Cybersecurity News
Russia to Rent Tech-Savvy Prisoners to Corporate IT?
Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation's prison population to perform low-cost IT work for domestic companies.02 May 2022
Bad Actors Are Maximizing Remote Everything
Aamir Lakhani, global security strategist and researcher at FortiGuard Labs, zeroes in on how adversaries are targeting 'remote everything'.
02 May 2022
Deep Dive: Protecting Against Container Threats in the Cloud
A deep dive into securing containerized environments and understanding how they present unique security challenges.
02 May 2022
Mozilla finds mental health apps fail 'spectacularly' at user security, data policies
Prayer apps, too, have raised serious security concerns.02 May 2022
You Can Now Ask Google to Remove Your Phone Number, Email or Address from Search Results
Google said this week it is expanding the types of data people can ask to have removed from search results, to include personal contact information like your phone number, email address or physical address. The move comes just months after Google rolled out a new policy enabling people under the age of 18 (or a parent/guardian) to request removal of their images from Google search results.29 April 2022
TA410 under the microscope – Week in security with Tony Anscombe
Here's what you should know about FlowingFrog, LookingFrog and JollyFrog – the three teams making up the TA410 espionage umbrella group
The post TA410 under the microscope – Week in security with Tony Anscombe appeared first on WeLiveSecurity
29 April 2022
Security Turbulence in the Cloud: Survey Says…
Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps.
29 April 2022
Cyberespionage APT Now Identified as Three Separate Actors
The threat group known as TA410 that wields the sophisticated FlowCloud RAT actually has three subgroups operating globally, each with their own toolsets and targets.
29 April 2022
Vulnerable plugins plague the CMS website security landscape
Backdoors, card skimming, and spam are also common factors in website compromise.29 April 2022
HackerOne acquires code security tester, review service PullRequest
HackerOne says that clients will be able to more easily integrate code security reviews during workflows.29 April 2022
Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens
GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.
28 April 2022
Cyberattacks Rage in Ukraine, Support Military Operations
At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure.
28 April 2022
ExtraReplica: Microsoft patches cross-tenant bug in Azure PostgreSQL
The flaw was exploitable to conduct privilege escalation and code execution.28 April 2022
Emotet is Back From ‘Spring Break’ With New Nasty Tricks
The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default.
27 April 2022
Fighting Fake EDRs With ‘Credit Ratings’ for Police
When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don't tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests -- in part by assigning trustworthiness or "credit ratings" to law enforcement authorities worldwide.27 April 2022
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
ESET researchers reveal a detailed profile of TA410: we believe this cyberespionage umbrella group consists of three different teams using different toolsets, including a new version of the FlowCloud espionage backdoor discovered by ESET.
The post A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity appeared first on WeLiveSecurity
27 April 2022
Millions of Java Apps Remain Vulnerable to Log4Shell
Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.
27 April 2022
Bronze President spies on Russian targets as Ukraine invasion continues
It's not necessarily because Russia is considered hostile, however.27 April 2022
PCI DSS v4.0 is Now Available: Resources and Engagement Events
Welcome to our podcast series, Coffee with The Council. I'm Alicia Malone, senior manager of public relations for the PCI Security Standards Council. Today we'll be talking about resources and upcoming engagement events pertaining to the recent release of version four of the PCI Data Security Standard, or PCI DSS. My guests for this episode are Elizabeth Terry, senior manager of community engagement at PCI SSC and Lindsay Goodspeed, senior manager of corporate communications at PCI SSC. Welcome to both of you!
26 April 2022
Firms Push for CVE-Like Cloud Bug System
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.
26 April 2022