Cybersecurity News


Card data from the Volusion web skimmer incident surfaces on the dark web

In September-October 2019, hackers planted malware to steal card data from 6,589 online stores.
12 March 2020

Back to the Future: A Threat Intelligence Journey

Threat intelligence needs the problem solvers, the curious ones, the mission seekers, the analytical minds, the defenders, and the fierce -- whatever their gender.
12 March 2020

Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs

Akamai Talks Massive Uptick in Credential-Stuffing Attacks Against Bank APIs Researchers with Akamai say that 75 percent of all credential abuse attacks against the financial services industry were targeting APIs.
12 March 2020

Cookiethief Android malware uses proxies to hijack your Facebook account

Cookiethief Trojan infections are on the rise and Facebook cookies appear to be a prime target.
12 March 2020

Tracking Turla: New backdoor delivered via Armenian watering holes

Can an old APT learn new tricks? Turla’s TTPs are largely unchanged, but the group recently added a Python backdoor.

The post Tracking Turla: New backdoor delivered via Armenian watering holes appeared first on WeLiveSecurity

12 March 2020

You Are a Target

You may not realize it, but you are a target. Your computer, your work and personal accounts and your information are all highly valuable to cyber criminals. Be mindful that bad guys are out to get you.
12 March 2020

Crafty Web Skimming Domain Spoofs “https”

Earlier today, KrebsOnSecurity alerted the 10th largest food distributor in the United States that one of its Web sites had been hacked and retrofitted with code that steals credit card and login data. While such Web site card skimming attacks are not new, this intrusion leveraged a sneaky new domain that hides quite easily in a hacked site's source code: "http[.]ps" (the actual malicious domain does not include the brackets, which are there to keep readers from being able to click on it).
11 March 2020

Cyberspace Solarium Commission Slams US Cybersecurity Readiness

The federal commission outlined more than 60 recommendations to remedy major security problems.
11 March 2020

Ransomware Increasingly Targeting Small Governments

To get back up and running quickly, and because it's cheaper, city and county governments often pay the ransom, especially if insurance companies are footing the bill. The result: More ransomware.
11 March 2020

Microsoft Discloses New Remote Execution Flaw in SMBv3

A patch for the flaw is not yet available, but there are no known exploits -- so far.
11 March 2020

Flaws Riddle Zyxel’s Network Management Software

Flaws Riddle Zyxel’s Network Management Software Over 16 security flaws, including multiple backdoors and hardcoded SSH server keys, plague the software.
11 March 2020

Remote Assessments and the Coronavirus


Troy Leach, Senior Vice President, Engagement Officer, PCI SSC, discusses guidance for performing assessments in light of the recent coronavirus outbreak.

11 March 2020

COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?

A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.
11 March 2020

Avast disables JavaScript engine in its antivirus following major bug

Vulnerability would have allowed attackers to take over computers running the Avast antivirus.
11 March 2020

Phishing Attack Skirts Detection With YouTube

Phishing Attack Skirts Detection With YouTube Attackers are using YouTube redirect links, whitelisted by various security defense mechanisms, to evade detection.
11 March 2020

I Want to Work in Industrial IoT Security. What Lingo Do I Need to Know?

I Want to Work in Industrial IoT Security. What Lingo Do I Need to Know? Should you happen to be in a meeting with an ICS vendor, here are some terms you will need to know so as to not be laughed out of the room.
11 March 2020

How the Rise of IoT Is Changing the CISO Role

Prepare for the future by adopting a risk-based approach. Following these five steps can help.
11 March 2020

Gender Equality in Cybersecurity Could Drive Economic Boost

If the number of women in cybersecurity equaled the number of men, the US would see an economic gain up to $30.4 billion, research shows.
11 March 2020

Dutch government loses hard drives with data of 6.9 million registered donors

External hard drives stored all donor data from February 1998 to June 2010.
11 March 2020

Wormable, Unpatched Microsoft Bug Threatens Corporate LANs

Wormable, Unpatched Microsoft Bug Threatens Corporate LANs CVE-2020-0796 affects version 3.1.1 of Microsoft’s SMB file-sharing system and was not included in Patch Tuesday.
11 March 2020