Cybersecurity News


Guidance: How PCI DSS Requirements Apply to WFH Environments

 

PCI DSS requirements may apply to work-from-home (WFH) environments in different ways, depending on the entity’s business and security needs and how they have configured their infrastructure to support personnel working from home. Additionally, the job functions an individual is performing may also affect how PCI DSS applies—for example, whether an individual requires access to payment card account data or to the entity’s CDE, and the type of access required.

25 June 2021

Have I gone too far in monitoring my children’s online activity? | Annalisa Barbieri

Have I gone too far in monitoring my children’s online activity? | Annalisa Barbieri

At this stage, being a parent is more about negotiation and trust, says Annalisa Barbieri. Sit down as a family and talk about it – make rules together

I have two children, aged nine and 11. We’ve always limited their tech but just before the pandemic, we bought them tablets to give them access to education, entertainment and their friends. Then I became concerned about their increasing use and placed more limits on screen time.

Full disclosure: I am a phone addict. So I introduced a rule where we all put our devices in a box when we aren’t using them (I break this rule most). During the last lockdown, we got my older child a phone. She had already asked for TikTok – her friends all had it, but I refused because it has all sorts of age-inappropriate stuff. However, that was how her friends communicated, so I allowed it as long as it was a private account on my device, so I could monitor it and her messages. She agreed to this reluctantly. I know I need to step back, but how do I do that without neglecting my duties as a parent?

Related: How can I help my 76-year-old mother date safely online?

Continue reading...
25 June 2021

7 Unconventional Pieces of Password Wisdom

7 Unconventional Pieces of Password Wisdom Challenging common beliefs about best practices in password hygiene.
25 June 2021

Week in security with Tony Anscombe

Telling state-backed hackers apart from cybercriminals – How to check if a website is safe – Gaming firms plagued by cyberattacks amid the pandemic

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

25 June 2021

Hackers Crack Pirated Games with Cryptojacking Malware

Hackers Crack Pirated Games with Cryptojacking Malware Threat actors have so far made about $2 million from Crackonosh, which secretly mines Monero cryptocurrency from affected devices.
25 June 2021

Three Texan men jailed after using Grindr to find targets for theft, kidnap, assault

Prosecutors say the men abused the app to perform “bias-motivated violence.”
25 June 2021

Crackonosh malware abuses Windows Safe mode to quietly mine for cryptocurrency

The malware is thought to have generated millions of dollars in just a few short years.
25 June 2021

‘Pen tester’ FIN7 hacking group member lands seven-year prison term

The “high-level” member must also pay $2.5 million in damages.
25 June 2021

Spam Downpour Drips New IcedID Banking Trojan Variant

Spam Downpour Drips New IcedID Banking Trojan Variant The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day.
24 June 2021

74% of Q1 Malware Was Undetectable Via Signature-Based Tools

Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.
24 June 2021

D3FEND Framework Seeks to Lay Foundation for Cyber Defense

The MITRE project, funded by the National Security Agency, aims to create a foundation for analyzing and discussing cyber defenses and could shake up the vendor community.
24 June 2021

Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims

Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims The infamous ransomware group hit two big-name companies within hours of each other.  
24 June 2021

Tulsa Officials Warn Ransomware Attackers Leaked City Files

The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.
24 June 2021

Preinstalled Firmware Updater Puts 128 Dell Models at Risk

A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.
24 June 2021

Request for Comments: PTS HSM Modular Security Requirements

 

From 24 June to 26 July 2021, PCI SSC stakeholders are invited to review and provide feedback on the draft PCI PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Security Requirements during a 30 day request for comments (RFC) period.

The RFC will be available to primary contacts through the PCI SSC portal, including instructions on how to access the document and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.

Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.

24 June 2021

Boardroom Perspectives on Cybersecurity: What It Means for You

Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.
24 June 2021

Gaming industry under siege from cyberattacks during pandemic

Cyberattacks targeting the gaming industry skyrocket, with web attacks more than tripling year-on-year in 2020

The post Gaming industry under siege from cyberattacks during pandemic appeared first on WeLiveSecurity

24 June 2021

Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising

Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising Beware: The swindle uses legitimately purchased YouTube ads, real liquidity, legitimate DEX Uniswap, and the real wallet extension MetaMask to create an entirely convincing fake coin gambit.
24 June 2021

Critical VMware Carbon Black Bug Allows Authentication Bypass

Critical VMware Carbon Black Bug Allows Authentication Bypass The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.
24 June 2021

Storms & Silver Linings: Avoiding the Dangers of Cloud Migration

We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?
24 June 2021