Cybersecurity News
How to Fine-Tune Vendor Risk Management in a Virtual World
Without on-site audits, many organizations lack their usual visibility to assess risk factors and validate contracts and SLA with providers.19 February 2021
Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
However, internal products and systems were not leveraged to attack others during the massive supply-chain incident, the tech giant said upon completion of its Solorigate investigation.
19 February 2021
Myanmar arrests 11 suspects for hacking government sites during protests
Hacktivists operated via a Facebook group and called themselves the "Myanmar Hackers."19 February 2021
Malaysia arrests 11 suspects for hacking government sites
A similar government website defacement campaign is also taking place this week in Myanmar, in support of the country's jailed elected leader.19 February 2021
Microsoft Concludes Internal Investigation into Solorigate Breach
The software giant found no evidence that attackers gained extensive access to services or customer data.18 February 2021
CrowdStrike Buys Log Management Startup Humio for $400M
CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.18 February 2021
Cybercriminal Enterprise ‘Ringleaders’ Stole $55M Via COVID-19 Fraud, Romance Scams
The Department of Justice (DoJ) cracked down on a Ghana-based cybercriminal enterprise behind a slew of romance scams, COVID-19 fraud attacks and business email compromise schemes since 2013.
18 February 2021
Apple Outlines 2021 Security, Privacy Roadmap
Latest Apple Platform Security update folds iOS, macOS and hardware into security 2021 roadmap.
18 February 2021
Apple Offers Closer Look at Its Platform Security Technologies, Features
In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.18 February 2021
Kia Motors Hit With $20M Ransomware Attack – Report
So far, Kia Motors America has publicly acknowledged an “extended system outage,” but ransomware gang DoppelPaymer claimed it has locked down the company’s files in a cyberattack that includes a $20 million ransom demand. That $20 million will gain Kia a decryptor and a guarantee to not to publish sensitive data bits on the gang’s […]
18 February 2021
Microsoft Azure Front Door Gets a Security Upgrade
New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.18 February 2021
PCI Secure SLC Program Expands Vendor Eligibility with Version 1.1
Today, the PCI Security Standards Council (PCI SSC) published version 1.1 of the PCI Secure Software Lifecycle (SLC) Standard and its supporting program documentation. The PCI Secure SLC Standard is one of two standards that are part of the PCI Software Security Framework (SSF). It provides security requirements and assessment procedures for software vendors to integrate into their software development lifecycles and to validate that secure lifecycle management practices are in place.
18 February 2021
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.18 February 2021
Exploit Details Emerge for Unpatched Microsoft Bug
A malicious website or malicious ad can trigger an exploit for the IE zero-day bug, opening the door for data theft and code execution, new analysis notes.
18 February 2021
Microsoft says SolarWinds hackers downloaded some Azure, Exchange, and Intune source code
Microsoft says it has completed its investigation into its SolarWinds-related breach.18 February 2021
Malware authors already taking aim at Apple M1 Macs
The first instance of malicious code native to Apple Silicon M1 Macs emerged a month after the release of devices equipped with the company’s in-house CPUs
The post Malware authors already taking aim at Apple M1 Macs appeared first on WeLiveSecurity
18 February 2021
Data security accountability in an age of regular breaches
As the number of vendors impacted by supply-chain breaches grows, one constant question remains: where exactly does accountability for data security lie, and what part do end users play in their own data breach protection?18 February 2021
RIPE NCC discloses failed brute-force attack on its SSO service
RIPE NCC, which manages the IP address space for the EMEA region, is now asking its 20,000 member orgs to enable 2FA for their accounts.18 February 2021
How to Run a Successful Penetration Test
These seven tips will help ensure a penetration test improves your organization's overall security posture.
18 February 2021
How to Run a Successful Penetration Test
These seven tips will help ensure a penetration test improves your organization's overall security posture.
18 February 2021