Threat Post Today: Cybersecurity Update

Some Apple apps on macOS Big Sur pose a security risk.

Views expressed in this cybersecurity update are those of the reporters and correspondents.

Content provided by "Threatpost.com."

For the latest BBC World News video, please go here:

https://www.bbc.com/news/av/10462520/one-minute-world-news

Accessed on 18 November 2020, 0346 UTC, Post 736.

Source:   https://threatpost.com/

Please click link or scroll down to read your selections.

Thanks for joining us today.

Until next time,

Russ Roberts

https://www.hawaiigeopoliticalnews.com

https://hawaiiintelligencedaily.com

FEATURED NEWS

Some Apple Apps on macOS Big Sur Bypass Content Filters, VPNs

Attackers can exploit the feature and send people’s data directly to remote servers, posing a privacy and security risk, researchers said.

by Elizabeth Montalbano

November 17, 2020

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

Bumble fumble: An API bug exposed personal information of users like political leanings, astrological signs, education, and even height and weight, and their distance away in miles.

by Becky Bracken

November 16, 2020

Zoom Takes on Zoom-Bombers Following FTC Settlement

The videoconferencing giant has upped the ante on cybersecurity with three fresh disruption controls.

by Tara Seals

November 17, 2020

Cisco Patches Critical Flaw After PoC Exploit Code Release

A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers.

by Lindsey O'Donnell

November 17, 2020

RELATED CONTENT

Brought to you by

• Webinars
• Podcasts
• Videos

• 

  Free Live Webinar

  2020 Healthcare Cybersecurity Priorities: Data Security, Ransomware and Patching

• 

  Free Webinar

  Retail Security: Magecart and the Rise of e-Commerce Threats

• 

  Free Webinar

  Taming the Unmanaged and IoT Device Tsunami

• 

  Free Webinar

  A Practical Guide to Securing the Cloud in Times of Crisis

Subscribe to our newsletter, Threatpost Today!

 

Get the latest breaking news delivered daily to your inbox.

Subscribe now

LATEST NEWS

Multiple Industrial Control System Vendors Warn of Critical Bugs

by Tom Spring

November 17, 2020

Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity.

Defining Security Policies to Manage Remote Insider Threats

InfoSec Insider

November 17, 2020

This is the time to define the new normal; having well-defined policies in place will help businesses maintain its security posture while bolstering the security of the ever-increasing work-from-home population.

ThreatList: Pharma Mobile Phishing Attacks Turn to Malware

by Lindsey O'Donnell

November 17, 2020

After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.

COVID-19 Antigen Firm Hit by Malware Attack

by Becky Bracken

November 17, 2020

Global biotech firm Miltenyi, which supplies key components necessary for COVID-19 treatment research, has been battling a malware attack.

Attackers Target Porn Site Goers in ‘Malsmoke’ Zloader Attack

by Lindsey O'Donnell

November 16, 2020

A fake Java update found on various porn sites actually downloads the well-known Zloader malware.

MOST POPULAR

• 

  2 More Google Chrome Zero-Days Under Active Exploitation

  November 12, 2020

• 

  Digging into the Dark Web: How Security Researchers Learn to Think Like the Bad Guys

  November 12, 2020

   3

• 

  High-Severity Cisco DoS Flaw Can Immobilize ASR Routers

  November 11, 2020

• 

  Microsoft Patch Tuesday Update Fixes 17 Critical Bugs

  November 10, 2020

• 

  Silver Peak SD-WAN Bugs Allow for Network Takeover

  November 11, 2020

NEWSMAKER INTERVIEWS

• 

  From Triton to Stuxnet: Preparing for OT Incident Response

  November 12, 2020

• 

  How the Pandemic is Reshaping the Bug-Bounty Landscape

  October 28, 2020

• 

  305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

  October 2, 2020

• 

  A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return

  August 5, 2020

• 

  Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes

  August 3, 2020

MOST RECENT THREATLISTS

• 

  ThreatList: Pharma Mobile Phishing Attacks Turn to Malware

  November 17, 2020

• 

  Cybercrime Moves to the Cloud to Accelerate Attacks Amid Data Glut

  November 16, 2020

• 

  APT Groups Finding Success with Mix of Old and New Tools

  November 3, 2020

• 

  Survey: Cybersecurity Skills Shortage is ‘Bad,’ But There’s Hope

  November 2, 2020

   3

• 

  Bug-Bounty Awards Spike 26% in 2020

  October 29, 2020

PODCASTSView all 

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he’s faced, reporting CVEs since 1994.

October 2, 2020

Critical Industrial Flaws Pose Patching Headache For Manufacturers

When it comes to patching critical flaws, industrial firms face various challenges – with some needing to shut down entire factories in order to apply updates.

September 23, 2020

Vulnerability Disclosure: Ethical Hackers Seek Best Practices

Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.

September 4, 2020

 1

Botnet Attackers Turn to Vulnerable IoT Devices

Cybercriminals are leveraging the multitudes of vulnerable connected devices with botnets that launch dangerous distributed denial-of-service (DDoS) attacks.

Sponsored Content

November 13, 2020

From Triton to Stuxnet: Preparing for OT Incident Response

Lesley Carhart, with Dragos, gives Threatpost a behind-the-scenes look at how industrial companies are faring during the COVID-19 pandemic – and how they can prepare for future threats.

November 12, 2020

Halloween News Wrap: The Election, Hospital Deaths and Other Scary Cyberattack Stories

Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry — including bugs that just won’t die.

October 30, 2020

Holiday Shopping Craze, COVID-19 Spur Retail Security Storm

Veracode’s Chris Eng discusses the cyber threats facing shoppers who are going online due to the pandemic and the imminent holiday season.

October 27, 2020

Phishing Lures Shift from COVID-19 to Job Opportunities

Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.

Sponsored Content

October 16, 2020

News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More

From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week.

October 16, 2020

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he’s faced, reporting CVEs since 1994.

October 2, 2020

Critical Industrial Flaws Pose Patching Headache For Manufacturers

When it comes to patching critical flaws, industrial firms face various challenges – with some needing to shut down entire factories in order to apply updates.

September 23, 2020

Vulnerability Disclosure: Ethical Hackers Seek Best Practices

Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.

September 4, 2020

 1

Botnet Attackers Turn to Vulnerable IoT Devices

Cybercriminals are leveraging the multitudes of vulnerable connected devices with botnets that launch dangerous distributed denial-of-service (DDoS) attacks.

Sponsored Content

November 13, 2020

From Triton to Stuxnet: Preparing for OT Incident Response

Lesley Carhart, with Dragos, gives Threatpost a behind-the-scenes look at how industrial companies are faring during the COVID-19 pandemic – and how they can prepare for future threats.

November 12, 2020

Halloween News Wrap: The Election, Hospital Deaths and Other Scary Cyberattack Stories

Threatpost breaks down the scariest stories of the week ended Oct. 30 haunting the security industry — including bugs that just won’t die.

October 30, 2020

Holiday Shopping Craze, COVID-19 Spur Retail Security Storm

Veracode’s Chris Eng discusses the cyber threats facing shoppers who are going online due to the pandemic and the imminent holiday season.

October 27, 2020

Phishing Lures Shift from COVID-19 to Job Opportunities

Fortinet researchers are seeing a pivot in the spear-phishing and phishing lures used by cybercriminals, to entice potential job candidates as businesses open up.

Sponsored Content

October 16, 2020

News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More

From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week.

October 16, 2020

305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer

Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he’s faced, reporting CVEs since 1994.

October 2, 2020

Critical Industrial Flaws Pose Patching Headache For Manufacturers

When it comes to patching critical flaws, industrial firms face various challenges – with some needing to shut down entire factories in order to apply updates.

September 23, 2020

Vulnerability Disclosure: Ethical Hackers Seek Best Practices

Cybersecurity researchers Brian Gorenc and Dustin Childs talk about the biggest vulnerability disclosure challenges in IoT and the industrial vertical.

September 4, 2020

 1

VIDEOSView all 

Chris Vickery: AI Will Drive Tomorrow’s Data Breaches

Chris Vickery talks about his craziest data breach discoveries and why “vishing” is the next top threat no one’s ready for.

July 21, 2020

 2

The Enemy Within: How Insider Threats Are Changing

Insider-threat security experts unravel the new normal during this time of remote working, and explain how to protect sensitive data from this escalating risk.

July 13, 2020

BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

BEC gangs like “Exaggerated Lion” are using tricky tactics – like exploiting G Suite – to scam companies out of millions.

May 14, 2020

 2

How the Pandemic is Reshaping the Bug-Bounty Landscape

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.

October 28, 2020

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.

October 28, 2020

Cybercriminals Step Up Their Game Ahead of U.S. Elections

Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.

October 21, 2020

A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return

During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet’s recent return -and how a cyber vigilante is attempting to thwart the malware’s comeback.

August 5, 2020

Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes

With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com – and why they are the “holy grail” for attackers.

August 3, 2020

Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills

The U.S. government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement.

July 27, 2020

 2

Chris Vickery: AI Will Drive Tomorrow’s Data Breaches

Chris Vickery talks about his craziest data breach discoveries and why “vishing” is the next top threat no one’s ready for.

July 21, 2020

 2

The Enemy Within: How Insider Threats Are Changing

Insider-threat security experts unravel the new normal during this time of remote working, and explain how to protect sensitive data from this escalating risk.

July 13, 2020

BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

BEC gangs like “Exaggerated Lion” are using tricky tactics – like exploiting G Suite – to scam companies out of millions.

May 14, 2020

 2

How the Pandemic is Reshaping the Bug-Bounty Landscape

Bugcrowd Founder Casey Ellis talks about COVID-19’s impact on bug bounty hunters, bug bounty program adoption and more.

October 28, 2020

Experts Weigh in on E-Commerce Security Amid Snowballing Threats

How a retail sector reeling from COVID-19 can lock down their online systems to prevent fraud during the upcoming holiday shopping spike.

October 28, 2020

Cybercriminals Step Up Their Game Ahead of U.S. Elections

Ahead of the November U.S. elections, cybercriminals are stepping up their offensive in both attacks against security infrastructure and disinformation campaigns – but this time, social media giants, the government and citizens are more prepared.

October 21, 2020

A Cyber ‘Vigilante’ is Sabotaging Emotet’s Return

During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet’s recent return -and how a cyber vigilante is attempting to thwart the malware’s comeback.

August 5, 2020

Black Hat USA 2020: Critical Meetup.com Flaws Reveal Common AppSec Holes

With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com – and why they are the “holy grail” for attackers.

August 3, 2020

Encryption Under ‘Full-Frontal Nuclear Assault’ By U.S. Bills

The U.S. government and tech companies continue to butt heads over the idea of encryption and what that means for law enforcement.

July 27, 2020

 2

Chris Vickery: AI Will Drive Tomorrow’s Data Breaches

Chris Vickery talks about his craziest data breach discoveries and why “vishing” is the next top threat no one’s ready for.

July 21, 2020

 2

The Enemy Within: How Insider Threats Are Changing

Insider-threat security experts unravel the new normal during this time of remote working, and explain how to protect sensitive data from this escalating risk.

July 13, 2020

BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

BEC gangs like “Exaggerated Lion” are using tricky tactics – like exploiting G Suite – to scam companies out of millions.

May 14, 2020

 2

SLIDESHOWView all 

Top 2018 Security and Privacy Stories

The top cybersecurity and privacy trends that biggest impact in 2018.

December 26, 2018

 3

2019: The Year Ahead in Cybersecurity

What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.

December 25, 2018

 10

2018: A Banner Year for Breaches

A look back at the blizzard of breaches that made up 2018.

December 24, 2018

 2

2020 Cybersecurity Trends to Watch

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

December 31, 2019

Top Mobile Security Stories of 2019

Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.

December 30, 2019

Facebook Security Debacles: 2019 Year in Review

2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.

December 27, 2019

Biggest Malware Threats of 2019

2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.

December 24, 2019

 1

Top 10 IoT Disasters of 2019

From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.

December 23, 2019

 1

2019 Malware Trends to Watch

Here are 10 top malware trends to watch for in the New Year.

January 1, 2019

Top 2018 Security and Privacy Stories

The top cybersecurity and privacy trends that biggest impact in 2018.

December 26, 2018

 3

2019: The Year Ahead in Cybersecurity

What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.

December 25, 2018

 10

2018: A Banner Year for Breaches

A look back at the blizzard of breaches that made up 2018.

December 24, 2018

 2

2020 Cybersecurity Trends to Watch

Mobile becomes a prime phishing attack vector, hackers will increasingly employ machine learning in attacks and cloud will increasingly be seen as fertile ground for compromise.

December 31, 2019

Top Mobile Security Stories of 2019

Cybercrime increasingly went mobile in 2019, with everything from Apple iPhone jailbreaks and rogue Android apps to 5G and mobile-first phishing dominating the news coverage. Here are Threatpost’s Top 10 mobile security stories of 2019.

December 30, 2019

Facebook Security Debacles: 2019 Year in Review

2019 was a tumultuous year for Facebook as it continued to grapple with privacy fallout after Cambridge Analytica, as well as dealing with a slew of security challenges.

December 27, 2019

Biggest Malware Threats of 2019

2019 was another banner year for bots, trojans, RATS and ransomware. Let’s take a look back.

December 24, 2019

 1

Top 10 IoT Disasters of 2019

From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children’s connected toys, here are the top IoT disasters in 2019.

December 23, 2019

 1

2019 Malware Trends to Watch

Here are 10 top malware trends to watch for in the New Year.

January 1, 2019

Top 2018 Security and Privacy Stories

The top cybersecurity and privacy trends that biggest impact in 2018.

December 26, 2018

 3

2019: The Year Ahead in Cybersecurity

What are the top cyber trends to watch out for in 2019? Here’s what we’re hearing.

December 25, 2018

 10

2018: A Banner Year for Breaches

A look back at the blizzard of breaches that made up 2018.

December 24, 2018

 2

Subscribe to our newsletter, Threatpost Today!

 

Get the latest breaking news delivered daily to your inbox.

Subscribe now

Threatpost

The First Stop For Security News

• Home
• About Us
• Contact Us
• Advertise With Us
• RSS Feeds

• Copyright © 2020 Threatpost
• Privacy Policy
• Terms and Conditions
• Advertise

TOPICS

• Black Hat
• Breaking News
• Cloud Security
• Critical Infrastructure
• Cryptography
• Facebook
• Government
• Hacks
• IoT
• Malware
• Mobile Security
• Podcasts
• Privacy
• RSAC
• Security Analyst Summit
• Videos
• Vulnerabilities
• Web Security