Cybersecurity News


Benefits of Becoming a Participating Organization

 

It is great that your organization takes securing payment data seriously. Now is the time to take the next step forward and make a difference by becoming a PCI SSC Participating Organization, (PO). POs play a key role in both influencing the ongoing development of PCI Security Standards and programs, and in helping ensure that PCI Security Standards are implemented globally to secure payment data.

14 September 2020

CISA: Chinese state hackers are exploiting F5, Citrix, Pulse Secure, and Exchange bugs

CISA says attacks have started a year ago and some have been successful.
14 September 2020

Open Source Security's Top Threat and What To Do About It

With open source developers regularly churning out new tools, the risk landscape has become too fragmented to properly monitor.
14 September 2020

More Printers Could Mean Security Problems for Home-Bound Workers

Tricked-out home offices have led to an influx in printers, many of which have not been set up securely, leaving workers and their companies vulnerable.
14 September 2020

Vast majority of cyber-attacks on cloud servers aim to mine cryptocurrency

Cyber-attacks on cloud systems spiked 250% from 2019 to 2020.
14 September 2020

US citizen charged with running diamond Ponzi scheme, cryptocurrency scam

The operator claimed to have $25 million in diamond ‘stock’.
14 September 2020

Zerologon attack lets hackers take over enterprise networks

If you're managing enterprise Windows Servers, don't skip on the August 2020 Patch Tuesday.
14 September 2020

DeFi SushiSwap creator returns $14m in ETH to project after causing coin crash

Chef Nomi says they are sorry for wreaking havoc by cashing out $14 million without warning.
14 September 2020

New BlindSide attack uses speculative execution to bypass ASLR

New BlindSide technique abuses the CPU's internal performance-boosting feature to bypass OS security protection.
14 September 2020

A Real-World Tool for Organizing, Integrating Third-Party Tools

Omdia Cybersecurity Accelerator analyst Eric Parizo describes how a security product integration framework (SPIF) can unify best-of-breed architectures.
13 September 2020

Leaky server exposes users of dating site network

Personal details of hundreds of thousands of dating site users were temporarily exposed online earlier this month.
13 September 2020

Researcher kept a major Bitcoin bug secret for two years to prevent attacks

The INVDoS bug would have allowed attackers to crash Bitcoin nodes and other similar blockchains.
12 September 2020

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.
11 September 2020

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
11 September 2020

3 Secure Moments: A Tranquil Trio of Security Haiku

3 Secure Moments: A Tranquil Trio of Security Haiku Placid poems to quiet the infosec pro's harried mind. (Or placid, by infosec standards.)
11 September 2020

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.
11 September 2020

APT Groups Set Sights on Linux Targets: Inside the Trend

Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
11 September 2020

Ransomware Hits US District Court in Louisiana

The ransomware attack has exposed internal documents from the court and knocked its website offline.
11 September 2020

Week in security with Tony Anscombe

ESET researchers have discovered and analyzed CDRThief, a malware that targets Voice over IP (VoIP) softswitches. Righard Zwienenberg deep in the lead-offering business and invites us to take steps to mitigate this problem. Finally, an overview of the TikTok pairing feature, which gives parents greater control over how their children interact with the app All

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

11 September 2020

WordPress Plugin Flaw Allows Attackers to Forge Emails

WordPress Plugin Flaw Allows Attackers to Forge Emails The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
11 September 2020