Cybersecurity News


Week in security with Tony Anscombe

Under the hood of Wslink's VM – The energy sector & cyber-risk – SMB cybersecurity survival tips

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

01 April 2022

Apple Rushes Out Patches for 0-Days in MacOS, iOS

Apple Rushes Out Patches for 0-Days in MacOS, iOS The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.
01 April 2022

Chinese hackers Deep Panda return with Log4Shell exploits, new Fire Chili rootkit

Log4Shell is being exploited to deploy the kernel rootkit.
01 April 2022

Zyxel urges customers to patch critical firewall bypass vulnerability

The vendor has issued a severity score of 9.8.
01 April 2022

The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities

The flaws can be exploited to execute code on vulnerable controllers and workstations.
01 April 2022

Cybersecurity survival tips for small businesses: 2022 edition

How can businesses that lack the resources and technological expertise of large organizations hold the line against cybercriminals?

The post Cybersecurity survival tips for small businesses: 2022 edition appeared first on WeLiveSecurity

01 April 2022

Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate's most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.
31 March 2022

Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks

Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.
31 March 2022

Meet BlackGuard: a new infostealer peddled on Russian hacker forums

Sophisticated, but potentially cheap.
31 March 2022

Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn

Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges.
31 March 2022

PCI DSS v4.0 Resource Hub

 

PCI Data Security Standard (PCI DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect account data. The next evolution of the standard- PCI DSS v4.0- is now available.

This PCI DSS Resource Hub provides links to both standard documents and educational resources to help organizations become familiar with PCI DSS v4.0. Make sure to subscribe to the PCI Perspectives Blog to stay up to date on all news from PCI SSC.

31 March 2022

PCI DSS v4.0: A Conversation with the Council

 

The PCI Security Standards Council has published the PCI Data Security Standard v4.0. The standard was developed with feedback from the global payments industry and provides a baseline of technical and operational requirements designed to protect account data. The standard was developed with the following priorities in mind:

31 March 2022

QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug

QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.
31 March 2022

A Blockchain Primer and a Bored Ape Headscratcher – Podcast

A Blockchain Primer and a Bored Ape Headscratcher – Podcast Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.
31 March 2022

Cybersecurity managers with a direct line to executive boards set the tone for investment: study

Moody's examines how incident response and defense have implications for the market.
31 March 2022

Globant admits to data breach after Lapsus$ releases source code

The hacking group criticized Globant's "poor security practices."
31 March 2022

Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn

Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in literally millions of Java applications.
30 March 2022

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.
30 March 2022

Lapsus$ ‘Back from Vacation’

Lapsus$ ‘Back from Vacation’ Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers' DevOps platforms – to its hit list.
30 March 2022

Google Chrome Bug Actively Exploited as Zero-Day

Google Chrome Bug Actively Exploited as Zero-Day The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
30 March 2022