Cybersecurity News


4 Habits of Highly Effective Security Operators

These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small.
18 June 2021

Insider Versus Outsider: Navigating Top Data Loss Threats

Insider Versus Outsider: Navigating Top Data Loss Threats Troy Gill, manager of security research at Zix, discusses the most common ways sensitive data is scooped up by nefarious sorts.
18 June 2021

‘Oddball’ Malware Blocks Access to Pirated Software

‘Oddball’ Malware Blocks Access to Pirated Software Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads.
18 June 2021

First American Financial Pays Farcical $500K Fine

In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents -- many containing sensitive financial data -- related to real estate transactions dating back more than 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000.
18 June 2021

Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors

Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target.
18 June 2021

A deep dive into the operations of the LockBit ransomware group

Most victims are from the enterprise and are expected to pay an average ransom of $85,000.
18 June 2021

5 essential things to do before ransomware strikes

By failing to prepare you are preparing to fail – here’s what you can do today to minimize the impact of a potential ransomware attack in the future

The post 5 essential things to do before ransomware strikes appeared first on WeLiveSecurity

18 June 2021

Dark Web

The Dark Web is a network of systems connected to the Internet designed to share information securely and anonymously. These capabilities are abused by cyber criminals to enable their activities, for example selling hacking tools or purchasing stolen information such as credit card data. Be aware that your information could be floating around the Dark Web, making it easier for cyber criminals to create custom attacks targeting you..
18 June 2021

Data Breaches Surge in Food & Beverage, Other Industries

Six previously "under-attacked" vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors, new data shows.
17 June 2021

One in Five Manufacturing Firms Targeted by Cyberattacks

Information-stealing malware makes up about a third of attacks, a study finds, but companies worry most about ransomware shutting down production.
17 June 2021

Carnival Cruise Line Reports Security Breach

The cruise ship operator says the incident affected employee and guest data.
17 June 2021

Google Launches SLSA, A New Framework for Supply Chain Integrity

The 'Supply chain Levels for Software Artifacts' aims to ensure the integrity of components throughout the software supply chain.
17 June 2021

Clop Raid: A Big Win in the War on Ransomware?

Clop Raid: A Big Win in the War on Ransomware? Cops arrest six, seize cars and cash in splashy raid, and experts are applauding.
17 June 2021

Cisco Smart Switches Riddled with Severe Security Holes

Cisco Smart Switches Riddled with Severe Security Holes The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.
17 June 2021

Updated PCI DSS v4.0 Timeline

 

To follow up on an earlier communication, PCI SSC is now targeting a Q1 2022 publication date for PCI DSS v4.0. This timeline supports the inclusion of an additional request for comments (RFC) for the community to provide feedback on the PCI DSS v4.0 draft validation documents.

17 June 2021

Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes

Geek Squad Vishing Attack Bypasses Email Security to Hit 25K Mailboxes An email campaign asking victims to call a bogus number to suspend supposedly fraudulent subscriptions got right past Microsoft's native email controls.
17 June 2021

Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?

Consider four factors and behaviors that impact a particular employee's risk, and how security training should take them into account.
17 June 2021

CVS Health Records for 1.1 Billion Customers Exposed

CVS Health Records for 1.1 Billion Customers Exposed A vendor exposed the records, which were accessible with no password or other authentication, likely because of a cloud-storage misconfiguration.
17 June 2021

Most health apps engage in unhealthy data‑harvesting habits

Most medical and fitness apps in Google Play have tracking capabilities enabled and their data collection practices aren’t transparent

The post Most health apps engage in unhealthy data‑harvesting habits appeared first on WeLiveSecurity

17 June 2021

Mission Critical: What Really Matters in a Cybersecurity Incident

The things you do before and during a cybersecurity incident can make or break the success of your response.
17 June 2021