Cybersecurity News


SparklingGoblin deploys new Linux backdoor – Week in security, special edition

ESET Research first spotted this variant of the SideWalk backdoor in the network of a Hong Kong university in February 2021

The post SparklingGoblin deploys new Linux backdoor – Week in security, special edition appeared first on WeLiveSecurity

15 September 2022

Dispatch from the NACM: Day 2

 

The first full day of the 2022 North America Community Meeting was filled with engaging and informative sessions. Alicia Malone, Senior Manager of Public Relations sits down to provide a recap of the day. Highlights from the conversation include:

14 September 2022

Say Hello to Crazy Thin ‘Deep Insert’ ATM Skimmers

A number of financial institutions in and around New York City are dealing with a rash of super-thin "deep insert" card skimming devices designed to fit inside the mouth of an ATM's card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here's a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild.
14 September 2022

New Opportunities for Collaboration with the Council Coming in 2023

 

This week, the PCI SSC hosts the first in-person Community Meeting in Toronto, Canada since 2019. In this blog, we interview Lance Johnson, Executive Director of the PCI SSC about his major announcement related to the PCI SSC Participating Organization (PO) program.

14 September 2022

You never walk alone: The SideWalk backdoor gets a Linux variant

ESET researchers have uncovered another tool in the already extensive arsenal of the SparklingGoblin APT group: a Linux variant of the SideWalk backdoor

The post You never walk alone: The SideWalk backdoor gets a Linux variant appeared first on WeLiveSecurity

14 September 2022

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

This month's Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of zero-day bugs affecting certain macOS and iOS users, and released iOS 16, which includes a nifty new privacy and security feature called "Lockdown Mode." And Adobe axed 63 vulnerabilities in a range of products.
13 September 2022

Dispatch from the NACM: Day 1

 

The 2022 North America Community Meeting kicked off today in Toronto with Community Day. Mark Meissner, Senior Vice President, Education & Engagement Officer sits down to provide a recap of the day. Highlights from the conversation include:

13 September 2022

Why is my Wi‑Fi slow and how do I make it faster?

Has your Wi-Fi speed slowed down to a crawl? Here are some of the possible reasons along with a few quick fixes to speed things up.

The post Why is my Wi‑Fi slow and how do I make it faster? appeared first on WeLiveSecurity

13 September 2022

New Information Supplement: Guidance for Containers and Container Orchestration Tools

 

PCI Security Standards Council has published a new Information Supplement: Guidance for Containers and Container Orchestration Tools. This document was produced by the 2021 Special Interest Group (SIG), the members of which provided their expertise and shared experience for applying best practices to containers and container orchestration tools for payment systems. 

09 September 2022

ESET Research uncovers new APT group Worok – Week in security with Tony Anscombe

Worok takes aim at various high-profile organizations that operate in multiple sectors and are located primarily in Asia

The post ESET Research uncovers new APT group Worok – Week in security with Tony Anscombe appeared first on WeLiveSecurity

09 September 2022

Transacting in Person with Strangers from the Internet

Communities like Craigslist, OfferUp, Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don't deserve to end up in a landfill. But when dealing with strangers from the Internet, there is always a risk that the person you've agreed to meet has other intentions.
09 September 2022

Introducing the New PCI SSC Mobile App

 

The PCI Security Standards Council (PCI SSC) is pleased to announce the release of its new mobile app. The PCI SSC mobile app allows for more direct engagement with payment industry stakeholders, including instant notification of Council news and announcements, and easier access to important resources. PCI SSC launched its mobile app as a new channel to communicate more effectively with its global stakeholder community. The PCI SSC mobile app is intended for those who are associated with payment cards including merchants of all sizes, financial institutions, point-of-sale vendors, assessors, and hardware and software developers who create and operate the global infrastructure for processing payments.

08 September 2022

Toys behaving badly: How parents can protect their family from IoT threats

It pays to do some research before taking a leap into the world of internet-connected toys

The post Toys behaving badly: How parents can protect their family from IoT threats appeared first on WeLiveSecurity

08 September 2022

RDP on the radar: An up‑close view of evolving remote access threats

Misconfigured remote access services continue to give bad actors an easy access path to company networks – here’s how you can minimize your exposure to attacks misusing Remote Desktop Protocol

The post RDP on the radar: An up‑close view of evolving remote access threats appeared first on WeLiveSecurity

07 September 2022

Worok: The big picture

Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files

The post Worok: The big picture appeared first on WeLiveSecurity

06 September 2022

Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say the defendant recently participated in several of these schemes -- including firing a handgun into a Pennsylvania home and torching a residence in another part of the state with a Molotov Cocktail.
04 September 2022

Will cyber‑insurance pay out? – Week in security with Tony Anscombe

What if your organization is hit by a cyberattack that is attributed to a nation state? Would your insurance cover the costs of the attack?

The post Will cyber‑insurance pay out? – Week in security with Tony Anscombe appeared first on WeLiveSecurity

02 September 2022

Request for Comments: PTS POI Modular Security Requirements v6.2 


From 1 September to 30 September 2022, eligible PCI SSC stakeholders are invited to review and provide feedback on the PTS POI Modular Security Requirements v6.2 draft during a 30-day request for comments (RFC) period. The full list of stakeholders eligible to participate can be found on the PCI SSC RFC webpage.  

01 September 2022

Final Thoughts on Ubiquiti

Last year, I posted a series of articles about a purported “breach” at Ubiquiti. My sole source for that reporting was the person who has since been indicted by federal prosecutors for his alleged wrongdoing – which includes providing false… Read More »
31 August 2022

Coffee with the Council Podcast: Internet of Things Security in Payment Environments

 

Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. Recently, our organization teamed up with the Consumer Technology Association to issue a joint bulletin on a very important topic, security surrounding the Internet of Things, or IoT. Joining me today for this episode are Andrew Jamieson, Vice President of Solution Standards at PCI Security Standards Council, and Mike Bergman, Vice President of Technology and Standards at the Consumer Technology Association. Welcome!

31 August 2022