Cybersecurity News


Crackonosh malware abuses Windows Safe mode to quietly mine for cryptocurrency

The malware is thought to have generated millions of dollars in just a few short years.
25 June 2021

‘Pen tester’ FIN7 hacking group member lands seven-year prison term

The “high-level” member must also pay $2.5 million in damages.
25 June 2021

Spam Downpour Drips New IcedID Banking Trojan Variant

Spam Downpour Drips New IcedID Banking Trojan Variant The primarily IcedID-flavored banking trojan spam campaigns were coming in at a fever pitch: Spikes hit more than 100 detections a day.
24 June 2021

74% of Q1 Malware Was Undetectable Via Signature-Based Tools

Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.
24 June 2021

D3FEND Framework Seeks to Lay Foundation for Cyber Defense

The MITRE project, funded by the National Security Agency, aims to create a foundation for analyzing and discussing cyber defenses and could shake up the vendor community.
24 June 2021

Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims

Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims The infamous ransomware group hit two big-name companies within hours of each other.  
24 June 2021

Tulsa Officials Warn Ransomware Attackers Leaked City Files

The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.
24 June 2021

Preinstalled Firmware Updater Puts 128 Dell Models at Risk

A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.
24 June 2021

Request for Comments: PTS HSM Modular Security Requirements

 

From 24 June to 26 July 2021, PCI SSC stakeholders are invited to review and provide feedback on the draft PCI PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Security Requirements during a 30 day request for comments (RFC) period.

The RFC will be available to primary contacts through the PCI SSC portal, including instructions on how to access the document and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.

Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.

24 June 2021

Boardroom Perspectives on Cybersecurity: What It Means for You

Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.
24 June 2021

Gaming industry under siege from cyberattacks during pandemic

Cyberattacks targeting the gaming industry skyrocket, with web attacks more than tripling year-on-year in 2020

The post Gaming industry under siege from cyberattacks during pandemic appeared first on WeLiveSecurity

24 June 2021

Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising

Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising Beware: The swindle uses legitimately purchased YouTube ads, real liquidity, legitimate DEX Uniswap, and the real wallet extension MetaMask to create an entirely convincing fake coin gambit.
24 June 2021

Critical VMware Carbon Black Bug Allows Authentication Bypass

Critical VMware Carbon Black Bug Allows Authentication Bypass The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.
24 June 2021

Storms & Silver Linings: Avoiding the Dangers of Cloud Migration

We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?
24 June 2021

John McAfee, Creator of McAfee Antivirus Software, Dead at 75

McAfee, who was being held in a Spanish jail on US tax-evasion charges, had learned on Monday he would be extradited to the US.
24 June 2021

Tulsa’s Police-Citation Data Leaked by Conti Gang

Tulsa’s Police-Citation Data Leaked by Conti Gang A May 6 ransomware attack caused disruption across several of the municipality’s online services and websites.
24 June 2021

rMTD: A Deception Method That Throws Attackers Off Their Game

rMTD: A Deception Method That Throws Attackers Off Their Game Through a variety of techniques, rotational Moving Target Defense makes existing OS and app vulnerabilities difficult to exploit. Here's how.
24 June 2021

Cybersecurity firms battle DMCA rules over good-faith research

The argument is that current rules are hampering ethical and effective vulnerability reporting.
24 June 2021

BIOSConnect code execution bugs impact millions of Dell devices

A critical bug chain allows attackers to impersonate the vendor and impact code at the root level.
24 June 2021

Atlassian Bugs Could Have Led to 1-Click Takeover

Atlassian Bugs Could Have Led to 1-Click Takeover A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.
24 June 2021