Cybersecurity News


How Industrial IoT Security Can Catch Up With OT/IT Convergence

How Industrial IoT Security Can Catch Up With OT/IT Convergence Ransomware can easily make a connection between IT and OT already. How can blue teams do the same?
20 November 2020

Security Pros Push for More Pervasive Threat Modeling

With the release of the "Threat Modeling Manifesto," a group of 16 security professionals hope to prompt more companies to consider the threats to software.
20 November 2020

Drupal sites vulnerable to double-extension attacks

The 90s called. They want their vulnerability back.
20 November 2020

Week in security with Tony Anscombe

Lazarus takes aim at South Korea via an unusual supply-chain attack – The harsh reality of poor passwords – Bumble bitten by bugs

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

20 November 2020

New Grelos Skimmer Variants Siphon Credit Card Data

New Grelos Skimmer Variants Siphon Credit Card Data Domains related to the new variant of the Grelos web skimmer have compromised dozens of websites so far.
20 November 2020

5 takeaways from the 2020 (ISC)2 Cybersecurity Workforce Study

From the impact of the pandemic on cybersecurity careers to workers’ job satisfaction, the report offers a number of interesting findings

The post 5 takeaways from the 2020 (ISC)<sup>2</sup> Cybersecurity Workforce Study appeared first on WeLiveSecurity

20 November 2020

SAFECode and PCI SSC Discuss the Evolution of Secure Software


When the PCI Security Standards Council (PCI SSC) developed its Software Security Framework (SSF) a few years ago, it relied on the expertise of a Software Security Task Force. As part of this task force, SAFECode, along with other industry partners, played an instrumental role in the development of the framework and its standards. 

20 November 2020

Facebook Messenger Bug Allows Spying on Android Users

Facebook Messenger Bug Allows Spying on Android Users The company patched a vulnerability that could connected video and audio calls without the knowledge of the person receiving them.
20 November 2020

Convicted SIM Swapper Gets 3 Years in Jail

A 21-year-old Irishman who pleaded guilty to charges of helping to steal millions of dollars in cryptocurrencies from victims has been sentenced to just under three years in prison. The defendant is part of an alleged conspiracy involving at least eight others in the United States who stand accused of theft via SIM swapping, a […]
20 November 2020

How Cyberattacks Work

Cyberattacks are run like military attacks, in four main phases: reconnaissance, attack, exfiltration, and maintaining position. Understanding this makes fighting back easier.
20 November 2020

Two Romanians arrested for running three malware services

The two ran two malware crypter services called CyberSeal and DataProtector, and a malware testing service called CyberScan.
20 November 2020

The malware that usually installs ransomware and you need to remove right away

If you see any of these malware strains on your enterprise networks, stop everything you're doing and audit all systems.
20 November 2020

Telos Goes Public

Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.
19 November 2020

ISP Security: Do We Expect Too Much?

ISP Security: Do We Expect Too Much? With so many people now connecting to business networks from home routers, ISP security takes on heightened importance. The question becomes, is the security provided by ISPs good enough to be the only security SMBs and remote employees need?
19 November 2020

Iowa Hospital Alerts 60K Individuals Affected by June Data Breach

The data breach began with a compromised employee email account.
19 November 2020

Cybercriminals Get Creative With Google Services

Attacks take advantage of popular services, including Google Forms and Google Docs.
19 November 2020

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.
19 November 2020

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

German COVID-19 Contact-Tracing Vulnerability Allowed RCE Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration.
19 November 2020

Go SMS Pro Messaging App Exposed Users' Private Media Files

The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
19 November 2020

Facebook Messenger bug could have allowed hackers to spy on users

The now-patched Messenger bug could have allowed callers to connect audio calls without the callee's knowledge or approval.
19 November 2020