Security News

The US National Security Agency and its Australian counterpart the Australian Signals Directorate have published a set of guidelines to help companies avoid a common kind of attack: web shell exploits. A web shell is a malicious program, often written in a scripting language like PHP or Java Server Pages, that gives an attacker remote access to a system and lets them execute functions on a victim's web server.

If you've had that kind of dangerous misinformation coughed up at you on the platform and have liked, reacted or commented on it, expect to start seeing messages in your newsfeed alerting you and letting you know that Facebook has since removed the effluvium. On Thursday, Guy Rosen, VP of Integrity, said in a post that the messages will be shown to those who've interacted with misinformation that Facebook went on to remove.

As American crude oil crashed on Monday, leading to the bizarre situation of a negative futures contract price, our attention was drawn to a spear-phishing campaign against organizations involved in global oil production. A second, much smaller spear-phishing operation, impersonated a Philippines-based shipping company, targeted oil and gas companies in that country.

The latest company to fall victim to a ransomware attack is Cognizant, a large US IT services company which admitted at the weekend that it had fallen victim to Maze. Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack.

Know anything about North Korean hackers and their activities in cyberspace, past or ongoing? North Korean cyber actors are allegedly behind extortion campaigns, including both ransomware and mobster-like protection rackets.

New research from Atlas VPN has shown that the United States experienced more than 175,000 DDoS attacks in the month of March, more than double the number faced by the next highest country and four times as many as China. According to data gathered and analyzed by Atlas VPN researchers, South Korea and Brazil both suffered from more than 50,000 DDoS attacks while China came in just ahead of the United Kingdom with about 45,000 attacks.

Successful COVID-19-themed fraud attempts perpetrated in the US, since the beginning of the year resulted in a little over $13 million losses, the Federal Trade Commission has shared. Despite repeated alerts from a variety of sources - the FBI, the FTC, the FCC - US citizens continue to fall for COVID-19-themed scams.

The US government's Computer Emergency Response Team has posted a new report on the latest exploits of North Korea's Hidden Cobra hacking crews. The updated advisory details how the hacking groups believed to operate on behalf of the isolated government, have carried out various hacking operations in recent years in an effort to drum up cash for the sanctions-hit regime.

Fraud related to the coronavirus has cost Americans $13m and so far counting, according to the US government. While authorities have been warning for weeks of various scams and fraud operations based on the coronavirus pandemic, the FTC's report is one of the few to put a dollar amount on the damage being done by criminals.

Love it or hate it, there’s no denying we all need it Reader survey Network security: love it or hate it, there’s no denying we all need it.…