Cybersecurity News
Week in security with Tony Anscombe
Some takeaways from CES 2020 – Firefox update plugs a zero-day – Facebook cracks down on deepfakes
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
5 Tips on How to Build a Strong Security Metrics Framework
The carpentry maxim "measure twice, cut once" underscores the importance of timely, accurate, and regular metrics to inform security leaders' risk decisions.Study Points to Lax Focus on Cybersecurity
Despite ranking at the top of respondents' concerns, organizations still show gaps in acting on cybersecurity, Society for Information Management (SIM) report finds.Connected cars: How to improve their connection to cybersecurity
As software becomes more important than ever, how can engaging the security industry make the road ahead less winding?
The post Connected cars: How to improve their connection to cybersecurity appeared first on WeLiveSecurity
Connected cars: How to improve their connection to cybersecurity
As software becomes more important than ever, how can engaging the security industry make the road ahead less winding?
The post Connected cars: How to improve their connection to cybersecurity appeared first on WeLiveSecurity
TrickBot hackers create new stealthy backdoor for high-value targets
PowerTrick is reserved for the most lucrative targets on the gang’s hit list.Oil-and-Gas APT Pivots to U.S. Power Plants
Researchers say that physically disruptive attacks aren't imminent, but an increased focus on U.S. electrical-grid operators doesn't bode well.
Man jailed for using data breach info leaks to claim over $12 million in IRS tax refunds
Information leaked due to data breaches was used to file fraudulent tax returns.Cybersecurity acquisitions run rampant this week: Who has bought what?
As a new year unfolds, so do portfolio changes and acquisition deals in the cybersecurity sector.Skype audio graded by workers in China with 'no security measures'
Exclusive: former Microsoft contractor says he was emailed login after minimal vetting
A Microsoft programme to transcribe and vet audio from Skype and Cortana, its voice assistant, ran for years with “no security measures”, according to a former contractor who says he reviewed thousands of potentially sensitive recordings on his personal laptop from his home in Beijing over the two years he worked for the company.
The recordings, both deliberate and accidentally invoked activations of the voice assistant, as well as some Skype phone calls, were simply accessed by Microsoft workers through a web app running in Google’s Chrome browser, on their personal laptops, over the Chinese internet, according to the contractor.
Continue reading...Google details its three-year fight against the Bread (Joker) malware operation
Google says it removed more than 1,700 Android apps infected with Bread (Joker) malware since 2017.Reporting an Incident
Bad guys are very persistent, eventually anyone can make a mistake. If a phone call from the "Help Desk" doesn't sound quite right, if an email seems suspicious or if a program you installed starts acting funny, ask for help! In addition, perhaps you lost a work laptop or a USB drive. The sooner you report an incident, the sooner we can help resolve the problem.Attackers Increase Focus on North American Electric Utilities: Report
Electric utilities continue to be a target of nation-state attackers, even before the latest tensions between Iran and the United States, says a critical-infrastructure security firm.Chinese Malware Found Preinstalled on US Government-Funded Phones
Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.Dixons Carphone fined £500,000 for massive data breach
‘Systemic failures’ found in the retailer’s management and protection of customer data
Dixons Carphone has been hit with the maximum possible fine after the tills in its shops were compromised by a cyber-attack that affected at least 14 million people.
The retailer discovered the massive data breach last summer and a subsequent investigation by the Information Commissioner’s Office (ICO) found the attacker had installed malicious software on 5,390 tills in branches of its Currys PC World and Dixons Travel chains.
Continue reading...50+ orgs ask Google to take a stance against Android bloatware
Privacy organizations ask Google to introduce new OEM rules for Android bloatware.Lawmakers Prod FCC to Act on SIM Swapping
Crooks have stolen tens of millions of dollars and other valuable commodities from thousands of consumers via "SIM swapping," a particularly invasive form of fraud that involves tricking a target's mobile carrier into transferring someone's wireless service to a device they control. But the U.S. Federal Communications Commission (FCC), the entity responsible for overseeing wireless industry practices, has so far remained largely silent on the matter. Now, a cadre of Senate lawmakers is demanding to know what, if anything, the agency might be doing to track and combat SIM swapping.Exploit Fully Breaks SHA-1, Lowers the Attack Bar
Users of GnuPG, OpenSSL and Git could be in danger from an attack that's practical for ordinary attackers to carry out.
TrickBot Group Adds New PowerShell-Based Backdoor to Arsenal
PowerTrick is sort of a custom-version of PowerShell Empire and can be used to download additional malware, SentinelOne says.Online Skimming and Payment Security
On the blog, we cover basic questions with Christopher D. Roberti, Senior Vice President for Cyber, Intelligence, and Security Policy at the U.S. Chamber of Commerce and PCI SSC SVP, Engagement Officer for Market Intelligence and Stakeholder Engagement Troy Leach, about this growing threat to businesses across the U.S. and how to better protect yourself from this dangerous threat.