Cybersecurity News
Microsoft Exchange Servers Still Open to Actively Exploited Flaw
Despite Microsoft issuing patches almost eight months ago, 61 percent of Exchange servers are still vulnerable.
The Value of the PCI Secure Software Lifecycle Standard for Software Vendors
The PCI Secure Software Lifecycle (Secure SLC) Standard is part of the PCI Software Security Framework, which addresses security for software operating in payment environments. In this blog, we interview PCI Security Standards Council’s VP, Global Head of Programs, Gill Woodcock, about the Secure SLC Standard, what it is, and the value of adoption.
Attacker Dwell Time: Ransomware's Most Important Metric
How to bolster security defenses by zeroing in on the length of time an interloper remains undetected inside your network$15 million business email scam campaign in the US exposed
The FBI is investigating the global campaign in which millions of dollars have been stolen from at least 150 victims.This worm phishing campaign is a game-changer in password theft, account takeovers
The security incident highlights the need for multi-factor authentication in the enterprise.APT‑C‑23 group evolves its Android spyware
ESET researchers uncover a new version of Android spyware used by the APT-C-23 threat group against targets in the Middle East
The post APT‑C‑23 group evolves its Android spyware appeared first on WeLiveSecurity
Why Web Browser Padlocks Shouldn’t Be Trusted
Popular ‘safe browsing’ padlocks are now passe as a majority of bad guys also use them.
Twitter hires new CISO in industry veteran Rinki Sethi
Sethi previously served in security roles at Rubrik, IBM, Palo Alto Networks, Intuit, and eBay.Microsoft: Ransomware & Nation-State Attacks Rise, Get More Sophisticated
Malware-based attacks are out, phishing is in, along with credential stuffing and business email compromise. Microsoft recommends defensive tactics in its new report on rising threats.Who’s Behind Monday’s 14-State 911 Outage?
Emergency 911 systems were down for more than an hour on Monday in towns and cities across 14 U.S. states. The outages led many news outlets to speculate the problem was related to Microsoft's Azure web services platform, which also was struggling with a widespread outage at the time. However, multiple sources tell KrebsOnSecurity the 911 issues stemmed from some kind of technical snafu involving Intrado and Lumen, two companies that together handle 911 calls for a broad swath of the United States.DDoS Attacks Soar in First Half of 2020
Shorter, faster, multivector attacks had a greater impact on victims.New Campaign by China-Linked Group Targets US Orgs for First Time
In a least one instance, the Palmerworm APT group was able to remain undetected on a compromised system for nearly six months, according to Symantec.Securing Slack: 5 Tips for Safer Messaging, Collaboration
Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.
Vulnerability in Wireless Router Chipsets Prompts Advisory
Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek.Zerologon Attacks Against Microsoft DCs Snowball in a Week
The attempted compromises, which could allow full control over Active Directory identity services, are flying thick and fast just a week after active exploits of CVE-2020-1472 were first flagged.
Shifting Left of Left: Why Secure Code Isn't Always Quality Code
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.
The Network Perimeter: This Time, It’s Personal
Botnets and IoT devices are forming a perfect storm for IT staff wrestling with WFH employee security.
What to Know Before Participating in a PCI SSC RFC
The PCI SSC Request for Comments (RFC) process is an avenue for PCI SSC stakeholders to provide feedback on existing and new PCI security standards and programs. This feedback plays a critical role in the ongoing maintenance and development of these resources for the payment card industry.
FBI, CISA warn of disinformation campaigns about hacked voting systems
Threat actors may spread false claims about compromised voting systems in order to undermine confidence in the electoral process
The post FBI, CISA warn of disinformation campaigns about hacked voting systems appeared first on WeLiveSecurity