Cybersecurity News
Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
CISA warns that threat actors are ramping up attacks against unpatched Log4Shell vulnerability in VMware servers.
PCI DSS v4.0: A Perspective from India
Nitin Bhatnagar: Hello, listeners. Welcome to Coffee with the Council, where we discuss what's happening around the payment industry globally and bring a regional perspective to our audience. I'm your host, Nitin Bhatnagar, Associate Director of India for the PCI Security Standards Council. Today, we will be talking about PCI DSS v4.0, a perspective from India, with our special guests Swati Sharma, Leader, CISO Office, Amazon Pay; Dhananjay Khanna SVP and CISO of SBI Card; and Divya John, AVP, Risk and Compliance, HDFC bank. Let's get started.
5 ways cybercriminals steal credit card details
Here are some of the most common ways hackers can get hold of other people’s credit card data – and how you can keep yours safe
The post 5 ways cybercriminals steal credit card details appeared first on WeLiveSecurity
Instagram’s new age verification tool – Week in security with Tony Anscombe
As Instagram tests a new age verification tool, what are some of the concerns when it comes to confirming someone's age on the internet?
The post Instagram’s new age verification tool – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Google details commercial spyware that targets both Android and iOS devices
Hermit highlights a wider issue concerning our privacy and freedom.Scalper bots are snapping up appointments for government services in Israel
Scalpers are snapping up public service appointments and selling them on.Google Warns Spyware Being Deployed Against Android, iOS Users
The company is warning victims in Italy and Kazakhstan that they have been targeted by the malware from Italian firm RCS Labs.
These hackers are spreading ransomware as a distraction - to hide their cyber spying
Five ransomware strains have been linked to Bronze Starlight activities.Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug
The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.
Virtual private networks: 5 common questions about VPNs answered
(Almost) everything you always wanted to know about virtual private networks, but were afraid to ask
The post Virtual private networks: 5 common questions about VPNs answered appeared first on WeLiveSecurity
Ukrainian organizations warned of hacking attempts using CredoMap malware, Cobalt Strike beacons
Russian hackers continue their attempts to break into the systems of Ukrainian organisations, this time with phishing and fake emails.Meet the Administrators of the RSOCKS Proxy Botnet
Authorities in the United States, Germany, the Netherlands and the U.K. last week said they dismantled the "RSOCKS" botnet, a collection of millions of hacked devices that were sold as "proxies" to cybercriminals looking for ways to route their malicious traffic through someone else's computer. While the coordinated action did not name the Russian hackers allegedly behind RSOCKS, KrebsOnSecurity has identified its owner as a Russian man living abroad who also runs the world's top Russian spamming forum.Gamification of Ethical Hacking and Hacking Esports
Joseph Carson, Chief Security Scientist and Advisory CISO at Delinea, explores why gamified platforms and hacking esports are the future.
Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture
Culture of ‘insecure-by-design’ security is cited in discovery of bug-riddled operational technology devices.
Elusive ToddyCat APT Targets Microsoft Exchange Servers
The threat actor targets institutions and companies in Europe and Asia.
How Microsoft's AI spots ransomware attacks before they even get started
Microsoft is targeting human-operated ransomware operations.Modern IT Security Teams’ Inevitable Need for Advanced Vulnerability Management
Traditional vulnerability management programs are outdated, with little to no innovation in the last two decades. Today's dynamic IT environment demands an advanced vulnerability management program to deal with the complex attack surface and curb security risks.
Kazakh Govt. Used Spyware Against Protesters
Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders.
Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack
A reported a "potentially dangerous piece of functionality" allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive.