Cybersecurity News


Malicious Docker Cryptomining Images Rack Up 20M Downloads

Malicious Docker Cryptomining Images Rack Up 20M Downloads Publicly available cloud images are spreading Monero-mining malware to unsuspecting cloud developers.
30 March 2021

White Ops Renames Company 'Human'

The company first confirmed plans to change its name in October 2020.
30 March 2021

Reduced Certification Requirements for PA-QSA Secure Software Assessor Candidates until 30 June 2021


When the Payment Application Data Security Standard (PA-DSS) v3.2 closes on 28 October 2022, it will be superseded by the Secure Software Standard and Program, which is part of the PCI Software Security Framework (SSF).

30 March 2021

Whistleblower: Ubiquiti Breach “Catastrophic”

On Jan. 11, Ubiquiti Inc. [NYSE:UI] — a major vendor of cloud-enabled Internet of Things (IoT) devices such as routers, network video recorders and security cameras — disclosed that a breach involving a third-party cloud provider had exposed customer account credentials. Now a source who participated in the incident response to that breach alleges Ubiquiti massively downplayed a “catastrophic” incident to minimize the hit to its stock price, and that the third-party cloud provider claim was a fabrication.
30 March 2021

What You Need to Know -- or Remember -- About Web Shells

What You Need to Know -- or Remember -- About Web Shells What's old is new again as Web shell malware becomes the latest attack vector in widespread Exchange exploits. Here's a primer on what Web shells are and what they do.
30 March 2021

Watch Out for These Cyber-Risks

It's difficult to predict what will materialize in the months ahead in terms of cyber-risks, which is why it's wise to review your organization's security posture now.
30 March 2021

What You Need to Know -- or Remember -- About Web Shells

What You Need to Know -- or Remember -- About Web Shells What's old is new again as Web shell malware becomes the latest attack vector in widespread Exchange exploits. Here's a primer on what Web shells are and what they do.
30 March 2021

SolarWinds Attackers Accessed DHS Emails, Report

SolarWinds Attackers Accessed DHS Emails, Report Current and former administration sources say the nation-state attackers were able to read the Homeland Security Secretary's emails, among others.
30 March 2021

Ghost Users Haunt Healthcare Firms

Data security hygiene severely lacking among healthcare firms, new research shows.
30 March 2021

Backdoor added to PHP source code in Git server breach

Had the incident gone unnoticed, the attackers could have taken over websites using the tainted code

The post Backdoor added to PHP source code in Git server breach appeared first on WeLiveSecurity

30 March 2021

Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain

Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain The Cyber Kill Chain and MITRE ATT&CK are popular reference frameworks to analyze breaches, but amid the rise of XDR, we may need a new one.
30 March 2021

In the Rush to Embrace Hybrid Cloud, Don't Forget About Security

Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
30 March 2021

Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website

Intel Sued Under Wiretapping Laws for Tracking User Activity on its Website A class-action suit in Florida accuses the tech giant of unlawfully intercepting communications by using session-replay software to capture the interaction of people visiting the corporate homepage Intel.com.
30 March 2021

Department of Homeland Security email accounts exposed in SolarWinds hack

Reports suggest Russian threat groups accessed DHS emails during the SolarWinds fiasco.
30 March 2021

Panasonic, McAfee team up to tackle vehicle cybersecurity

Early response tech for physical attacks and cyber intrusions is on the list for development.
30 March 2021

Ransomware group targets Universities of Maryland, California in new data leaks

This follows similar extortion attempts impacting two other US universities this month.
30 March 2021

Manufacturing Firms Learn Cybersecurity the Hard Way

Although 61% of smart factories have experienced a cybersecurity incident, IT groups and operational technology groups still don't collaborate enough on security.
29 March 2021

Pair of Apex Legends Players Banned for DDoS Server Attacks

Pair of Apex Legends Players Banned for DDoS Server Attacks Predator-ranked players on Xbox console game version rigged matches with DDoS attacks.
29 March 2021

Attackers Target PHP Git Server to Backdoor Source Code

The PHP maintainers have decided to make GitHub the official source for PHP repositories going forward.
29 March 2021

SolarWinds Hackers Accessed DHS Chief's Email

Several high-level government accounts were also breached in the attack.
29 March 2021