Security News

The vulnerability - which enables attackers to inject client-side scripts into web pages viewed by other users - earned hackers $4.2 million in total bug-bounty awards in the last year, a 26-percent increase from what was paid out in 2019 for finding XSS flaws, according to the report. In total, organizations paid ethical hackers $23.5 million in bug bounties for all of these flaws this year, according to HackerOne, which maintains a database of 200,000 vulnerabilities found by hackers.

India reported twice as many cyberattacks per day, where most of the cyberattacks comprise phishing, DDoS, video conferencing, exploiting weak services, and malware. Though malware hit fewer numbers, it remains a more critical issue in India - reports almost 2x times Malware issues than the global average.

Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims' computer resources to mine the Monero virtual currency. Researchers warn that Lemon Duck is "One of the more complex" mining botnets, with several interesting tricks up its sleeve.

Cybercriminals are tapping into Amazon's annual discount shopping campaign for subscribers, Prime Day, with researchers warning of a recent spike in phishing and malicious websites that are fraudulently using the Amazon brand. There has been a spike in the number of new monthly phishing and fraudulent sites created using the Amazon brand since August, the most significant since the COVID-19 pandemic forced people indoors in March, according to a Thursday report from Bolster Research.

As the UK heads into a troubling second wave of coronavirus cases, those in contact with thousands of people who just tested positive for COVID-19 in England went about their lives for up to a week unaware they had rubbed shoulders with a carrier. The under-reporting was widely reported to be down to the use of Microsoft's Excel spreadsheet program in transferring test results from labs to the health service to total up.

GCHQ offshoot the National Cyber Security Centre has warned Further and Higher Education institutions in the UK to be on their guard against ransomware attacks as the new academic year gets under way. NCSC sent advice to places of learning "Containing a number of steps they can take to keep cyber criminals out of their networks, following a recent spike in ransomware attacks," it said in an advisory note published this morning.

The COVID-19 pandemic continues to shape the face of cybercrime in 2020, with ransomware and attacks on internet of things devices seeing sharp increases in the U.S. for the first half of the year. According to SonicWall's 2020 Cyber Threat Report ransomware attacks are up, particularly in the U.S., where they have more than doubled year-over-year.

Adoption of the email security protocol DMARC has continued to tick upwards, with the number of domains deploying DMARC records surpassing 1 million in the last two years - a 2.5 times greater total than in 2018. According to Tessian, out of the 60 percent of universities that do have DMARC in place, the DMARC policies have not been set up to quarantine or outright reject any emails from unauthorized senders using its domains.

Bad actors matched their cyber attack strategy with the increasing uncertainty of the coronavirus epidemic, according to a new analysis from Mimecast. Over the 14 weeks that Mimecast analyzed, detections increased during seven weeks, decreased during five weeks, and showed no change during two weeks.

Riddle: What do you get when you cross the COVID-19 quarantine with bored kids, heart-melting online ads for floppy-eared spaniel puppies, and online ordering? The Better Business Bureau last week raised the alarm on what it says is a spike in online puppy scams it's seeing now that the pandemic has so many people stuck at home, wistfully imagining that it's the perfect time to train and bond with a little fluff ball.