Cybersecurity News


New US Justice Department team aims to disrupt ransomware operations

The task force will focus on dealing with the “root causes” of ransomware.
22 April 2021

Rapid7 Acquires Velociraptor Open Source Project

The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.
21 April 2021

4 Innovative Ways Cyberattackers Hunt for Security Bugs

4 Innovative Ways Cyberattackers Hunt for Security Bugs David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved "fixme" flags in developer support groups.
21 April 2021

Justice Dept. Creates Task Force to Stop Ransomware Spread

One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.
21 April 2021

Zero-Day Flaws in SonicWall Email Security Tool Under Attack

Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.
21 April 2021

QR Codes Offer Easy Cyberattack Avenues as Usage Spikes

QR Codes Offer Easy Cyberattack Avenues as Usage Spikes Usage is way up, but so are cyberattacks: Mobile phishing, malware, banking heists and more can come from just one wrong scan.
21 April 2021

Q&A on the Optional P2PE Solution Inventory Template

 

Point-to-Point Encryption (P2PE) technology makes data unreadable so it has no value to criminals even if stolen in a breach. Merchants can take advantage of this technology with a P2PE solution, a combination of secure devices, applications, and processes that encrypt payment card data from the point it is used at a payment terminal until it reaches a secure point of decryption. PCI P2PE Solutions are those that have been validated as meeting the rigorous security requirements of the PCI P2PE Standard and are listed on the PCI Security Standards Council (PCI SSC) website. PCI P2PE Solutions provide the strongest protection for payment card data and can simplify merchant efforts to comply with the PCI Data Security Standard (PCI DSS).

21 April 2021

Business Email Compromise Costs Businesses More Than Ransomware

Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.
21 April 2021

Google rushes out fix for zero‑day vulnerability in Chrome

The update patches a total of seven security flaws in the desktop versions of the popular web browser

The post Google rushes out fix for zero‑day vulnerability in Chrome appeared first on WeLiveSecurity

21 April 2021

Pulse Secure Critical Zero-Day Security Bug Under Active Exploit

Pulse Secure Critical Zero-Day Security Bug Under Active Exploit CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs.
21 April 2021

How to Attack Yourself Better in 2021

Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
21 April 2021

Nearly Half of All Malware is Concealed in TLS-Encrypted Communications

Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.
21 April 2021

Attackers Heavily Targeting VPN Vulnerabilities

Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.
21 April 2021

Instagram debuts new tool to stop abusive message salvos made through new accounts

DMs are the next area the firm wants to focus on in controlling abusive behavior.
21 April 2021

Swiss Army Knife for Information Security: What Is Comprehensive Protection?

Swiss Army Knife for Information Security: What Is Comprehensive Protection? A vendor develops the series logically so that the tools do not just cover individual needs, but complement each other. For example, the concept of SearchInform is to ensure control of threats at all levels of the information network: from hardware and software to file systems and databases, from user actions on a PC to their activity on the Internet.
21 April 2021

Novel Email-Based Campaign Targets Bloomberg Clients with RATs

Novel Email-Based Campaign Targets Bloomberg Clients with RATs Attacks dubbed ‘Fajan’ by researchers are specifically targeted and appear to be testing various threat techniques to find ones with the greatest impact.
21 April 2021

Zero-day vulnerabilities in SonicWall email security are being actively exploited

The vendor is urging customers to apply patches immediately.
21 April 2021

Codecov breach impacted ‘hundreds’ of customer networks: report

Reports suggest the initial hack may have led to a more extensive supply chain attack.
21 April 2021

Updating Plugins

Every plugin or add-on you install in your browser can expose you to more danger. Only install the plugins you need and make sure they are always current. If you no longer need a plugin, disable or remove it from your browser via your browser's plugin preferences.
21 April 2021

Pulse Secure VPN Flaws Exploited to Target US Defense Sector

China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.
20 April 2021