Cybersecurity News


Email Campaign Spreads StrRAT Fake-Ransomware RAT

Email Campaign Spreads StrRAT Fake-Ransomware RAT Microsoft Security discovered malicious PDFs that download Java-based StrRAT, which can steal credentials and change file names but doesn't actually encrypt.
21 May 2021

Irish court issues injunction against Conti hackers to stop health service data exposure, sale

The group has warned that the data will be leaked or sold if a $20 million ransom demand is not met.
21 May 2021

US insurance giant CNA Financial paid $40 million ransom to regain control of systems: report

CNA Financial reportedly paid up a few weeks after the attack in March.
21 May 2021

Dev-Sec Disconnect Undermines Secure Coding Efforts

Rather than continue to complain about each other, developers and security pros need to work together and celebrate their successes.
20 May 2021

Lack of Skills, Maturity Hamper Threat Hunting at Many Organizations

When implemented correctly, threat hunting can help organizations stay head of threats, researcher says at RSA Conference.
20 May 2021

Don't Let Scary Headlines Shape Your Company's Cyber-Resilience Strategy

Don't Let Scary Headlines Shape Your Company's Cyber-Resilience Strategy Resilience planning should be based on data and backed by technology, cybersecurity pros agreed at this week's RSA Conference.
20 May 2021

Maricopa County CISO: Online Misinformation/Disinformation in 2020 Election a 'Gamechanger

Custom playbooks played a key role in the Arizona election jurisdiction's security strategy.
20 May 2021

100M Android Users Hit By Rampant Cloud Leaks

100M Android Users Hit By Rampant Cloud Leaks Several mobile apps, some with 10 million downloads, have opened up personal data of users to the public internet – and most aren't fixed.
20 May 2021

100M Users' Data Exposed via Third-Party Cloud Misconfigurations

Researchers who examined 23 Android apps report developers potentially exposed the data of more than 100 million people.
20 May 2021

Security Providers Describe New Solutions (& Growing Threats) at RSAC

SPONSORED CONTENT: Watch now -- Leading security companies meet Dark Reading in the RSA Conference Broadcast Alley to talk about tackling insider threat, SOC complexity, cyber resilience, mobile security, attacker evasion, supply chain threats, ransomware, and more.
20 May 2021

Cost Savings, Better Security Drive Adoption of Emerging Technologies

However, senior technology managers express concerns about whether their current infrastructure can properly safeguard them.
20 May 2021

The Gig Economy Creates Novel Data-Security Risks

The Gig Economy Creates Novel Data-Security Risks Enterprises are embracing on-demand freelance help -- but the practice, while growing, opens up entirely new avenues of cyber-risk.
20 May 2021

Just published: SPoC Unsupported Operating Systems Annex

 

The PCI Security Standards Council (PCI SSC) has published a new, optional, Software-based PIN Entry on COTS (SPoC)™ Annex for Unsupported Operating Systems (“Unsupported OS Annex”) version 1.0. The purpose of this Annex is to provide additional security and testing requirements to allow solution providers to develop SPoC solutions that merchants can use on commercial off-the-shelf (COTS) devices with unsupported operating systems. The Unsupported OS Annex incorporates stakeholder feedback and comments received via a formal request for comment (RFC) period.

In this post we talk with PCI SSC SVP and Standards Officer Emma Sutcliffe about the new Annex.

20 May 2021

Android 12 will give you more control over how much data you share with apps

An all-new privacy dashboard and better location, microphone and camera controls are all aimed at curbing apps’ data-slurping habits

The post Android 12 will give you more control over how much data you share with apps appeared first on WeLiveSecurity

20 May 2021

3 Ways Anti-Vaxxers Will Undercut Security With Misinformation

Misinformation campaigns thrive on inequality of knowledge, which bad actors use to drive a wedge between communities.
20 May 2021

Four Android Bugs Being Exploited in the Wild

Four Android Bugs Being Exploited in the Wild On Wednesday, Google quietly slipped updates into its May 3 Android security bulletin for bugs that its Project Zero group has confirmed are zero-days.
20 May 2021

2021 Attacker Dwell Time Trends and Best Defenses

2021 Attacker Dwell Time Trends and Best Defenses The time that attackers stay hidden inside an organization’s networks is shifting, putting pressure on defenders and upping the need to detect and respond to threats in real-time.
20 May 2021

How 2 New Executive Orders May Reshape Cybersecurity & Supply Chains for a Post-Pandemic World

A modernized US technology strategy must account for the growing ideological divide between authoritarians and democracies over the use of cyber and emerging technologies.
20 May 2021

Fraudsters employ Amazon ‘vishing’ attacks in fake order scams

Case studies highlight how scam artists are using voice messages to dupe their victims into handing over credentials or cash.
20 May 2021

Apple Exec Calls Level of Mac Malware ‘Unacceptable’

Apple Exec Calls Level of Mac Malware ‘Unacceptable’ Company is using threat of attacks as defense in case brought against it by Epic Games after Fortnite was booted from the App Store for trying to circumvent developer fees.
20 May 2021