Cybersecurity News
Meet BlackGuard: a new infostealer peddled on Russian hacker forums
Sophisticated, but potentially cheap.Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges.
PCI DSS v4.0 Resource Hub
PCI Data Security Standard (PCI DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect account data. The next evolution of the standard- PCI DSS v4.0- is now available.
This PCI DSS Resource Hub provides links to both standard documents and educational resources to help organizations become familiar with PCI DSS v4.0. Make sure to subscribe to the PCI Perspectives Blog to stay up to date on all news from PCI SSC.
PCI DSS v4.0: A Conversation with the Council
The PCI Security Standards Council has published the PCI Data Security Standard v4.0. The standard was developed with feedback from the global payments industry and provides a baseline of technical and operational requirements designed to protect account data. The standard was developed with the following priorities in mind:
QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.
A Blockchain Primer and a Bored Ape Headscratcher – Podcast
Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.
Cybersecurity managers with a direct line to executive boards set the tone for investment: study
Moody's examines how incident response and defense have implications for the market.Globant admits to data breach after Lapsus$ releases source code
The hacking group criticized Globant's "poor security practices."Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn
The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in literally millions of Java applications.
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.
Lapsus$ ‘Back from Vacation’
Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers' DevOps platforms – to its hit list.
Google Chrome Bug Actively Exploited as Zero-Day
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
MSHTML Flaw Exploited to Attack Russian Dissidents
A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin.
As Lapsus$ comes back from 'vacation,' Sitel clarifies position on data breach
Lapsus$ also claims to have compromised a software solutions provider.This new ransomware targets data visualization tool Jupyter Notebook
Misconfigured environments are the entry point for the ransomware strain.Women in tech: Unique insights from a lifelong pursuit of innovation
Leading Slovak computer scientist Mária Bieliková shares her experience working as a woman driving technological innovation and reflects on how to inspire the next generation of talent in tech
The post Women in tech: Unique insights from a lifelong pursuit of innovation appeared first on WeLiveSecurity
Log4JShell Used to Swarm VMware Servers with Miners, Backdoors
Researchers have found three backdoors and four miners in attacks exploiting the Log4Shell vulnerability, some of which are still ongoing.
Hackers Gaining Power of Subpoena Via Fake “Emergency Data Requests”
There is a terrifying and highly effective "method" that criminal hackers are now using to harvest sensitive customer data from Internet service providers, phone companies and social media firms. It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can't wait for a court order because it relates to an urgent matter of life and death.Exchange Servers Speared in IcedID Phishing Campaign
The ever-evolving malware shows off new tactics that use email thread hijacking and other obfuscation techniques to provide advanced evasion techniques.