Cybersecurity News


How to Choose the Right Cybersecurity Framework

Cybersecurity frameworks can help reduce your risk of supply chain attacks and increase your competitive advantage.
15 March 2021

Verkada Breach Demonstrates Danger of Overprivileged Users

In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.
15 March 2021

WeLeakInfo Leaked Customer Payment Info

A little over a year ago, the FBI and law enforcement partners overseas seized WeLeakInfo[.]com, a wildly popular service that sold access to more than 12 billion usernames and passwords stolen from thousands of hacked websites. In an ironic turn of events, a lapsed domain registration tied to WeLeakInfo let someone plunder and publish account data for 23,000 people who paid to access the service with a credit card.
15 March 2021

Hafnium’s China Chopper: a ‘slick’ and tiny web shell for creating server backdoors

Hafnium has been linked to recent attacks on Microsoft Exchange Server.
15 March 2021

Microsoft investigates potential ties between partner security firm, Exchange Server attack code leak

Exploit tools used in widespread attacks reportedly are similar to PoC code privately distributed by Microsoft to vendors.
15 March 2021

PayPal fraud: What merchants should know

From overpayment to shipping scams, what are some of the most common threats that merchants using PayPal should watch out for?

The post PayPal fraud: What merchants should know appeared first on WeLiveSecurity

15 March 2021

Sky Global CEO indicted over encrypted chat drug trafficking, calls allegations an 'outrage'

The executive says the indictment highlights the “vilification” of anyone “who takes a stance against unwarranted surveillance.”
15 March 2021

Critical Security Hole Can Knock Smart Meters Offline

Critical Security Hole Can Knock Smart Meters Offline Unpatched Schneider Electric PowerLogic ION/PM smart meters are open to dangerous attacks.
12 March 2021

Microsoft Exchange Server Attacks: 9 Lessons for Defenders

Microsoft Exchange Server Attacks: 9 Lessons for Defenders Experts share their guidance for organizations running on-premise Exchange servers in the wake of rapidly spreading attacks.
12 March 2021

Contemplating the Coffee Supply Chain: A Horror Story

Contemplating the Coffee Supply Chain: A Horror Story On the bean-to-cup journey, dangers await around every corner. Here, well-caffeinated security experts warn the coffee industry about the threats.
12 March 2021

REvil Group Claims Slew of Ransomware Attacks

REvil Group Claims Slew of Ransomware Attacks The threat group behind the Sodinokibi ransomware claimed to have recently compromised nine organizations.
12 March 2021

Europol Credits Sweeping Arrests to Cracked Sky ECC Comms  

Europol Credits Sweeping Arrests to Cracked Sky ECC Comms   Sky ECC claims that cops cracked a fake version of the app being passed off by disgruntled reseller.
12 March 2021

Can a Programming Language Reduce Vulnerabilities?

Rust offers a safer programming language, but adoption is still a problem despite recent signs of increasing popularity.
12 March 2021

Metamorfo Banking Trojan Abuses AutoHotKey to Avoid Detection

Metamorfo Banking Trojan Abuses AutoHotKey to Avoid Detection A legitimate binary for creating shortcut keys in Windows is being used to help the malware sneak past defenses, in a rash of new campaigns.
12 March 2021

Microsoft Exchange Exploits Pave a Ransomware Path

Microsoft Exchange Exploits Pave a Ransomware Path As attacks double every hour, hackers are exploiting vulnerable Microsoft Exchange servers and installing a new family of ransomware called DearCry.
12 March 2021

Molson Coors Cracks Open a Cyberattack Investigation

Molson Coors Cracks Open a Cyberattack Investigation The multinational brewing company did not say what type of incident caused a ‘systems outage,’ but it's investigating and working to get networks back online.
12 March 2021

Week in security with Tony Anscombe

ESET research into exploitation of Microsoft Exchange flaws – How smart sex toys may expose your privacy – E-health versus your personal data

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

12 March 2021

Power Equipment: A New Cybersecurity Frontier

Power systems, HVAC systems, and other network-connected devices are exposing new vulnerabilities that must be secured.
12 March 2021

Microsoft Reports 'DearCry' Ransomware Targeting Exchange Servers

Attackers have begun to deploy ransomware on Microsoft Exchange Servers compromised by the ProxyLogon exploits.
12 March 2021

Just Released: Version 3.1 of the PCI PIN Security Standard

 

Today, the PCI SSC published a minor revision to the PCI PIN Security Requirements and Testing Procedures—also known as the PCI PIN Security Standard. Version 3.1 of the Standard includes clarifications and updates previously released via FAQs and bulletins and incorporates stakeholder feedback and comments received via a formal request for comment (RFC) period.

12 March 2021