Cybersecurity News
Back-to-Basics: Properly Configured Firewalls
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on properly configuring firewalls.
Effective Threat-Hunting Queries in a Redacted World
Chad Anderson, senior security researcher for DomainTools, demonstrates how seemingly disparate pieces of infrastructure information can form perfect fingerprints for tracking cyberattackers' infrastructure.
Microsoft Spills 38 Million Sensitive Data Records Via Careless Power App Configs
Data leaked includes COVID-19 vaccination records, social security numbers and email addresses tied to American Airlines, Ford, Indiana Department of Health and New York City public schools.
ProxyShell Attacks Pummel Unpatched Exchange Servers
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.
Windows 10 Admin Rights Gobbled by Razer Devices
So much for Windows 10's security: a zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device.
Paving the way: Inspiring Women in Payments - A Q&A featuring Sadie Sangster
Working mothers have a huge amount of determination and possess many of the same skillsets that are essential in the business world. As a working mother herself, Sadie Sangster understands the business world from this perspective and credits motherhood as the driving force in her career success. In this edition of our blog, Sadie explains why it’s important to see more women progress into senior roles after having children.
Managing Privileged Access to Secure the Post-COVID Perimeter
Joseph Carson, chief security scientist & advisory CISO at ThycoticCentrify, discusses how to implement advanced privileged-access practices.
Attackers Actively Exploiting Realtek SDK Flaws
Multiple vulnerabilities in software used by 65 vendors under active attack.
Web Censorship Systems Can Facilitate Massive DDoS Attacks
Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks.
Week in security with Tony Anscombe
Who is actually paying the ransom demand? – Be careful about what you throw away – Records from a terrorist watchlist exposed online
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
Hackers swipe almost $100 million from major cryptocurrency exchange
Japanese cryptocurrency exchange Liquid suspends cryptocurrency deposits and withdrawals and moves its assets into cold storage
The post Hackers swipe almost $100 million from major cryptocurrency exchange appeared first on WeLiveSecurity
Nigerian Threat Actors Solicit Employees to Deploy Ransomware for Cut of Profits
Campaign emails company insiders and initially offers 1 million in Bitcoin if they install DemonWare on an organization’s network.
Australians hit by ‘Flubot’ malware that arrives by text message
New scam spreads to Australia from Europe, targeting thousands of Android users
Thousands of Australians have been hit by a new scam text message known as Flubot, which aims to install malware on their phones.
Flubot is a type of malware targeting Android users, but iPhone users can also receive the messages. It tells the receiver they missed a call or have a new voicemail, providing a fake link to listen.
Related: Password of three random words better than complex variation, experts say
Related: How NSO became the company whose software can spy on the world
Continue reading...What’s Next for T-Mobile and Its Customers? – Podcast
Hopefully not a hacked-up hairball of a “no can do” message when customers rush to change their PINs. In this episode: Corporate resilience vs. the opposite.
How Ready Are You for a Ransomware Attack?
Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement.
Critical Cisco Bug in Small Business Routers to Remain Unpatched
The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life.
InkySquid State Actor Exploiting Known IE Bugs
The North Korea-linked APT group leverages known Internet Explorer vulns for watering-hole attacks.
Windows EoP Bug Detailed by Google Project Zero
Microsoft first dismissed the elevation of privilege flaw but decided yesterday that attackers injecting malicious code is worthy of attention.
COVID-19 Contact-Tracing Data Exposed, Fake Vax Cards Circulate
COVID-19-related exploitation and abuse is on the rise as vaccine data opens new frontiers for threat actors.