Cybersecurity News


Cisco ASA Bug Now Actively Exploited as PoC Drops

Cisco ASA Bug Now Actively Exploited as PoC Drops In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.
25 June 2021

My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks

My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks “I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There's an exploit.
25 June 2021

School's Out for Summer, but Don't Close the Book on Cybersecurity Training

Strengthening their security posture should be at the top of school IT departments' summer to-do list.
25 June 2021

High-Level FIN7 Member Sentenced to 7 Years in Prison

Andrii Kolpakov, who served as a high-level pentester for the criminal group, was also ordered to pay $2.5 million in restitution.
25 June 2021

Guidance: How PCI DSS Requirements Apply to WFH Environments

 

PCI DSS requirements may apply to work-from-home (WFH) environments in different ways, depending on the entity’s business and security needs and how they have configured their infrastructure to support personnel working from home. Additionally, the job functions an individual is performing may also affect how PCI DSS applies—for example, whether an individual requires access to payment card account data or to the entity’s CDE, and the type of access required.

25 June 2021

Have I gone too far in monitoring my children’s online activity? | Annalisa Barbieri

Have I gone too far in monitoring my children’s online activity? | Annalisa Barbieri

At this stage, being a parent is more about negotiation and trust, says Annalisa Barbieri. Sit down as a family and talk about it – make rules together

I have two children, aged nine and 11. We’ve always limited their tech but just before the pandemic, we bought them tablets to give them access to education, entertainment and their friends. Then I became concerned about their increasing use and placed more limits on screen time.

Full disclosure: I am a phone addict. So I introduced a rule where we all put our devices in a box when we aren’t using them (I break this rule most). During the last lockdown, we got my older child a phone. She had already asked for TikTok – her friends all had it, but I refused because it has all sorts of age-inappropriate stuff. However, that was how her friends communicated, so I allowed it as long as it was a private account on my device, so I could monitor it and her messages. She agreed to this reluctantly. I know I need to step back, but how do I do that without neglecting my duties as a parent?

Related: How can I help my 76-year-old mother date safely online?

Continue reading...
25 June 2021

7 Unconventional Pieces of Password Wisdom

7 Unconventional Pieces of Password Wisdom Challenging common beliefs about best practices in password hygiene.
25 June 2021

Week in security with Tony Anscombe

Telling state-backed hackers apart from cybercriminals – How to check if a website is safe – Gaming firms plagued by cyberattacks amid the pandemic

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

25 June 2021

Hackers Crack Pirated Games with Cryptojacking Malware

Hackers Crack Pirated Games with Cryptojacking Malware Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices.
25 June 2021

Three Texan men jailed after using Grindr to find targets for theft, kidnap, assault

Prosecutors say the men abused the app to perform “bias-motivated violence.”
25 June 2021

Crackonosh malware abuses Windows Safe mode to quietly mine for cryptocurrency

The malware is thought to have generated millions of dollars in just a few short years.
25 June 2021

‘Pen tester’ FIN7 hacking group member lands seven-year prison term

The “high-level” member must also pay $2.5 million in damages.
25 June 2021

Spam Downpour Drips New IcedID Banking Trojan Variant

Spam Downpour Drips New IcedID Banking Trojan Variant The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day.
24 June 2021

74% of Q1 Malware Was Undetectable Via Signature-Based Tools

Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.
24 June 2021

D3FEND Framework Seeks to Lay Foundation for Cyber Defense

The MITRE project, funded by the National Security Agency, aims to create a foundation for analyzing and discussing cyber defenses and could shake up the vendor community.
24 June 2021

Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims

Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims The infamous ransomware group hit two big-name companies within hours of each other.  
24 June 2021

Tulsa Officials Warn Ransomware Attackers Leaked City Files

The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.
24 June 2021

Preinstalled Firmware Updater Puts 128 Dell Models at Risk

A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.
24 June 2021

Request for Comments: PTS HSM Modular Security Requirements

 

From 24 June to 26 July 2021, PCI SSC stakeholders are invited to review and provide feedback on the draft PCI PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Security Requirements during a 30 day request for comments (RFC) period.

The RFC will be available to primary contacts through the PCI SSC portal, including instructions on how to access the document and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.

Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.

24 June 2021

Boardroom Perspectives on Cybersecurity: What It Means for You

Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.
24 June 2021