Let’s Encrypt root certificate may cause problems for older devices Let’s Encrypt is a non-profit and one of the largest issuers of HTTPS certificates, the backbone of encrypting traffic. However security researcher Scott Helme noticed that the IdentTrust DST Root…
Capoae malware brute-forces WordPress sites for cryptomining A recently discovered wave of malware attacks has been spotted using tactics that involve easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. The PHP malware…
Google expands app permissions reset The company introduced the “permissions auto-reset” feature in Android 11 last year. This causes apps that haven’t been used in a while to lose access to various device permissions for sensors, SMS messages, and contact…
Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill Shortly after Congress took action on a $1 trillion infrastructure bill, hackers posing as U.S. Transportation Department officials offered fake project bid opportunities to seduce companies…
This week’s Cyber Security Headlines – Week in Review, Sep 13-17, 2021, is hosted by Rich Stroffolino with our guest, Geoff Belknap, CISO, LinkedIn Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join…
New Windows security updates break network printing As part of its September Patch Tuesday released this week, Microsoft issued a fix for the last remaining PrintNightmare vulnerability tracked as CVE-2021-36958. This vulnerability is deemed critical as it is used by…
Travis CI security vulnerability is bad news for open source Travis CI is a continuous integration software-testing solution used by over 900,000 open-source projects and 600,000 users. Earlier this month, security researcher Felix Lange discovered a vulnerability that included secure…
Apple issues urgent updates to fix new zero-day linked to Pegasus spyware Apple released emergency security updates Monday after it was discovered that an Israeli cyber surveillance company’s spyware could infect iPhones and other devices without the owner even clicking…
SSID Stripping is a new take on spoofing Researchers at AirEye disclosed the newly discovered vulnerability, which impacts devices running Windows, macOS, Ubuntu, Android and iOS. The researchers showed how malicious actors could alter SSIDs to make them appear to…
Windows MSHTML zero-day exploits shared on hacking forums This event will allow other hackers to start exploiting the new vulnerability in their own attacks. Last Tuesday, Microsoft disclosed this new zero-day vulnerability that allows threat actors to create malicious documents,…
