Cybersecurity News
Polish police shut down hacker super-group involved in bomb threats, ransomware, SIM swapping
The hackers also distributed Windows and Android malware, and even ran 50 fake online stores where they defrauded buyers.24 September 2020
Alien Android Banking Trojan Sidesteps 2FA
A new 'fork' of the Cerberus banking trojan, called Alien, targets victims' credentials from more than 200 mobile apps, including Bank of America and Microsoft Outlook.
24 September 2020
Since Remote Work Isn't Going Away, Security Should Be the Focus
These three steps will help organizations reduce long-term work-from-home security risks.24 September 2020
ICO fines profiteering UK firm for touting coronavirus products over spam texts
The UK company sent cold texts offering products “effective against coronavirus.”24 September 2020
Next-generation police dogs now sniff out your electronics
Drugs and weapons are not the only criminal evidence police dogs are on the hunt for.24 September 2020
Instagram bug opened a path for hackers to hijack app, turn smartphones into spies
The RCE vulnerability, now patched, took nothing more than an image file to trigger.24 September 2020
Microsoft says it detected active attacks leveraging Zerologon vulnerability
Zerologon patching window is slowly closing as Microsoft warns of attacks in the wild.24 September 2020
New 'Alien' malware can steal passwords from 226 Android apps
Most targets are banking apps, but Alien can also show phishing pages for social, instant messaging, and cryptocurrency apps.24 September 2020
Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack
Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents.23 September 2020
Gaming Industry Hit With 10B+ Attacks In Past Two Years
Criminals scored big with credential stuffing and web app attacks, yet many gamers seem unfazed.
23 September 2020
Zerologon Patches Roll Out Beyond Microsoft
A Samba patch and a micropatch for end-of-life servers have debuted in the face of the critical vulnerability.
23 September 2020
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
The e-commerce platform has alerted more than 100 merchants of a data breach, highlighting the danger of malicious insiders.23 September 2020
Google Cloud Debuts Threat-Detection Service
Lockdown economics are driving a threat-intelligence business boom. Chronicle Detect is Google's answer to monitoring so much log data created by the distributed workforce.23 September 2020
Microsoft, Italy, and the Netherlands warn of increased Emotet activity
New alerts about a spike in Emotet activity come after France, Japan, New Zealand issued similar warnings at the start of the month.23 September 2020
India's Cybercrime and APT Operations on the Rise
Growing geopolitical tensions with China in particular are fueling an increase in cyberattacks between the two nations, according to IntSights.23 September 2020
Gamer Credentials Now a Booming, Juicy Target for Hackers
Credential abuse drives illicit market for in-game rare skins, special weapons and unique tools.
23 September 2020
Microsoft's Azure Defender for IoT Uses CyberX Tech
Azure Defender for IoT is built to help IT and OT teams discover IoT and OT assets, identify critical flaws, and detect malicious behavior.23 September 2020
My Journey Toward SAP Security
When applications are critical to the business's core functions, the CISO and their staff better get the security right.23 September 2020
Making the Case for Medical Device Cybersecurity
With an increasing number of Internet-connected medical devices in use to manage diabetes, protecting against a variety of wireless network attacks could very well be a matter of life and death.
23 September 2020
Request for Comments: PCI DSS Version 4.0 Draft Standard
From 23 September to 13 November 2020, PCI SSC stakeholders can participate in a Request for Comments (RFC) on a draft of PCI Data Security Standard Version 4.0 (PCI DSS v4.0 Draft v0.2 for RFC). This is the second RFC for the draft of PCI DSS v4.0. The first RFC was held in late 2019, and feedback received during that RFC has been incorporated into the draft.
23 September 2020