and mimicking services via false SharePoint, OneDrive and Office 365 login portals.

A growing number of cybersecurity vendors like CrowdStrike, Fidelis, FireEye, Malwarebytes, Palo Alto Networks and Qualys are confirming being targeted in the espionage attack.

The Pro-Ocean cryptojacking malware now comes with the ability to spread like a worm, as well as harboring new detection-evasion tactics.

Original release date: January 28, 2021

January 28 is Data Privacy Day (DPD), an annual effort promoting data privacy awareness and education. This year’s DPD events, sponsored by the National Cyber Security Alliance (NCSA), focus on how to Own Your Privacy.

The NCSA teaches users how to protect valuable data online, while encouraging businesses to Respect Privacy by protecting data they collect. CISA encourages users and businesses to visit NCSA’s website to learn more, including several calls to action:

For Individuals: Own Your Privacy

• Personal info is like money. Your purchase history, IP address, or location has tremendous value. Make informed decisions about whether or not to share such data with certain businesses.
• Keep tabs on your apps. Delete unused ones and keep others secure by performing updates.
• Manage your privacy and security settings. Continuously check them to limit what information you share.

For Businesses: Respect Privacy

• If you collect it, protect it. Make sure any personal data you collect is processed in a fair manner and is only collected for relevant and legitimate purposes.
• Consider adopting a privacy framework to manage risk and secure privacy within your organization.
• Asses data collection practices by evaluating which privacy regulations apply to your organization. 
• Transparency builds trust. Be honest with customers about how you collect, use, and share their personal information.
• Maintain oversight of partners and vendors. You are responsible for anyone collecting and using your consumers’ personal information.

A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren’t connected to the internet.

Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo.

Researchers publicly disclosed flaws in ADT’s LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more.