Security News

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. "SoReL-20M", as it's called, is a dataset containing metadata, labels, and features for 20 million Windows Portable Executable files, including 10 million disarmed malware samples, with the goal of devising machine-learning approaches for better malware detection capabilities.

83% of the top U.S. retailers have connections to a vulnerable third-party asset, and 43% have vulnerabilities that pose an immediate cybersecurity risk, Cyberpion reveals. "This holiday season is a perfect storm for the retail industry given increased e-commerce activity due to COVID-19, and the heavy reliance of retailers on third party providers of tracking, behavior, analytics and advertising services," said Cyberpion CRO Ran Nahmias.

Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even perform a 'nuclear rage quit' and crash the Valve game server to end the game completely," Check Point Research's Eyal Itkin noted in an analysis published today.

Credit card stealer scripts are evolving and become increasingly harder to detect due to novel hiding tactics. This happened because scanners aren't commonly scanning CSS files for malicious code and anyone looking at the skimmer's trigger script reading a custom property from the CSS page wouldn't give it a second glance.

Their paper identifies "Digital thought clones," which act as digital twins that constantly collect personal data in real-time, and then predict and analyze the data to manipulate people's decisions. Activity from apps, social media accounts, gadgets, GPS tracking, online and offline behavior and activities, and public records are all used to formulate what they call a "Digital thought clone".

A payment card-skimming malware that hides inside social-media buttons is making the rounds, compromising online stores as the holiday shopping season gets underway. Once ensconced on the page, the malware behaves just like the widespread Magecart group of skimmers, with the code being parsed and run by a shopper's PC in order to harvest payment cards and any other information entered into a site's online fields, he added.

Online education giant K12 Inc. has paid a ransom after their systems were hit by Ryuk ransomware in the middle of November. K12 announced this week that they suffered a ransomware attack in mid-November that caused them to lock down some of their IT systems to prevent the attack's spread. "In mid-November, we detected unauthorized activity on our network, which has since been confirmed as a criminal attack in the form of ransomware. Upon identifying unusual system activity, we quickly initiated our response, taking steps to contain the threat and lock down impacted systems, notifying federal law enforcement authorities, and working with an industry-leading third-party forensics team to investigate and assist with the incident," K12 told BleepingComputer in a statement.

Online learning solutions provider K12 Inc., which recently announced changing its name to Stride Inc., said on Monday that it had decided to pay a ransom to cybercriminals who managed to breach its systems and deploy a piece of ransomware. The attackers deployed a piece of ransomware and accessed information stored on some corporate back-office systems.

A week after cybersecurity researchers disclosed a flaw in the popular GO SMS Pro messaging app, it appears the developers of the app are silently taking steps to fix the issue from behind the scenes. Although the behavior was observed on version 7.91 of GO SMS Pro for Android, the app makers have since released three subsequent updates, two of which were pushed to the Google Play Store after public disclosure of the flaw and Google's removal of the app from the marketplace.

Set of must-have online security tools that we believe may make a real difference to your cybersecurity program and improve your 2021 budget planning. In the meantime, we would like to acquaint you with an awesome set of free security tools that we believe may make a palpable difference for your cybersecurity program and 2021 budget planning.