Cybersecurity News


Toys behaving badly: How parents can protect their family from IoT threats

It pays to do some research before taking a leap into the world of internet-connected toys

The post Toys behaving badly: How parents can protect their family from IoT threats appeared first on WeLiveSecurity

08 September 2022

RDP on the radar: An up‑close view of evolving remote access threats

Misconfigured remote access services continue to give bad actors an easy access path to company networks – here’s how you can minimize your exposure to attacks misusing Remote Desktop Protocol

The post RDP on the radar: An up‑close view of evolving remote access threats appeared first on WeLiveSecurity

07 September 2022

Worok: The big picture

Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files

The post Worok: The big picture appeared first on WeLiveSecurity

06 September 2022

Violence-as-a-Service: Brickings, Firebombings & Shootings for Hire

A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say the defendant recently participated in several of these schemes -- including firing a handgun into a Pennsylvania home and torching a residence in another part of the state with a Molotov Cocktail.
04 September 2022

Will cyber‑insurance pay out? – Week in security with Tony Anscombe

What if your organization is hit by a cyberattack that is attributed to a nation state? Would your insurance cover the costs of the attack?

The post Will cyber‑insurance pay out? – Week in security with Tony Anscombe appeared first on WeLiveSecurity

02 September 2022

Request for Comments: PTS POI Modular Security Requirements v6.2 


From 1 September to 30 September 2022, eligible PCI SSC stakeholders are invited to review and provide feedback on the PTS POI Modular Security Requirements v6.2 draft during a 30-day request for comments (RFC) period. The full list of stakeholders eligible to participate can be found on the PCI SSC RFC webpage.  

01 September 2022

Final Thoughts on Ubiquiti

Last year, I posted a series of articles about a purported “breach” at Ubiquiti. My sole source for that reporting was the person who has since been indicted by federal prosecutors for his alleged wrongdoing – which includes providing false… Read More »
31 August 2022

Coffee with the Council Podcast: Internet of Things Security in Payment Environments

 

Welcome to our podcast series, Coffee with the Council. I'm Alicia Malone, Senior Manager of Public Relations for the PCI Security Standards Council. Recently, our organization teamed up with the Consumer Technology Association to issue a joint bulletin on a very important topic, security surrounding the Internet of Things, or IoT. Joining me today for this episode are Andrew Jamieson, Vice President of Solution Standards at PCI Security Standards Council, and Mike Bergman, Vice President of Technology and Standards at the Consumer Technology Association. Welcome!

31 August 2022

Student Loan Breach Exposes 2.5M Records

Student Loan Breach Exposes 2.5M Records 2.5 million people were affected, in a breach that could spell more trouble down the line.
31 August 2022

How to take control over your digital legacy

Do you have a plan for what will happen to your digital self when you pass away? Here’s how to put your digital affairs in order on Facebook, Google, Twitter and other major online services.

The post How to take control over your digital legacy appeared first on WeLiveSecurity

31 August 2022

Watering Hole Attacks Push ScanBox Keylogger

Watering Hole Attacks Push ScanBox Keylogger Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
30 August 2022

How 1-Time Passcodes Became a Corporate Liability

Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world's largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.
30 August 2022

TikShock: Don’t get caught out by these 5 TikTok scams

Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok?

The post TikShock: Don’t get caught out by these 5 TikTok scams appeared first on WeLiveSecurity

30 August 2022

PCI DSS v4.0: Is the Customized Approach Right For Your Organization?

 

This blog is the second in a series of articles on the customized approach. The first article provided a high-level overview of the customized approach and explored the difference between compensating controls and the customized approach. This article focuses on considerations for entities thinking about implementing a customized approach, and includes the customized approach resources provided in PCI DSS for the assessed entity and in the PCI DSS Report on Compliance Template for the assessor.

29 August 2022

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
29 August 2022

Ransomware Attacks are on the Rise

Ransomware Attacks are on the Rise Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
26 August 2022

French hospital crippled by cyberattack – Week in security with Tony Anscombe

As another hospital falls victim to ransomware, Tony weighs in on the much-debated issue of banning ransomware payouts

The post French hospital crippled by cyberattack – Week in security with Tony Anscombe appeared first on WeLiveSecurity

26 August 2022

Cybercriminals Are Selling Access to Chinese Surveillance Cameras

Cybercriminals Are Selling Access to Chinese Surveillance Cameras Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
25 August 2022

What is doxing and how to protect yourself

Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you

The post What is doxing and how to protect yourself appeared first on WeLiveSecurity

25 August 2022

Twitter Whistleblower Complaint: The TL;DR Version

Twitter Whistleblower Complaint: The TL;DR Version Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
24 August 2022