Cybersecurity News


Why cloud security is the key to unlocking value from hybrid working

How can companies and employees who start to adapt to hybrid working practices protect themselves against cloud security threats?

The post Why cloud security is the key to unlocking value from hybrid working appeared first on WeLiveSecurity

05 August 2021

‘I’m Calling About Your Car Warranty’, aka PII Hijinx

‘I’m Calling About Your Car Warranty’, aka PII Hijinx Black Hat: Researchers created 300 fake identities, signed them up on 185 legit sites, then tracked how much the sites used signup PII to pester the accounts.
04 August 2021

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms

Black Hat: Security Bugs Allow Takeover of Capsule Hotel Rooms A researcher was able to remotely control the lights, bed and ventilation in "smart" hotel rooms via Nasnos vulnerabilities.
04 August 2021

Black Hat: This is how a naive NSA staffer helped build an offensive UAE security branch

If that job offer looks too good to be true, something else may be afoot.
04 August 2021

Black Hat: Let’s All Help Cyber-Immunize Each Other

Black Hat: Let’s All Help Cyber-Immunize Each Other We're selfish if we're only mitigating our own stuff, said Black Hat USA 2021 keynoter Jeff Moss. Let's be like doctors battling COVID and work for herd immunity.
04 August 2021

Bob had a bad night: IoT mischief takes neighbourly revenge to the next level in a capsule hotel

When you hand over control of capsule bedrooms to guests, you also offer them the means to troll others.
04 August 2021

The Graph Foundation launches bug bounty program

Bugs in scope include RCE and those leading to the loss of user funds.
04 August 2021

Black Hat 2021 – non‑virtual edition

How is Black Hat USA 2021 different from the past editions of the conference and what kinds of themes may steal the show this year?

The post Black Hat 2021 – non‑virtual edition appeared first on WeLiveSecurity

04 August 2021

Phishing Campaign Dangles SharePoint File-Shares

Phishing Campaign Dangles SharePoint File-Shares Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.
04 August 2021

We COVID-Clicked on Garbage, Report Finds: Podcast

We COVID-Clicked on Garbage, Report Finds: Podcast Were we work-from-home clicking zombies? Steganography attacks snagged three out of eight recipients. Nasty CAPTCHAs suckered 50 times more clicks during 2020.
04 August 2021

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.
03 August 2021

Ransomware Volumes Hit Record Highs as 2021 Wears On

Ransomware Volumes Hit Record Highs as 2021 Wears On The second quarter of the year saw the highest volumes of ransomware attacks ever, with Ryuk leading the way.
03 August 2021

Back-to-Basics: Keep Software Patched

 

As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on keeping software patched.

03 August 2021

Raccoon Stealer Bundles Malware, Propagates Via Google SEO

Raccoon Stealer Bundles Malware, Propagates Via Google SEO An update to the stealer-as-a-service platform hides in pirated software, pilfers crypto-coins and installs a software dropper for downloads of more malware.
03 August 2021

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery

‘DeadRinger’ Targeted Exchange Servers Long Before Discovery Cyberespionage campaigns linked to China attacked telecoms via ProxyLogon bugs, stealing call records and maintaining persistence, as far back as 2017.
03 August 2021

Raccoon stealer-as-a-service will now try to grab your cryptocurrency

The malware has been upgraded to target even more financial information.
03 August 2021

DeadRinger: Chinese APTs strike major telecommunications companies

Previously unknown campaigns center around "Chinese state interests."
03 August 2021

‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics

‘PwnedPiper’: Devastating Bugs in >80% of Hospital Pneumatics Podcast: Blood samples aren’t martinis. You can’t shake them. But bugs in pneumatic control systems could lead to that, RCE or ransomware.
02 August 2021

Part One: Conceptual Differences Between SSF and PA-DSS


To assist stakeholders in their migration from PA-DSS to the Software Security Framework, PCI Security Standards Council (PCI SSC) is publishing a series of blog posts to guide payment software vendors and assessors through the key differences between PA-DSS and the SSF. In Part One of our multi-part blog series, PCI SSC’s Sr. Manager, Public Relations Alicia Malone sits down with PCI SSC’s Sr. Manager, Emerging Standards Jake Marcinko to discuss some of the conceptual differences between PA-DSS and the Software Security Framework that stakeholders should be aware of as they work to transition between programs.

02 August 2021

Chipotle Emails Serve Up Phishing Lures

Chipotle Emails Serve Up Phishing Lures Mass email distribution service compromise mirrors earlier Nobelium attacks.
02 August 2021