Cybersecurity News
3 SASE Misconceptions to Consider
SASE is all the rage, promising things IT leaders have long dreamed about, but a purist approach may create consequences.31 May 2021
On the Taxonomy and Evolution of Ransomware
Not all ransomware is the same! Oliver Tavakoli, CTO at Vectra AI, discusses the different species of this growing scourge.31 May 2021
Don’t feed the trolls and other tips for avoiding online drama
You may not be able to escape internet trolls, but you have a choice about how you will deal with them – here’s how you can handle trolls without losing your cool
The post Don’t feed the trolls and other tips for avoiding online drama appeared first on WeLiveSecurity
31 May 2021
Careers in Cybersecurity
Have you considered a career in cybersecurity? It is a fast-paced, highly dynamic field with a huge number of specialties to choose from, including forensics, endpoint security, critical infrastructure, incident response, secure coding, and awareness and training. In addition, a career in cybersecurity allows you to work almost anywhere in the world, with amazing benefits and an opportunity to make a real difference. However, the most exciting thing is you do NOT need a technical background, anyone can get started.31 May 2021
Using Fake Reviews to Find Dangerous Extensions
Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here's the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.29 May 2021
Chinese APT Groups Continue to Pound Away on Pulse Secure VPNs
Security vendor says it has observed threat groups using a set of 16 tools specifically designed to attack Pulse Secure devices since April 2020.28 May 2021
Hackers Exploit Post-COVID Return to Offices
Spoofed CIO ‘pandemic guideline’ emails being used to steal credentials.28 May 2021
Chart: Cloud Concerns
As more organizations make their way to the cloud, their eyes are wide open to the associated cybersecurity risks that tag along for the ride.28 May 2021
Modern SOCs a 'Painful' Challenge Amid Growing Complexity: Report
A new study examines the tools and technologies driving investment and activities for security operations centers.28 May 2021
SolarWinds Attackers Impersonate USAID in Advanced Email Campaign
Microsoft shares the details of a wide-scale malicious email campaign attributed to Nobelium, the group linked to the SolarWinds supply chain attack.28 May 2021
A Wrench and a Screwdriver: Critical Infrastructure's Last, Best Lines of Defense?
Critical infrastructure's cybersecurity problems are complex, deep-rooted, and daunting. Addressing them won't be easy...but it isn't impossible.28 May 2021
HPE Fixes Critical Zero-Day in Server Management Software
The bug in HPE SIM makes it easy as pie for attackers to remotely trigger code, no user interaction necessary.28 May 2021
Siemens Patches Major PLC Flaw that Bypasses Its 'Sandbox' Protection
Researchers from Claroty today detailed the memory vuln they discovered in Siemens SIMATIC S7-1200 and S7-1500 PLCs.28 May 2021
Week in security with Tony Anscombe
You, too, may be vulnerable to SIM swap attacks – How to defend yourself against rom-cons – Zero day in macOS allowed malware to take secret screenshots
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
28 May 2021
Boss of ATM Skimming Syndicate Arrested in Mexico
Florian "The Shark" Tudor, the alleged ringleader of a prolific ATM skimming gang that has stolen hundreds of millions from tourists visiting Mexico over the past eight years, was arrested in Mexico City on Thursday in response to an extradition warrant from a Romanian court.28 May 2021
Plug-ins for Code Editors Pose Developer-Security Threat
There are two critical vulnerabilities in plug-ins for the popular Visual Studio Code editor, now patched, but security firm Snyk warns that popular plug-ins could put development environments in jeopardy.28 May 2021
Most Mobile Apps Can Be Compromised in 15 Minutes or Less
In the name of releasing apps quickly and delivering a smooth user experience, mobile app security is often given short shrift.28 May 2021
Nobelium Phishing Campaign Poses as USAID
Microsoft uncovered the SolarWinds crooks using mass-mail service Constant Contact and posing as a U.S.-based development organization to deliver malicious URLs to more than 150 organizations.28 May 2021
Building Multilayered Security for Modern Threats
Justin Jett, director of audit and compliance for Plixer, discusses the elements of a successful advanced security posture.28 May 2021
Researchers find four new malware tools created to exploit Pulse Secure VPN appliances
There are now at least 16 malware families designed to compromise Pulse Secure VPN products.28 May 2021