Cybersecurity News


UK Sets Up Fake Booter Sites To Muddy DDoS Market

The United Kingdom's National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. 
28 March 2023

How the world is turning against social media

How the world is turning against social media

France has banned not only TikTok from government phones, but Facebook and Twitter, too. Could this be a tipping point for big tech? Plus, AI-generated pictures of the pope signal a new type of viral image

Government workers in the UK, US, Canada and European Union (the list will have grown by the time you read this) are banned from installing TikTok on their phones.

On Friday, France joined that list, preventing its civil servants from installing TikTok – and everything else. From the government’s press release (original in French):

After an analysis of the issues, in particular security, the government has decided to ban the downloading and installation of recreational applications on professional telephones provided to public officials from now on.

Recreational applications do not have sufficient levels of cybersecurity and data protection to be deployed on government equipment. This ban applies immediately and uniformly. Exemptions may be granted on an exceptional basis …

Continue reading...
28 March 2023

Staying safe on OnlyFans: The naked truth

How content creators and subscribers can embrace the social media platform without (overly) exposing themselves to the potentially toxic brew of NSFW content and privacy threats

The post Staying safe on OnlyFans: The naked truth appeared first on WeLiveSecurity

28 March 2023

Request for Comments: PCI TSP Security Requirements


From 27 March to 27 April 2023, eligible stakeholders are invited to review and provide feedback on the PCI Token Service Provider (TSP) Security Requirements v1.0 during a 30-day request for comments (RFC) period. 

27 March 2023

Yes, it’s crazy to have TikTok on official phones. But it’s not good for any of us | John Naughton

Yes, it’s crazy to have TikTok on official phones. But it’s not good for any of us | John Naughton Fears for data security lie behind recent government bans on the Chinese-owned app, but zombie scrolling has health dangers too

As of this moment, government officials in 11 countries are forbidden to run TikTok on their government-issued phones. The countries include the US, Canada, Denmark, Belgium, the UK, New Zealand, Norway, France, the Netherlands and Poland. In addition, European Commission and European parliament staff were required to delete the app. This raises two questions.

First, why were politicians and senior officials in democracies scrolling like zombies through dance crazes, daft pet videos, feeling “bonita” and things you can do with smudged lipstick?

Continue reading...
26 March 2023

TikTok banned on London City Hall devices over security concerns

TikTok banned on London City Hall devices over security concerns

Move by Greater London authority comes after Chinese-owned app was blocked on UK parliamentary devices

London City Hall staff will no longer have TikTok on their devices in the latest ban imposed on the Chinese-owned social media app over security concerns.

The Greater London authority (GLA) said the rule was implemented as it takes information security “extremely seriously”.

Continue reading...
25 March 2023

Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe

Here are some of the key moments from the five hours of Shou Zi Chew's testimony and other interesting news on the data privacy front

The post Highlights from TikTok CEO’s Congress grilling – Week in security with Tony Anscombe appeared first on WeLiveSecurity

24 March 2023

What TikTok knows about you – and what you should know about TikTok

As TikTok CEO attempts to placate U.S. lawmakers, it’s time for us all to think about the wealth of personal information that TikTok and other social media giants collect about us

The post What TikTok knows about you – and what you should know about TikTok appeared first on WeLiveSecurity

24 March 2023

Spotlight On: BT Group, a New Principal Participating Organization

 

Welcome BT Group, a new Principal Participating Organization (PPO) at the PCI Security Standards Council! The Council’s Participating Organization program enables global collaboration by bringing together industry leaders to strategize about how to protect payment data from the latest threats and to anticipate the needs of an ever-changing payment ecosystem. In this special spotlight edition of our PCI Perspectives Blog, Simon Turner, Senior Manager, ISSCA Consultancy Services at BT Group introduces us to his company and how they are helping to shape the future of payment security.

23 March 2023

TikTok to be banned from UK parliamentary devices

TikTok to be banned from UK parliamentary devices

Move follows UK government’s decision to ban Chinese-owned video-sharing app

Parliament is to ban the Chinese-owned video-sharing app TikTok from “all parliamentary devices and the wider parliamentary network”, citing the need for cybersecurity.

The move goes further than the ban last week of the app on government mobile phones and devices, covering the whole parliamentary network. That means that MPs and parliamentary staff who continue to have TikTok installed on personal devices will find the service blocked if they try to access it over parliamentary wifi.

Continue reading...
23 March 2023

Understanding Managed Detection and Response – and what to look for in an MDR solution

Why your organization should consider an MDR solution and five key things to look for in a service offering

The post Understanding Managed Detection and Response – and what to look for in an MDR solution appeared first on WeLiveSecurity

23 March 2023

Google Suspends Chinese E-Commerce App Pinduoduo Over Malware

Google says it has suspended the app for the Chinese e-commerce giant Pinduoduo after malware was found in versions of the app. The move comes just weeks after Chinese security researchers published an analysis suggesting the popular e-commerce app sought to seize total control over affected devices by exploiting multiple security vulnerabilities in a variety of Android-based smartphones.
22 March 2023

Watch Questions with the Council: PCI DSS v4.0 and the Customized Approach

 

In the second installment of the “Questions with the Council” video series, Data Security Standards Manager, Kandyce Young, answers the payment industry’s questions about PCI DSS v4.0. The questions focus specifically on the customized approach and compensating controls. Questions include:

20 March 2023

Twitter ends free SMS 2FA: Here’s how you can protect your account now

Twitter’s ditching of free text-message authentication doesn’t mean that you should forgo using 2FA. Instead, switch to another – and, indeed, better – 2FA option.

The post Twitter ends free SMS 2FA: Here’s how you can protect your account now appeared first on WeLiveSecurity

20 March 2023

Why You Should Opt Out of Sharing Data With Your Mobile Provider

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device -- unless and until you affirmatively opt out of this data collection. Here's a primer on why you might want to do that, and how. Certain questions might be coming to mind right now, like "What the heck is CPNI?" And, 'If it's so 'customer proprietary,' why is AT&T sharing it with marketers?" Also maybe, "What can I do about it?" Read on for answers to all three questions.
20 March 2023

BBC urges staff to delete TikTok from company mobile phones

BBC urges staff to delete TikTok from company mobile phones

Move comes after UK government bans app on government devices over fears of data being accessed by Chinese state

The BBC has urged its staff to delete the Chinese-own social media app TikTok from corporate mobile phones.

Guidance to BBC staff circulated on Sunday said: “We don’t recommend installing TikTok on a BBC corporate device unless there is a justified business reason. If you do not need TikTok for business reasons, TikTok should be deleted.”

Continue reading...
19 March 2023

Feds Charge NY Man as BreachForums Boss “Pompompurin”

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely first show up for sale. The forum's administrator "Pompompurin" has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022.
17 March 2023

Why is TikTok banned from government phones – and should rest of us be worried?

Why is TikTok banned from government phones – and should rest of us be worried?

UK has removed app over concerns data can be monitored by Chinese state, but public remain vulnerable

TikTok is wildly popular, with more than 1 billion people consuming its short video posts around the world. But the app is less favoured by politicians in key markets such as the US and UK, where it has been banned from government-issued phones over security fears. We answer your questions about why TikTok has become a lightning rod for suspicion of Chinese state espionage – and whether nationwide bans are likely.

Continue reading...
17 March 2023

Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe

Scammers are looking to cash in on the chaos that has set in following the startling meltdowns of Silicon Valley Bank and Signature Bank and the crisis at Credit Suisse

The post Banking turmoil opens opportunities for fraud – Week in security with Tony Anscombe appeared first on WeLiveSecurity

17 March 2023

SVB collapse is a scammer’s dream: Don’t get caught out

How cybercriminals can exploit Silicon Valley Bank's downfall for their own ends and at your expense

The post SVB collapse is a scammer’s dream: Don’t get caught out appeared first on WeLiveSecurity

17 March 2023