Cybersecurity News
Ragnar Locker Gang Warns Victims Not to Call the FBI
Investigators/the FBI/ransomware negotiators just screw everything up, the ransomware gang said, threatening to publish files if victims look for help.
Netgear Smart Switches Open to Complete Takeover
The Demon's Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks.
Back-to-Basics: Choose Trusted Partners
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on choosing trusted partners.
Jenkins Hit as Atlassian Confluence Cyberattacks Widen
Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed.
ProtonMail Forced to Log IP Address of French Activist
The privacy-touting, end-to-end encrypted email provider erased its site's “we don’t log your IP” boast after France sicced Swiss cops on it.
ProtonMail forced to log user’s IP address after an order from Swiss authorities
Following the incident the company has updated its website and privacy policy to clarify its legal obligations to its userbase
The post ProtonMail forced to log user’s IP address after an order from Swiss authorities appeared first on WeLiveSecurity
Authorities Arrest Another TrickBot Gang Member in South Korea
A hacker known only as “Mr. A” was picked up by authorities at a South Korean airport after getting stuck in the country due to COVID-19 travel restrictions.
BladeHawk group: Android espionage against Kurdish ethnic group
ESET researchers have investigated a targeted mobile espionage campaign against the Kurdish ethnic group, and that has been active since at least March 2020.
The post BladeHawk group: Android espionage against Kurdish ethnic group appeared first on WeLiveSecurity
Holy Grail of Security: Answers to ‘Did XYZ Work?’ – Podcast
Verizon DBIR is already funny, useful & well-written, and it just got better with mapping to MITRE ATT&CK TTPs. The marriage could finally bring answers to "What are we doing right?" instead of the constant reminders of what's not working in fending off threats.
“FudCo” Spam Empire Tied to Pakistani Software Firm
In May 2015, KrebsOnSecurity briefly profiled "The Manipulaters," the name chosen by a prolific cybercrime group based in Pakistan that was very publicly selling spam tools and a range of services for crafting, hosting and deploying malicious email. Six years later, a review of the social media postings from this group shows they are prospering, while rather poorly hiding their activities behind a software development firm in Lahore that has secretly enabled an entire generation of spammers and scammers.Human Fraud: Detecting Them Before They Detect You
Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack.
IoT Attacks Skyrocket, Doubling in 6 Months
The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.
This is the perfect ransomware victim, according to cybercriminals
An investigation into what ransomware groups want has painted the picture of the perfect target.Apple slams the brakes on plans to scan user images for child abuse content
Backlash stemming from privacy concerns has delayed the rollout.The State of Incident Response: Measuring Risk and Evaluating Your Preparedness
Grant Oviatt, director of incident-response engagements at Red Canary, provides advice and best practices on how to get there faster.
FIN7 Capitalizes on Windows 11 Release in Latest Gambit
The financially motivated group looked to steal payment-card data from a California-based point-of-sale service provider.
Week in security with Tony Anscombe
Vaccination passports - what you need to know. A guide to kids' smartphone security. CISA lists single-factor authentication as bad practice.
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Brute-Force Attacks Target Inboxes for Gift Card Data
Cybercriminal enterprise is mass testing millions of usernames and passwords per day in a hunt for loyalty card data.
FTC orders SpyFone to delete all of its surveillance data
The watchdog alleges the app "helped stalkers steal private information."A parent’s guide to smartphone security
Smartphones are kids’ trusty companions both in- and outside the classroom, and as they return to their desks, we’ve prepared some handy tips on how to keep their devices secure.
The post A parent’s guide to smartphone security appeared first on WeLiveSecurity