Security News

Augmented Reality (AR) technologies will provide new opportunities for attackers to compromise the privacy and safety of their victims.

Critical and high-severity vulnerabilities discovered by researchers in F5 Networks' BIG-IP application delivery controller allow a remote attacker to take complete control of the targeted system. The vulnerabilities were identified by researchers at cybersecurity firm Positive Technologies, which disclosed its findings this week after the vendor released advisories and announced the availability of patches.

Forty-one percent of organizations believe usernames and passwords are one of the most effective access management tools-even though most hacking-related breaches are a result of weak, stolen, or reused user credentials, according to a new report. Although stronger IT security and data protection are increasingly important, the Thales 2020 Access Management Index report finds that 94% of global IT professionals believe data breaches in the past year have been the biggest influence over their organization's security policies and access management.

BEC campaigns represent a relatively small percentage of all email attacks yet pose the greatest financial risk, says Abnormal Security. One less common but potentially more dangerous attack type is the Business Email Compromise.

The recent attack which saw Norway's state-owned investment fund, Norfund, lose an eye-watering USD 10 million was down to a simple but devastatingly effective tactic used by cybercriminals: a spoofed email address. These attacks, known as business email compromise work because they prey on human nature, the innate psychological traits shared by everyone.

The Business Email Compromise is a popular type of attack among cybercriminals as it targets businesses and individuals in an attempt to receive money transferred into fraudulent accounts. In another method, the attackers use phishing, credential theft, or other means to gain control of the email accounts of the people they want to impersonate.

Facebook today announced new features for Messenger that will alert you when messages appear to come from financial scammers or potential child abusers, displaying warnings in the Messenger app that provide tips and suggest you block the offenders. The feature, which Facebook started rolling out on Android in March and is now bringing to iOS, uses machine learning analysis of communications across Facebook Messenger's billion-plus users to identify shady behaviors.

Cisco said attackers have been able to compromise its servers after exploiting two known, critical SaltStack vulnerabilities. Hackers were able to successfully exploit the flaws incorporated in the latter product, resulting in the compromise of six VIRL-PE backend servers, according to Cisco.

BEC attacks are targeted at businesses that do a lot of invoicing or wire transfers, with the goal of scamming them using social engineering into sending money to attackers. BEC attacks can use malware to gain access to computers used by invoice approvers and other financial decision-makers and use their credentials to wire themselves money, as well as harvest other kinds of personal information for use in other scams.

A high-severity cross-site request forgery vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site. In April a pair of security vulnerabilities in the WordPress search engine optimization plugin known as Rank Math, were found.