Cybersecurity News


The 'Shared Responsibility' Misnomer: Why the Cloud Continues to Confound

Under the "shared responsibility model," the security management of cloud offerings is split equally between the vendor and the customer. Easy enough, right?
26 August 2020

Russian National Arrested for Conspiracy to Hack Nevada Company

The defendant allegedly planned to pay an employee $1 million to infect the company network with malware.
26 August 2020

Hackers Exploit Autodesk Flaw in Recent Cyberespionage Attack

Hackers Exploit Autodesk Flaw in Recent Cyberespionage Attack The popular Autodesk software was exploited in a recent cyberespionage campaign against an international architectural company.
26 August 2020

New Chrome, Firefox versions fix security bugs, bring productivity features

Chrome gets a new way of managing tabs while Firefox now features a new add-ons blocklist

The post New Chrome, Firefox versions fix security bugs, bring productivity features appeared first on WeLiveSecurity

26 August 2020

Two members of movie piracy group 'Sparks' arrested in Cyprus and the US

Investigators said the group posed as real-world DVD/Blu-Ray retailers to obtain and leak unreleased movies and TV shows.
26 August 2020

Disinformation Spurs a Thriving Industry as U.S. Election Looms

Disinformation Spurs a Thriving Industry as U.S. Election Looms Threat actors are becoming increasingly sophisticated in launching disinformation campaigns - and staying under the radar to avoid detection from Facebook, Twitter and other platforms.
26 August 2020

With More Use of Cloud, Passwords Become Even Weaker Link

Slow patching provides vulnerabilities to exploit. A lack of network segmentation allows unrestricted lateral movement. Yet a report surveying a year of penetration tests finds that passwords still top the list of what attackers use to compromise systems.
26 August 2020

PCI DSS in Practice Case Study: Cielo

 

In this PCI DSS in Practice Case Study, Brazil Regional Engagement Board Member Cielo shares the challenge of dealing with legacy systems that did not have adequate controls to meet PCI DSS. The company recognized that training employees on security awareness and the support of senior management were essential to address these challenges.

26 August 2020

Deep Fake: Setting the Stage for Next-Gen Social Engineering

Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
26 August 2020

Medical Data Leaked on GitHub Due to Developer Errors

Medical Data Leaked on GitHub Due to Developer Errors Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.
26 August 2020

How to Write a Cybersecurity Playbook During a Pandemic

How to Write a Cybersecurity Playbook During a Pandemic IT teams have had to learn to be dynamic as workforces continue to shift strategies while COVID-19 drags on.
26 August 2020

Mercenary hacker group targets companies with 3Ds Max malware

Hacker-for-hire group uses a malicious 3Ds Max plugin to infect companies with malware and steal proprietary information.
26 August 2020

Russian arrested for trying to recruit an insider and hack a Nevada company

A Russian national traveled to the US to recruit and convince an employee of a Nevada company to install malware on the company's network.
25 August 2020

Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform

Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform Researchers have unearthed more vulnerabilities in Microsoft’s IoT security solution.
25 August 2020

FBI informant provides a glimpse into the inner workings of tech support scams

Court documents expose how tech support scammers operate.
25 August 2020

Election Security's Sticky Problem: Attackers Who Don't Attack Votes

Election Security's Sticky Problem: Attackers Who Don't Attack Votes If election defenders are protecting votes, and adversaries are attacking something else entirely, both sides might claim success, "Operation BlackOut" simulation shows.
25 August 2020

Phishing Attack Used Box to Land in Victim Inboxes

A phishing attack targeting government and security organizations used a legitimate Box page with Microsoft 365 branding to trick victims.
25 August 2020

Online Business Fraud Down, Consumer Fraud Up

Criminals are changing tactics to match changing business conditions in the coronavirus pandemic, according to a new report.
25 August 2020

FBI, CISA warn of spike in vishing attacks

Cybercriminals increasingly take aim at teleworkers, setting up malicious duplicates of companies' internal VPN login pages

The post FBI, CISA warn of spike in vishing attacks appeared first on WeLiveSecurity

25 August 2020

Three Easy Ways to Avoid Meow-like Database Attacks

The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
25 August 2020