Cybersecurity News


Is Compliance-Only Security Giving Cybercriminals Your Security Playbook?

Compliance-only security strategies aren't working. CISOs should squarely focus on being secure while achieving compliance.
30 June 2021

9 Hot Trends in Cybersecurity Mergers & Acquisitions

9 Hot Trends in Cybersecurity Mergers & Acquisitions Security experts share their observations of the past year in cybersecurity M&A, highlighting key trends and notable deals.
30 June 2021

Feds Told to Better Manage Facial Recognition, Amid Privacy Concerns

Feds Told to Better Manage Facial Recognition, Amid Privacy Concerns A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect people’s privacy and avoid inaccurate identification
30 June 2021

Common Facebook scams and how to avoid them

Are you on Facebook? So are scammers. Here are some of the most common con jobs on Facebook you should watch out for and how you can tell if you’re being scammed.

The post Common Facebook scams and how to avoid them appeared first on WeLiveSecurity

30 June 2021

Google Updates Vulnerability Data Format to Support Automation

The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.
29 June 2021

Ransomware Losses Drive Up Cyber-Insurance Costs

Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.
29 June 2021

Users Clueless About Cybersecurity Risks: Study

Users Clueless About Cybersecurity Risks: Study The return to offices, coupled with uninformed users (including IT pros) has teed up an unprecedented risk of enterprise attack.
29 June 2021

CISA Publishes Catalog of Poor Security Practices

Organizations often focus on promoting best practices, CISA says, but stopping poor security practices is equally important.
29 June 2021

Survey Data Reveals Gap in Americans' Security Awareness

Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.
29 June 2021

Technology's Complexity and Opacity Threaten Critical Infrastructure Security

Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.
29 June 2021

Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks

Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.
29 June 2021

Data for 700 million LinkedIn users up for grabs on hacker forum

Information scraped from LinkedIn user profiles includes full names, gender, email addresses and phone numbers

The post Data for 700 million LinkedIn users up for grabs on hacker forum appeared first on WeLiveSecurity

29 June 2021

For UK foreign secretary, simply having a mobile represents a security risk – analysis

For UK foreign secretary, simply having a mobile represents a security risk – analysis

Analysis: UK prides itself on GCHQ’s cyber capability – so availability of Raab’s number will have been embarrassing for him

Finding Dominic Raab’s mobile phone online is more than just embarrassing for the foreign secretary: it also represents a security risk, just as when it emerged Boris Johnson’s number could be easily found online in April.

Sophisticated spyware technology – of the type available to a rapidly growing number of governments outside the west – can, in some circumstances, be secretly inserted into a person’s phone without any interaction from the target.

Related: Dominic Raab’s mobile number freely available online for last decade

Related: Dominic Raab bodyguard suspended after gun reportedly left on plane

Continue reading...
29 June 2021

Dominic Raab’s mobile number freely available online for last decade

Dominic Raab’s mobile number freely available online for last decade

Exclusive: Finding raises questions for security services weeks after similar revelations about PM’s number

The private mobile number of Dominic Raab, the UK foreign secretary, has been online for at least 11 years, raising questions for the security services weeks after the prime minister’s number was also revealed to be accessible to anyone.

Raab’s number was discovered by a Guardian reader using a Google search. It appears to have been online since before he became an MP in 2010, and remained after he became foreign secretary and first secretary of state – de facto deputy prime minister – in 2019.

Related: For UK foreign secretary, simply having a mobile represents a security risk

Continue reading...
29 June 2021

3 Ways Cybercriminals Are Undermining MFA

Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.
29 June 2021

IBM Kestrel threat hunting language granted to Open Cybersecurity Alliance

The contribution is aimed at giving cybersecurity experts more time to conduct forensic activities.
29 June 2021

Details of RCE Bug in Adobe Experience Manager Revealed

Details of RCE Bug in Adobe Experience Manager Revealed Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayStation – were released.
29 June 2021

New ransomware highlights widespread adoption of Golang language by cyberattackers

The latest version of Go is being used to prevent reverse-engineering attempts.
29 June 2021

Cobalt Strike Usage Explodes Among Cybercrooks

Cobalt Strike Usage Explodes Among Cybercrooks The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.”
29 June 2021

Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground

Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications.
28 June 2021