Cybersecurity News
You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius
Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.
DEA Investigating Breach of Law Enforcement Data Portal
The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks
The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.
10 reasons why we fall for scams
The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud
The post 10 reasons why we fall for scams appeared first on WeLiveSecurity
Perspectives from India: FinTechs
The Fintech market in India is rapidly growing and changing the entire ecosystem of the Indian banking system and the economy. On this blog we talk about payment security from the perspective of India with two leading Indian FinTech service providers – CRED and In Solution Global Pvt Ltd. Here we talk with Nitin Bhatnagar, Associate Director, India, PCI SSC, Himanshu Kumar Das, Head of Security, Risk & Compliance, CRED, and Adelia Castelino Co-founder Managing Director, In Solution Global Pvt Ltd. about FinTech market trends in India, the cyber threat landscape and industry involvement opportunities for the region.
How to delete yourself from internet search results and hide your identity online
Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.Intel Memory Bug Poses Risk for Hundreds of Products
Dell and HP were among the first to release patches and fixes for the bug.
Novel Phishing Trick Uses Weird Links to Bypass Spam Filters
A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.
Actively Exploited Zero-Day Bug Patched by Microsoft
Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.
Ransomware Deals Deathblow to 157-year-old College
Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.
Opportunity out of crisis: Tapping the Great Resignation to close the cybersecurity skills gap
What can organizations do to capitalize on the current fluidity in the job market and bring fresh cybersecurity talent into the fold?
The post Opportunity out of crisis: Tapping the Great Resignation to close the cybersecurity skills gap appeared first on WeLiveSecurity
Microsoft Patch Tuesday, May 2022 Edition
Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month's patch batch includes fixes for seven "critical" flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.Hackers Actively Exploit F5 BIG-IP Bug
The bug has a severe rating of 9.8, public exploits are released.
Conti Ransomware Attack Spurs State of Emergency in Costa Rica
The threat group has leaked data that it claims was stolen in the breach and is promising more government-targeted attacks.
Low-rent RAT Worries Researchers
Researchers say a hacker is selling access to quality malware for chump change.
FBI: Rise in Business Email-based Attacks is a $43B Headache
A huge spike in fraudulent activities related to attacks leveraging business email accounts is a billion-dollar-problem.
Podcast: The State of the Secret Sprawl
In this podcast with Mackenzie Jackson, developer advocate at GitGuardian, we dive into the report and also the issues that corporations face with public leaks from groups like Lapsus and more, as well as ways that developers can keep their code safe.
Common LinkedIn scams: Beware of phishing attacks and fake job offers
LinkedIn scammers attack when we may be at our most vulnerable – here’s what to look out for and how to avoid falling victim to fraud when using the platform
The post Common LinkedIn scams: Beware of phishing attacks and fake job offers appeared first on WeLiveSecurity
Your Phone May Soon Replace Many of Your Passwords
Apple, Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Experts say the changes should help defeat many types of phishing attacks and ease the overall password burden on Internet users, but caution that a true passwordless future may still be years away for most websites.Defending against APT attacks – Week in security with Tony Anscombe
The conflict in Ukraine has highlighted the risks of cyberespionage attacks that typically involve Advanced Persistent Threat groups and often target organizations' most valuable data
The post Defending against APT attacks – Week in security with Tony Anscombe appeared first on WeLiveSecurity
