Cybersecurity News
How to take control over your digital legacy
Do you have a plan for what will happen to your digital self when you pass away? Here’s how to put your digital affairs in order on Facebook, Google, Twitter and other major online services.
The post How to take control over your digital legacy appeared first on WeLiveSecurity
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
How 1-Time Passcodes Became a Corporate Liability
Phishers are enjoying remarkable success using text messages to steal remote access credentials and one-time passcodes from employees at some of the world's largest technology companies and customer support firms. A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.TikShock: Don’t get caught out by these 5 TikTok scams
Are you aware of the perils of the world’s no. 1 social media? Do you know how to avoid scams and stay safe on TikTok?
The post TikShock: Don’t get caught out by these 5 TikTok scams appeared first on WeLiveSecurity
PCI DSS v4.0: Is the Customized Approach Right For Your Organization?
This blog is the second in a series of articles on the customized approach. The first article provided a high-level overview of the customized approach and explored the difference between compensating controls and the customized approach. This article focuses on considerations for entities thinking about implementing a customized approach, and includes the customized approach resources provided in PCI DSS for the assessed entity and in the PCI DSS Report on Compliance Template for the assessor.
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
French hospital crippled by cyberattack – Week in security with Tony Anscombe
As another hospital falls victim to ransomware, Tony weighs in on the much-debated issue of banning ransomware payouts
The post French hospital crippled by cyberattack – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
What is doxing and how to protect yourself
Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you
The post What is doxing and how to protect yourself appeared first on WeLiveSecurity
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.
How Twitter’s whistleblower could boost Elon Musk’s legal battle
Peiter Zatko, former security chief, brought allegations of widespread security threats and spam concerns against the company
New whistleblower allegations of widespread security threats and spam concerns at Twitter may give Elon Musk ammunition in his fight to back out of a deal to buy the company.
On Tuesday, an 84-page complaint written by Twitter’s former security chief turned whistleblower, Peiter Zatko, alleged that Twitter prioritizes user growth over reducing spam, did not have a plan in place for major security issues, and that half the company’s servers were running out-of-date and vulnerable software.
Continue reading...Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.
Is your personal data all over the internet? 7 steps to cleaning up your online presence
You may not be able to disappear completely from the internet, but you can minimize your digital footprint with a few simple steps
The post Is your personal data all over the internet? 7 steps to cleaning up your online presence appeared first on WeLiveSecurity
Paving the Way: Inspiring Women in Payments - A Q&A featuring Viviana Wesley
Although Viviana Wesley always knew that she wanted a career in computers and technology, when she first started pursuing it, she realized her strengths were not in coding. But, through the guidance of a friend, she was redirected into IT Support and a new world opened for her; a dynamic world where she could use her technical expertise to help people, which is what she truly wanted to do. In this edition of our blog, Viviana describes why soft skills are critically important in this industry and how women are particularly adept at bridging communication gaps between technology and business.
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
CEO of Israeli Pegasus spyware firm NSO to step down
CEO Shalev Hulio is stepping down as part of NSO reorganisation that will see it focus on sales in Nato member countries
Israel’s NSO Group, which makes the globally controversial Pegasus spyware said on Sunday its CEO Shalev Hulio would step down as part of a reorganisation.
The indebted, privately owned company also said it would focus sales on countries belonging to the Nato alliance.
Continue reading...We can make our phones harder to hack but complete security is a pipe dream | John Naughton
Even the latest iPhone scare won’t persuade us to choose safety over convenienceApple caused a stir a few weeks ago when it announced that the forthcoming update of its mobile and laptop operating systems would contain an optional high-security mode that would provide users with an unprecedented level of protection against powerful “spyware” software that surreptitiously obtains control of their devices.
It’s called Lockdown Mode and, according to Apple, “offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware”.
Continue reading...Google and Apple both release patches against zero‑day vulnerabilities – Week in security with Tony Anscombe
Zero-day vulnerabilities are super active and Google and Apple are acting to patch these vulnerabilities, some of which seen on-the-wild.
The post Google and Apple both release patches against zero‑day vulnerabilities – Week in security with Tony Anscombe appeared first on WeLiveSecurity
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.