Cybersecurity News


PCI SSC Announces 2021 Special Interest Group Election Results

 

Following its annual Special Interest Group (SIG) election process, the PCI Security Standards Council has confirmed the winning SIG topic for 2021. The Council’s Participating Organizations voted to select “Best Practices for Container Orchestration” as the focus for the year ahead. The goal of the SIG is to provide guidance for companies on how to enhance security when using container orchestration tools. This guidance will include an overview of container orchestration tools as well as a breakdown of payment industry considerations for critical components of typical system implementations.

27 January 2021

Apple Patches Three iOS Zero-Day Vulnerabilities

New iOS 14.4 update available for iPhones and iPads.
27 January 2021

Security's Inevitable Shift to the Edge

As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.
27 January 2021

International Action Targets Emotet Crimeware

Authorities across Europe on Tuesday said they'd seized control over Emotet, a prolific malware strain and cybercrime-as-service operation. Investigators say the action could help quarantine more than a million Microsoft Windows systems currently compromised with malware tied to Emotet infections.
27 January 2021

National Crime Agency warns novice and veteran traders alike of rise in clone company scams

The NCA says these schemes have already led to the theft of over £78 million.
27 January 2021

Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update

Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update An anonymous researcher identified bugs in the software’s kernel and WebKit browser engine that are likely part of an exploit chain.
27 January 2021

LogoKit Group Aims for Simple Yet Effective Phishing

A phishing kit that uses embedded JavaScript targeted the users of more than 300 sites in the past week, aiming to grab credentials for SharePoint, Adobe Document Cloud, and OneDrive.
27 January 2021

Fake ICO consultant sentenced for embezzling cryptocurrency now worth $20 million

The US resident pretended to be an expert on investing in cryptocurrencies.
27 January 2021

UK association defends ransomware payments in cyber insurance policies

The group has been criticized for “funding” organized crime.
27 January 2021

10-years-old Sudo bug lets Linux users gain root-level access

The vulnerability, named "Baron Samedit," impacts most Linux distributions today.
26 January 2021

Ransomware Disrupts Operations at Packaging Giant WestRock

Incident is another reminder of how vulnerable OT environments are to attack, security experts say.
26 January 2021

Pay-Or-Get-Breached Ransomware Schemes Take Off

In 2020, ransomware attackers moved quickly to adopt so-called "double extortion" schemes, with more than 550 incidents in the fourth quarter alone.
26 January 2021

North Korean Attackers Target Security Researchers via Social Media: Google

Google TAG warns the infosec community of unsolicited requests from individuals seeking collaboration on vulnerability research.
26 January 2021

Nvidia Squashes High-Severity Jetson DoS Flaw

Nvidia Squashes High-Severity Jetson DoS Flaw If exploited, the most serious of these flaws could lead to a denial-of-service condition for Jetson products.
26 January 2021

DanaBot Malware Roars Back into Relevancy

DanaBot Malware Roars Back into Relevancy Sophisticated and dangerous, DanaBot has resurfaced after laying dormant for seven months.
26 January 2021

Privacy Teams Helped Navigate the Pivot to Work-from-Home

Annual Cisco privacy study also reports that 90% of organizations say their customers won't buy from them if they are not clear about data policy practices.
26 January 2021

Apple fixes another three iOS zero-days exploited in the wild

Fixes come after Apple patched another set of three zero-days last November.
26 January 2021

Mimecast: Recent Certificate Compromise Tied to SolarWinds Attacks

Yet another security firm hit in the sweeping attack campaign believed to be out of Russia.
26 January 2021

23M Gamer Records Exposed in VIPGames Leak

23M Gamer Records Exposed in VIPGames Leak The personal data of 66,000 users was left wide open on a misconfigured Elasticsearch server, joining a growing list of companies with leaky clouds.
26 January 2021

BEC Scammers Find New Ways to Navigate Microsoft 365

Their techniques made use of out-of-office replies and automatic responses during the 2020 holiday season, researchers report.
26 January 2021