Cybersecurity News
WeSteal: A Cryptocurrency-Stealing Tool That Does Just That
The developer of the WeSteal cryptocurrency stealer can’t be bothered with fancy talk: they say flat-out that it’s “the leading way to make money in 2021”.
Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds
Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows.Is the SolarWinds Hack Really a Seismic Shift?
Oliver Tavakoli, CTO of Vectra AI, discusses the massive supply-chain hack's legacy and ramifications for security professionals.
Ghost Town Security: What Threats Lurk in Abandoned Offices?
Millions of office buildings and campuses were rapidly abandoned during the pandemic. Now it's a year later - what happened in those office parks and downtown ghost towns? What security dangers lurk there now, waiting to ambush returning businesses?
Week in security with Tony Anscombe
Governments as cyber-targets – FBI and Have I Been Pwned team up to notify Emotet victims – Mac users urged to plug a serious security hole
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
The Ticking Time Bomb in Every Company's Code
Developers must weigh the benefits and risks of using third-party code in Web apps.7 Modern-Day Cybersecurity Realities
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
Microsoft Warns 25 Critical Vulnerabilities in IoT, Industrial Devices
Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.
SAP admits to ‘thousands’ of illegal software exports to Iran
SAP says it accepts “full responsibility for past conduct.”WeSteal: A ‘shameless’ cryptocurrency stealer sold in the underground
The brazen developer doesn’t even try to hide their creation’s true purpose.ISC urges updates of DNS servers to wipe out new BIND vulnerabilities
The security flaws could lead to remote exploitation.XDR Pushing Endpoint Detection and Response Technologies to Extinction
Ironically, EDR's success has spawn demand for technology that extends beyond it.Babuk Ransomware Gang Mulls Retirement
The RaaS operators have been posting, tweaking and taking down a goodbye note, saying that they'll be open-sourcing their data encryption malware for other crooks to use.
Researchers Connect Complex Specs to Software Vulnerabilities
Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.F5 Big-IP Vulnerable to Security-Bypass Bug
The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console.
API Hole on Experian Partner Site Exposes Credit Scores
Student researcher is concerned security gap may exist on many other sites.New Terminal Software Module Introduced in PCI Secure Software Standard Version 1.1
Today, the PCI Security Standards Council (PCI SSC) published version 1.1 of the PCI Secure Software Standard and its supporting program documentation. The PCI Secure Software Standard is one of two standards that are part of the PCI Software Security Framework (SSF). The PCI Secure Software requirements provide assurance that payment software is designed, engineered, developed and maintained in a manner that protects payment transactions and data, minimizes vulnerabilities, and defends itself from attacks.
'BadAlloc' Flaws Could Threaten IoT and OT Devices: Microsoft
More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.Experian API Leaks Most Americans’ Credit Scores
Researchers fear wider exposure, amidst a tepid response from Experian.
People with dyslexia have skills that we need, says GCHQ
UK surveillance agency says it has long valued neuro-diverse analysts – including Alan Turing
Apprentices on GCHQ’s scheme are four times more likely to have dyslexia than those on other organisations’ programmes, the agency has said, the result of a drive to recruit those whose brains process information differently.
GCHQ says those with dyslexia have valuable skills spotting patterns that others miss – a key area the spy agency wants to encourage as it pivots away from dead letter drops and bugging towards high-tech cybersecurity and data analysis.
Related: GCHQ releases 'most difficult puzzle ever' in honour of Alan Turing
Continue reading...