Cybersecurity News
Just Updated: Key Blocks Information Supplement
The PIN Security Requirement 18-3 Key Blocks Information Supplement provides a series of FAQs to help PIN acquiring entities with implementation of key blocks in accordance with requirement 18-3 in the PCI PIN Security Requirements v3.1.
Large-Scale Phishing Campaign Bypasses MFA
Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets.
Collaboration and knowledge sharing key to progress in cybersecurity
In a world of ever-evolving cyberthreats, collaboration and knowledge exchange are vital for keeping an edge on attackers
The post Collaboration and knowledge sharing key to progress in cybersecurity appeared first on WeLiveSecurity
Microsoft Patch Tuesday, July 2022 Edition
Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited. The software giant also has made a controversial decision to put the brakes on a plan to block macros in Office documents downloaded from the Internet.How War Impacts Cyber Insurance
Chris Hallenbeck, CISO for the Americas at Tanium, discusses the impact of geopolitical conflict on the cybersecurity insurance market.
‘Callback’ Phishing Campaign Impersonates Security Firms
Victims instructed to make a phone call that will direct them to a link for downloading malware.
Play it safe: 5 reasons not to download pirated games
It’s all fun and games until you get hacked – and this is just one risk of downloading cracked games
The post Play it safe: 5 reasons not to download pirated games appeared first on WeLiveSecurity
Rethinking Vulnerability Management in a Heightened Threat Landscape
Find out why a vital component of vulnerability management needs to be the capacity to prioritize from Mariano Nunez, CEO of Onapsis and Threatpost Infosec Insiders columnist.
Popular NFT Marketplace Phished for $540M
In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.
Unveiling the New PCI SSC Website
The PCI Security Standards Council is pleased to announce the completion of the first phase of our newly redesigned website. The Council is committed to providing the latest payment security standards, training programs, certified listings, and educational resources to our global stakeholders- and the website is our primary channel to deliver this content. PCI SSC has prioritized feedback from the industry to improve the overall user experience. Visitors to our website will notice enhanced search functionality, improved navigation, and design changes which aid in making our site accessible to all.
Experian, You Have Some Explaining to Do
Twice in the past month KrebsOnSecurity has heard from readers who've had their accounts at big-three credit bureau Experian hacked and updated with a new email address that wasn't theirs. In both cases the readers used password managers to select strong, unique passwords for their Experian accounts. Research suggests identity thieves were able to hijack the accounts simply by signing up for new accounts at Experian using the victim's personal information and a different email address.Sneaky Orbit Malware Backdoors Linux Devices
The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine.
Avoid travel digital disasters – Week in security with Tony Anscombe
Vacations are a great time to unwind, but if you're not careful, you may face a digital disaster. Here's how to keep your devices and data secure while you're on the move
The post Avoid travel digital disasters – Week in security with Tony Anscombe appeared first on WeLiveSecurity
U.S. Healthcare Orgs Targeted with Maui Ransomware
State-sponsored actors are deploying the unique malware--which targets specific files and leaves no ransomware note--in ongoing attacks.
Driving to France this summer? Watch out for scam websites before you go
Scammers don't take the summer off – be on your guard when buying your Crit'Air sticker
The post Driving to France this summer? Watch out for scam websites before you go appeared first on WeLiveSecurity
How to keep your home secure when you travel
With travel stressful enough, you don't need the anxiety of wondering if your home is protected.Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol
A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.
Apple to launch ‘lockdown mode’ to protect against Pegasus-style hacks
Firm says function is intended for users who face ‘grave, targeted threats to their digital security’
Apple is launching a “lockdown mode” for its devices to protect people – including journalists and human rights activists – targeted by hacking attacks like those launched by government clients of NSO Group using its Pegasus spyware.
Apple will roll out the setting in the autumn and believes it would have prevented previously known spyware attacks by closing down technical avenues for digital espionage. It said the lockdown mode was intended for users who face “grave, targeted threats to their digital security”.
Continue reading...Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens
A developer appears to have divulged credentials to a police database on a popular developer forum, leading to a breach and subsequent bid to sell 23 terabytes of personal data on the dark web.
8 common Facebook Marketplace scams and how to avoid them
Here’s what to watch out for when buying or selling stuff on the online marketplace and how to tell if you’re being scammed
The post 8 common Facebook Marketplace scams and how to avoid them appeared first on WeLiveSecurity