Cybersecurity News


Minion privilege escalation exploit patched in SaltStack Salt project

The bug permitted attackers to perform privilege escalation attacks in the automation software.
01 March 2021

Businessman charged with intent to steal General Electric’s secret silicon technology

Trade secrets worth millions on the market were the goal of the conspiracy.
01 March 2021

Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process

Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process Researchers found a number of privacy and security issues in Amazon's Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks.
26 February 2021

Stalkerware Volumes Remain Concerningly High, Despite Bans

Stalkerware Volumes Remain Concerningly High, Despite Bans COVID-19 impacted volumes for the year, but the U.S. moved into third place on the list of countries most infected by stalkerware.
26 February 2021

NSA Releases Guidance on Zero-Trust Architecture

A new document provides guidance for businesses planning to implement a zero-trust system management strategy.
26 February 2021

'Nerd' Humor

Some jokes never get old.
26 February 2021

Lazarus Targets Defense Companies with ThreatNeedle Malware

Lazarus Targets Defense Companies with ThreatNeedle Malware A spear-phishing campaigned linked to a North Korean APT uses “NukeSped” malware in cyberespionage attacks against defense companies.
26 February 2021

The Edge Pro Tip: Fasten Your Seatbelts

The Edge Pro Tip: Fasten Your Seatbelts An unprecedented 2020 has shaken up security leaders' usual list of must-have technologies for 2021. Where do they plan to spend next?
26 February 2021

Chrome will soon try HTTPS first when you type an incomplete URL

If users type an URL and they forget to add the HTTP or HTTPS prefix, Chrome will soon use HTTPS by default.
26 February 2021

Securing Super Bowl LV

Securing Super Bowl LV A peek at open XDR technology, and defense that held up better than the Kansas City Chiefs.
26 February 2021

Yeezy Fans Face Sneaker-Bot Armies for Boost ‘Sun’ Release  

Yeezy Fans Face Sneaker-Bot Armies for Boost ‘Sun’ Release   Sneaker bots ready to scoop up the new Yeezy Boost 700 “Sun” shoes to resell at a huge markup.  
26 February 2021

Attackers Turn Struggling Software Projects Into Trojan Horses

While access to compromised systems has become an increasingly common service, some cybercriminals are going straight to the source: buying code bases and then updating the application with malicious code.
26 February 2021

Malware Gangs Partner Up in Double-Punch Security Threat

Malware Gangs Partner Up in Double-Punch Security Threat From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.
26 February 2021

Berlin resident jailed for threatening to bomb NHS hospital unless Bitcoin ransom was paid

The bomb threats escalated over the course of six weeks to include Black Lives Matter protests and threats on UK politicians.
26 February 2021

Week in security with Tony Anscombe

Privacy bug in Brave browser – Clubhouse audio streamed to external website – Protecting children from cyberbullying in COVID-19 era

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

26 February 2021

Oxford University COVID‑19 lab hacked

Neither clinical research into the coronavirus nor any patient data were affected by the incident

The post Oxford University COVID‑19 lab hacked appeared first on WeLiveSecurity

26 February 2021

PCI DSS v4.0 Timeline Updated to Support an Additional RFC

 

Industry feedback is fundamental to the evolution of the PCI Data Security Standard (PCI DSS). Because of the broad impact PCI DSS has on the payment community, the Council is seeking additional feedback into the PCI DSS v4.0 validation documents. As a result of expanding stakeholder feedback opportunities to include these supporting documents, the Council is now targeting a Q4 2021 completion date for PCI DSS v4.0. The publication and availability of PCI DSS v4.0 is still being determined. The Council will communicate the targeted publication date in the coming months.

26 February 2021

After a Year of Quantum Advances, the Time to Protect Is Now

Innovations in quantum computing mean enterprise and manufacturing organizations need to start planning now to defend against new types of cybersecurity threats.
26 February 2021

Safeguarding children against cyberbullying in the age of COVID‑19

As screen time has increased, so has the risk of cyberbullying. What you can do to help protect your children from online harassment?

The post Safeguarding children against cyberbullying in the age of COVID‑19 appeared first on WeLiveSecurity

26 February 2021

Podcast: Ransomware Attacks Exploded in Q4 2020

Podcast: Ransomware Attacks Exploded in Q4 2020 Researchers said they saw a seven-times increase in ransomware activity in the fourth quarter of 2020, across various families – from Ryuk to Egregor.
26 February 2021