Cybersecurity News
UK Sets Up Fake Booter Sites To Muddy DDoS Market
The United Kingdom's National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services.How the world is turning against social media

France has banned not only TikTok from government phones, but Facebook and Twitter, too. Could this be a tipping point for big tech? Plus, AI-generated pictures of the pope signal a new type of viral image
Government workers in the UK, US, Canada and European Union (the list will have grown by the time you read this) are banned from installing TikTok on their phones.
On Friday, France joined that list, preventing its civil servants from installing TikTok – and everything else. From the government’s press release (original in French):
After an analysis of the issues, in particular security, the government has decided to ban the downloading and installation of recreational applications on professional telephones provided to public officials from now on.
Recreational applications do not have sufficient levels of cybersecurity and data protection to be deployed on government equipment. This ban applies immediately and uniformly. Exemptions may be granted on an exceptional basis …
Continue reading...Staying safe on OnlyFans: The naked truth
How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats
The post Staying safe on OnlyFans: The naked truth appeared first on WeLiveSecurity
Request for Comments: PCI TSP Security Requirements
From 27 March to 27 April 2023, eligible stakeholders are invited to review and provide feedback on the PCI Token Service Provider (TSP) Security Requirements v1.0 during a 30-day request for comments (RFC) period.
Yes, it’s crazy to have TikTok on official phones. But it’s not good for any of us | John Naughton

As of this moment, government officials in 11 countries are forbidden to run TikTok on their government-issued phones. The countries include the US, Canada, Denmark, Belgium, the UK, New Zealand, Norway, France, the Netherlands and Poland. In addition, European Commission and European parliament staff were required to delete the app. This raises two questions.
First, why were politicians and senior officials in democracies scrolling like zombies through dance crazes, daft pet videos, feeling “bonita” and things you can do with smudged lipstick?
Continue reading...TikTok banned on London City Hall devices over security concerns

Move by Greater London authority comes after Chinese-owned app was blocked on UK parliamentary devices
London City Hall staff will no longer have TikTok on their devices in the latest ban imposed on the Chinese-owned social media app over security concerns.
The Greater London authority (GLA) said the rule was implemented as it takes information security “extremely seriously”.
Continue reading...Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe
Here are some of the key moments from the five hours of Shou Zi Chew's testimony and other interesting news on the data privacy front
The post Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe appeared first on WeLiveSecurity
What TikTok knows about you – and what you should know about TikTok
As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us
The post What TikTok knows about you – and what you should know about TikTok appeared first on WeLiveSecurity
Spotlight On: BT Group, a New Principal Participating Organization
Welcome BT Group, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! The Council’s Participating Organization program enables global collaboration by bringing together industry leaders to strategize about how to protect payment data from the latest threats and to anticipate the needs of an ever-changing payment ecosystem. In this special spotlight edition of our PCI Perspectives Blog, Simon Turner, Senior Manager, ISSCA Consultancy Services at BT Group introduces us to his company and how they are helping to shape the future of payment security.
TikTok to be banned from UK parliamentary devices

Move follows UK government’s decision to ban Chinese-owned video-sharing app
Parliament is to ban the Chinese-owned video-sharing app TikTok from “all parliamentary devices and the wider parliamentary network”, citing the need for cybersecurity.
The move goes further than the ban last week of the app on government mobile phones and devices, covering the whole parliamentary network. That means that MPs and parliamentary staff who continue to have TikTok installed on personal devices will find the service blocked if they try to access it over parliamentary wifi.
Continue reading...Understanding Managed Detection and Response – and what to look for in an MDR solution
Why your organization should consider an MDR solution and five key things to look for in a service offering
The post Understanding Managed Detection and Response – and what to look for in an MDR solution appeared first on WeLiveSecurity
Google Suspends Chinese E-Commerce App Pinduoduo Over Malware
Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.Watch Questions with the Council: PCI DSS v4.0 and the Customized Approach
In the second installment of the “Questions with the Council” video series, Data Security Standards Manager, Kandyce Young, answers the payment industry’s questions about PCI DSS v4.0. The questions focus specifically on the customized approach and compensating controls. Questions include:
Twitter ends free SMS 2FA: Here’s how you can protect your account now
Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option.
The post Twitter ends free SMS 2FA: Here’s how you can protect your account now appeared first on WeLiveSecurity
Why You Should Opt Out of Sharing Data With Your Mobile Provider
A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device -- unless and until you affirmatively opt out of this data collection. Here's a primer on why you might want to do that, and how. Certain questions might be coming to mind right now, like "What the heck is CPNI?" And, 'If it's so 'customer proprietary,' why is AT&T sharing it with marketers?" Also maybe, "What can I do about it?" Read on for answers to all three questions.BBC urges staff to delete TikTok from company mobile phones

Move comes after UK government bans app on government devices over fears of data being accessed by Chinese state
The BBC has urged its staff to delete the Chinese-own social media app TikTok from corporate mobile phones.
Guidance to BBC staff circulated on Sunday said: “We don’t recommend installing TikTok on a BBC corporate device unless there is a justified business reason. If you do not need TikTok for business reasons, TikTok should be deleted.”
Continue reading...Feds Charge NY Man as BreachForums Boss “Pompompurin”
The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely first show up for sale. The forum's administrator "Pompompurin" has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022.Why is TikTok banned from government phones – and should rest of us be worried?

UK has removed app over concerns data can be monitored by Chinese state, but public remain vulnerable
TikTok is wildly popular, with more than 1 billion people consuming its short video posts around the world. But the app is less favoured by politicians in key markets such as the US and UK, where it has been banned from government-issued phones over security fears. We answer your questions about why TikTok has become a lightning rod for suspicion of Chinese state espionage – and whether nationwide bans are likely.
Continue reading...Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe
Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse
The post Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe appeared first on WeLiveSecurity
SVB collapse is a scammer’s dream: Don’t get caught out
How cybercriminals can exploit Silicon Valley Bank's downfall for their own ends and at your expense
The post SVB collapse is a scammer’s dream: Don’t get caught out appeared first on WeLiveSecurity