Cybersecurity News
The Gig Economy Creates Novel Data-Security Risks

Just published: SPoC Unsupported Operating Systems Annex
The PCI Security Standards Council (PCI SSC) has published a new, optional, Software-based PIN Entry on COTS (SPoC)™ Annex for Unsupported Operating Systems (“Unsupported OS Annex”) version 1.0. The purpose of this Annex is to provide additional security and testing requirements to allow solution providers to develop SPoC solutions that merchants can use on commercial off-the-shelf (COTS) devices with unsupported operating systems. The Unsupported OS Annex incorporates stakeholder feedback and comments received via a formal request for comment (RFC) period.
In this post we talk with PCI SSC SVP and Standards Officer Emma Sutcliffe about the new Annex.
Android 12 will give you more control over how much data you share with apps
An all-new privacy dashboard and better location, microphone and camera controls are all aimed at curbing apps’ data-slurping habits
The post Android 12 will give you more control over how much data you share with apps appeared first on WeLiveSecurity
3 Ways Anti-Vaxxers Will Undercut Security With Misinformation
Misinformation campaigns thrive on inequality of knowledge, which bad actors use to drive a wedge between communities.Four Android Bugs Being Exploited in the Wild

2021 Attacker Dwell Time Trends and Best Defenses

How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World
A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.Fraudsters employ Amazon ‘vishing’ attacks in fake order scams
Case studies highlight how scam artists are using voice messages to dupe their victims into handing over credentials or cash.Apple Exec Calls Level of Mac Malware ‘Unacceptable’

Android apps exposed data of millions of users through cloud authentication failures
Malicious apps are not the only security problem on our handsets: misconfiguration can also put us at risk.Colonial Pipeline CEO: Paying DarkSide ransom was the ‘right thing to do for the country’
The chief executive has confirmed the payment of a $4.4 million ransom.Unique Passwords
Make sure each of your accounts has a separate, unique password. Can't remember all of your passwords/passphrases? Consider using a password manager to securely store all of them for you.Cobalt Strike Becomes a Preferred Hacking Tool by Cybercrime, APT Groups
Incident response cases and research show how the red-team tool has become a become a go-to for attackers.SolarWinds CEO: Attack Began Much Earlier Than Previously Thought
Investigation shows threat actors began probing SolarWinds' network in January 2019, according to Sudhakar Ramakrishna.Google Chrome Makes It Easier to Update Compromised Passwords
A new capability will use Google's Duplex technology to alert people when their passwords are compromised and help change them.Can Nanotech Secure IoT Devices From the Inside-Out?

Attackers Took 5 Minutes to Start Scanning for Exchange Server Flaws
Research underscores the acceleration of attack activity and points to a growing concern that defenders can't keep pace.Microsoft, Google Clouds Hijacked for Gobs of Phishing
