The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the final version of its IPv6 security guidance for federal agencies.
CISA Releases Final IPv6 Security Guidance for Federal Agencies
Prolific Chinese APT Caught Using ‘MoonBounce’ UEFI Firmware Implant
Threat hunters at Kaspersky have spotted a well-known Chinese APT actor using an UEFI implant to maintain stealthy persistence across reboots, disk formatting or disk replacements.
Data of 7 Million OpenSubtitles Users Leaked After Hack Despite Site Paying Ransom
OpenSubtitles Hack Shows Why Paying Ransom Offers No Guarantees
Popular subtitles website OpenSubtitles on Tuesday admitted that its systems had been hacked after the details of nearly seven million user accounts were leaked, despite the site allegedly paying a ransom to avoid this situation.
Red Cross Appeals to Hackers After Major Cyberattack
The International Committee of the Red Cross on Thursday made an appeal to hackers who seized a trove of private data, saying they were willing to speak “directly and confidentially” to those behind the cyberattack.
NSA Authorized to Issue Binding Operational Directives to Boost NSS Cybersecurity
Kaspersky Launches New Service for Removing Malicious Domains
Cybersecurity solutions provider Kaspersky this week announced the launch of a new service to help organizations take action against malicious websites.
With the new Takedown Service, organizations essentially delegate Kaspersky to manage the process of eliminating phishing and other malicious domains that may target their brands.
Red Cross Falls Victim to Massive Cyberattack
The International Committee of the Red Cross was the victim of a massive cyberattack in which hackers seized the data of more than 515,000 extremely vulnerable people, some of whom had fled conflicts, it said on Wednesday.
Project Zero: Zoom Platform Missed ASLR Exploit Mitigation
A prominent security researcher poking around at the Zoom video conferencing platform found worrying signs the company failed to enable a decades-old anti-exploit mitigation, a blunder that greatly increased exposure to malicious hacker attacks.
Multi-Factor Authentication Bypass Led to Box Account Takeover
A vulnerability in Box’s implementation of multi-factor authentication (MFA) allowed attackers to take over victim’s accounts without having access to the victim’s phone, according to new research from Varonis.
Accellion Reaches $8.1 Million Settlement Over FTA Data Breach
Enterprise content firewall provider Accellion has reached an $8.1 million settlement to end a lawsuit over a data breach involving its legacy file sharing service FTA, Reuters reports.
