Cybersecurity News
Guidance: How PCI DSS Requirements Apply to WFH Environments
PCI DSS requirements may apply to work-from-home (WFH) environments in different ways, depending on the entity’s business and security needs and how they have configured their infrastructure to support personnel working from home. Additionally, the job functions an individual is performing may also affect how PCI DSS applies—for example, whether an individual requires access to payment card account data or to the entity’s CDE, and the type of access required.
Have I gone too far in monitoring my children’s online activity? | Annalisa Barbieri
At this stage, being a parent is more about negotiation and trust, says Annalisa Barbieri. Sit down as a family and talk about it – make rules together
I have two children, aged nine and 11. We’ve always limited their tech but just before the pandemic, we bought them tablets to give them access to education, entertainment and their friends. Then I became concerned about their increasing use and placed more limits on screen time.
Full disclosure: I am a phone addict. So I introduced a rule where we all put our devices in a box when we aren’t using them (I break this rule most). During the last lockdown, we got my older child a phone. She had already asked for TikTok – her friends all had it, but I refused because it has all sorts of age-inappropriate stuff. However, that was how her friends communicated, so I allowed it as long as it was a private account on my device, so I could monitor it and her messages. She agreed to this reluctantly. I know I need to step back, but how do I do that without neglecting my duties as a parent?
Related: How can I help my 76-year-old mother date safely online?
Continue reading...7 Unconventional Pieces of Password Wisdom
Challenging common beliefs about best practices in password hygiene.
Week in security with Tony Anscombe
Telling state-backed hackers apart from cybercriminals – How to check if a website is safe – Gaming firms plagued by cyberattacks amid the pandemic
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Hackers Crack Pirated Games with Cryptojacking Malware
Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices.
Three Texan men jailed after using Grindr to find targets for theft, kidnap, assault
Prosecutors say the men abused the app to perform “bias-motivated violence.”Crackonosh malware abuses Windows Safe mode to quietly mine for cryptocurrency
The malware is thought to have generated millions of dollars in just a few short years.‘Pen tester’ FIN7 hacking group member lands seven-year prison term
The “high-level” member must also pay $2.5 million in damages.Spam Downpour Drips New IcedID Banking Trojan Variant
The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day.
74% of Q1 Malware Was Undetectable Via Signature-Based Tools
Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.D3FEND Framework Seeks to Lay Foundation for Cyber Defense
The MITRE project, funded by the National Security Agency, aims to create a foundation for analyzing and discussing cyber defenses and could shake up the vendor community.Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims
The infamous ransomware group hit two big-name companies within hours of each other.
Tulsa Officials Warn Ransomware Attackers Leaked City Files
The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.Preinstalled Firmware Updater Puts 128 Dell Models at Risk
A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.Request for Comments: PTS HSM Modular Security Requirements
From 24 June to 26 July 2021, PCI SSC stakeholders are invited to review and provide feedback on the draft PCI PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Security Requirements during a 30 day request for comments (RFC) period.
The RFC will be available to primary contacts through the PCI SSC portal, including instructions on how to access the document and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.
Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.
Boardroom Perspectives on Cybersecurity: What It Means for You
Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.Gaming industry under siege from cyberattacks during pandemic
Cyberattacks targeting the gaming industry skyrocket, with web attacks more than tripling year-on-year in 2020
The post Gaming industry under siege from cyberattacks during pandemic appeared first on WeLiveSecurity
Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising
Beware: The swindle uses legitimately purchased YouTube ads, real liquidity, legitimate DEX Uniswap, and the real wallet extension MetaMask to create an entirely convincing fake coin gambit.
Critical VMware Carbon Black Bug Allows Authentication Bypass
The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.