Cybersecurity News


MITRE Adds MacOS, More Data Types to ATT&CK Framework

Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.
30 April 2021

MITRE Adds MacOS, Linux, More Data Types to ATT&CK Framework

Version 9 of the popular threat matrix will improve support for a variety of platforms, including cloud infrastructure.
30 April 2021

WeSteal: A Cryptocurrency-Stealing Tool That Does Just That

WeSteal: A Cryptocurrency-Stealing Tool That Does Just That The developer of the WeSteal cryptocurrency stealer can’t be bothered with fancy talk: they say flat-out that it’s “the leading way to make money in 2021”.
30 April 2021

Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds

Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows.
30 April 2021

Is the SolarWinds Hack Really a Seismic Shift?

Is the SolarWinds Hack Really a Seismic Shift? Oliver Tavakoli, CTO of Vectra AI, discusses the massive supply-chain hack's legacy and ramifications for security professionals.
30 April 2021

Ghost Town Security: What Threats Lurk in Abandoned Offices?

Ghost Town Security: What Threats Lurk in Abandoned Offices? Millions of office buildings and campuses were rapidly abandoned during the pandemic. Now it's a year later - what happened in those office parks and downtown ghost towns? What security dangers lurk there now, waiting to ambush returning businesses?
30 April 2021

Week in security with Tony Anscombe

Governments as cyber-targets – FBI and Have I Been Pwned team up to notify Emotet victims – Mac users urged to plug a serious security hole

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

30 April 2021

The Ticking Time Bomb in Every Company's Code

Developers must weigh the benefits and risks of using third-party code in Web apps.
30 April 2021

7 Modern-Day Cybersecurity Realities

7 Modern-Day Cybersecurity Realities Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
30 April 2021

Microsoft Warns 25 Critical Vulnerabilities in IoT, Industrial Devices

Microsoft Warns 25 Critical Vulnerabilities in IoT, Industrial Devices Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.
30 April 2021

SAP admits to ‘thousands’ of illegal software exports to Iran

SAP says it accepts “full responsibility for past conduct.”
30 April 2021

WeSteal: A ‘shameless’ cryptocurrency stealer sold in the underground

The brazen developer doesn’t even try to hide their creation’s true purpose.
30 April 2021

ISC urges updates of DNS servers to wipe out new BIND vulnerabilities

The security flaws could lead to remote exploitation.
30 April 2021

XDR Pushing Endpoint Detection and Response Technologies to Extinction

Ironically, EDR's success has spawn demand for technology that extends beyond it.
29 April 2021

Babuk Ransomware Gang Mulls Retirement

Babuk Ransomware Gang Mulls Retirement The RaaS operators have been posting, tweaking and taking down a goodbye note, saying that they'll be open-sourcing their data encryption malware for other crooks to use.
29 April 2021

Researchers Connect Complex Specs to Software Vulnerabilities

Following their release of 70 different vulnerabilities in different implementations of TCP/IP stacks over the past year, two companies find a common link.
29 April 2021

F5 Big-IP Vulnerable to Security-Bypass Bug

F5 Big-IP Vulnerable to Security-Bypass Bug The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console.
29 April 2021

API Hole on Experian Partner Site Exposes Credit Scores

Student researcher is concerned security gap may exist on many other sites.
29 April 2021

New Terminal Software Module Introduced in PCI Secure Software Standard Version 1.1

 

Today, the PCI Security Standards Council (PCI SSC) published version 1.1 of the PCI Secure Software Standard and its supporting program documentation. The PCI Secure Software Standard is one of two standards that are part of the PCI Software Security Framework (SSF). The PCI Secure Software requirements provide assurance that payment software is designed, engineered, developed and maintained in a manner that protects payment transactions and data, minimizes vulnerabilities, and defends itself from attacks.

29 April 2021

'BadAlloc' Flaws Could Threaten IoT and OT Devices: Microsoft

More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.
29 April 2021