Cybersecurity News
How Ransomware Encourages Opportunists to Become Criminals
And what's needed to stop it: Better information sharing among private organizations and with law enforcement agencies.Bug Exposes Eufy Camera Private Feeds to Random Users
Customers panic and question parent company Anker’s security and privacy practices after learning their home videos could be accessed and even controlled by strangers due to a server-upgrade glitch.
Bizarro banking Trojan surges across Europe
Operators have so far targeted customers of at least 70 banks across Europe and South America.Amazon extends ban on police using Rekognition facial recognition technology, no end in sight
The existing moratorium will continue as Congress has not tackled concerns raised by the use of the technology in criminal cases.Cybercriminals scanned for vulnerable Microsoft Exchange servers within five minutes of news going public
Research suggests the cheap hire of cloud services has allowed cyberattackers to quickly pick out targets.Colonial Pipeline attack: Hacking the physical world
The attack is a reminder of growing cyberthreats to critical infrastructure while also showing why providers of essential services are ripe targets for cybercriminals
The post Colonial Pipeline attack: Hacking the physical world appeared first on WeLiveSecurity
This is how the Cobalt Strike penetration testing tool is being abused by cybercriminals
Cobalt Strike is a popular tool with cybersecurity professionals. Unfortunately, it’s also utilized by threat actors.How to Get Employees to Care About Security
Want to a security awareness program that sticks? Make it fun and personal -- and offer free lunch.
How Attackers Weigh the Pros and Cons of BEC Techniques
Security researchers discuss attackers' evolving methodologies in business email compromise and phishing campaigns.Scammers Pose as Meal-Kit Services to Steal Customer Data
Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh.
Request for Comments: P2PE v3.1 Draft Standard
P2PE Assessors and Participating Organizations are invited to provide feedback on the draft P2PE v3.1 Standard minor revision during a 30-day request for comments (RFC) period running from 18 May through 17 June 2021. This minor revision primarily includes updates to Domain 5 to align with the updates, as applicable, from the PCI PIN v3.1 Standard minor revision published in March 2021. Additional errata updates are also included.
Stalkerware Apps Riddled with Security Bugs
Attackers can take advantage of the fact these apps access, gather, store and transmit more information than any other app their victims have installed.
Splunk to Acquire TruStar for Data Management
Splunk said it will integrate TruStar's data-sharing capabilities into its Data-to-Everything platform following the acquisition.FBI's IC3 Logs 1M Complaints in 14 Months
The FBI's IC3 reportsCOVID-related scams and an increase in online retail may be behind the upswing in complaints.Why Anti-Phishing Training Isn't Enough
Not only is relying on employees' awareness insufficient to prevent sophisticated social engineering attacks, some training methods can create other problems.Scams target families of missing persons, FBI warns
Con artists use social media to find and target victims for various nefarious ends, including to extort relatives of missing persons
The post Scams target families of missing persons, FBI warns appeared first on WeLiveSecurity
Antivirus software, explained
Antivirus software isn’t enough to protect our devices and accounts any longer, but it still provides a key layer of defense.Best 11 Quotes From Cryptographers' Panel
Cryptographers at an RSA Conference panel aren't worried about adversarial quantum cryptography. Machine learning, though, causes pressing practical issues.
It’s Time to Prepare for a Rise in Insider Threats
Anurag Kahol, CTO at Bitglass, discusses options for detecting malicious or dangerous activity from within an organization.
Unsuccessful Conti Ransomware Attack Still Packs Costly Punch
Separate attacks last week on the country’s Department of Health and Health Service Executive forced the shutdown of networks and services that still haven’t been fully restored.