Security News > 2021 > September

Latvian network equipment manufacturer MikroTik has shared details on customers can secure and clean routers enslaved by the massive Mēris DDoS botnet over the summer. "As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched," a MicroTik spokesperson told BleepingComputer.

Oh! No! A touchpad user turns right into left, and vice versa. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

The Grief ransomware gang is threatening to delete victim's decryption keys if they hire a negotiation firm, making it impossible to recover encrypted files. Last week, BleepingComputer first reported that the Ragnar Locker ransomware gang threatened to automatically publish a victim's stolen data if they contacted law enforcement or negotiation firms.

Microsoft says a OneDrive issue prevents some Android users from uploading photos and videos from their camera roll to the cloud. OneDrive Android customers impacted by this problem are seeing "Camera upload is paused. To activate camera upload, give OneDrive permission to access your photos and media." errors.

It’s the eyes: The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities. They also note that it would...

Kali Linux 2021.3 was released yesterday by Offensive Security and includes a new set of tools, improved virtualization support, and a new OpenSSL configuration that increases the attack surface. Kali Linux is a Linux distribution designed for cybersecurity professionals and ethical hackers to perform penetration testing and security audits.

Use a weak or familiar password for each account and you open yourself up to hacks and data theft. Almost a third of people researched by Microsoft revealed that they stopped using an account or service rather than deal with a lost or forgotten password, according to Vasu Jakkal, Microsoft corporate VP for security, compliance and identity, and author of the blog post.

The company first allowed commercial customers to rollout passwordless authentication in their environments in March after a breakthrough year in 2020 when Microsoft reported that over 150 million users were logging into their Azure Active Directory and Microsoft accounts without using a password.Instead, they can choose between the Microsoft Authenticator app, Windows Hello, a security key, or phone/email verification codes to log into Microsoft Edge or Microsoft 365 apps and services.

A report released Tuesday by cybersecurity firm Imperva Research Labs examines why databases are vulnerable and offers advice on how to better protect your data from falling into the wrong hands. Based on analysis covering 27,000 on-premises databases around the world, Imperva found that one out of every two databases contains as least one vulnerability.

Since the onset of COVID-19, online learning has been transformed into a standard part of the school day for students and teachers around the globe. While virtual learning may help schools safely continue operations during the coronavirus pandemic, the framework does pose new cybersecurity risks as students and teachers log into the virtual classroom.