Cybersecurity News


Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation's prison population to perform low-cost IT work for domestic companies.
02 May 2022

Bad Actors Are Maximizing Remote Everything

Bad Actors Are Maximizing Remote Everything Aamir Lakhani, global security strategist and researcher at FortiGuard Labs, zeroes in on how adversaries are targeting 'remote everything'.
02 May 2022

Deep Dive: Protecting Against Container Threats in the Cloud

Deep Dive: Protecting Against Container Threats in the Cloud A deep dive into securing containerized environments and understanding how they present unique security challenges.
02 May 2022

Mozilla finds mental health apps fail 'spectacularly' at user security, data policies

Prayer apps, too, have raised serious security concerns.
02 May 2022

You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results

Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.
29 April 2022

TA410 under the microscope – Week in security with Tony Anscombe

Here's what you should know about FlowingFrog, LookingFrog and JollyFrog – the three teams making up the TA410 espionage umbrella group

The post TA410 under the microscope – Week in security with Tony Anscombe appeared first on WeLiveSecurity

29 April 2022

Security Turbulence in the Cloud: Survey Says…

Security Turbulence in the Cloud: Survey Says… Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps.
29 April 2022

Cyberespionage APT Now Identified as Three Separate Actors

Cyberespionage APT Now Identified as Three Separate Actors The threat group known as TA410 that wields the sophisticated FlowCloud RAT actually has three subgroups operating globally, each with their own toolsets and targets.
29 April 2022

Vulnerable plugins plague the CMS website security landscape

Backdoors, card skimming, and spam are also common factors in website compromise.
29 April 2022

HackerOne acquires code security tester, review service PullRequest

HackerOne says that clients will be able to more easily integrate code security reviews during workflows.
29 April 2022

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.
28 April 2022

Cyberattacks Rage in Ukraine, Support Military Operations

Cyberattacks Rage in Ukraine, Support Military Operations At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure.
28 April 2022

ExtraReplica: Microsoft patches cross-tenant bug in Azure PostgreSQL

The flaw was exploitable to conduct privilege escalation and code execution.
28 April 2022

Emotet is Back From ‘Spring Break’ With New Nasty Tricks

Emotet is Back From ‘Spring Break’ With New Nasty Tricks The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default.
27 April 2022

Fighting Fake EDRs With ‘Credit Ratings’ for Police

When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don't tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests -- in part by assigning trustworthiness or "credit ratings" to law enforcement authorities worldwide.
27 April 2022

A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity

ESET researchers reveal a detailed profile of TA410: we believe this cyberespionage umbrella group consists of three different teams using different toolsets, including a new version of the FlowCloud espionage backdoor discovered by ESET.

The post A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity appeared first on WeLiveSecurity

27 April 2022

Millions of Java Apps Remain Vulnerable to Log4Shell

Millions of Java Apps Remain Vulnerable to Log4Shell Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.
27 April 2022

Bronze President spies on Russian targets as Ukraine invasion continues

It's not necessarily because Russia is considered hostile, however.
27 April 2022

PCI DSS v4.0 is Now Available: Resources and Engagement Events

 

Welcome to our podcast series, Coffee with The Council. I'm Alicia Malone, senior manager of public relations for the PCI Security Standards Council. Today we'll be talking about resources and upcoming engagement events pertaining to the recent release of version four of the PCI Data Security Standard, or PCI DSS. My guests for this episode are Elizabeth Terry, senior manager of community engagement at PCI SSC and Lindsay Goodspeed, senior manager of corporate communications at PCI SSC. Welcome to both of you!

26 April 2022

Firms Push for CVE-Like Cloud Bug System

Firms Push for CVE-Like Cloud Bug System Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.
26 April 2022