Cybersecurity News


Apple's Safety Check combats domestic abuse but timing its use is critical

The feature is useful but has its limitations in fighting domestic and intimate partner violence.
07 June 2022

KrebsOnSecurity in New Netflix Series on Cybercrime

Netflix has a new documentary series airing next week -- "Web of Make Believe: Death, Lies & the Internet" -- in which Yours Truly apparently has a decent amount of screen time. The debut episode explores the far-too-common harassment tactic of "swatting" -- wherein fake bomb threats or hostage situations are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address.
07 June 2022

Cyber Risk Retainers: Not Another Insurance Policy

Cyber Risk Retainers: Not Another Insurance Policy The costs associated with a cyberattack can be significant, especially if a company does not have an Incident Response plan that addresses risk.
07 June 2022

Conducting Modern Insider Risk Investigations

Conducting Modern Insider Risk Investigations Insider Risk Management requires a different approach than to those from external threats. IRM is unique from other domains of security in that the data sources which serve as inputs are as often people as they are tools. Shifting the analyst‘s mindset when handling risks presented by insiders requires us to move through the stages of inquiry, investigation, and determining outcomes.
07 June 2022

Follina Exploited by State-Sponsored Hackers

Follina Exploited by State-Sponsored Hackers A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.
07 June 2022

Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw

Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.
07 June 2022

Cybersecurity awareness training: What is it and what works best?

Give employees the knowledge needed to spot the warning signs of a cyberattack and to understand when they may be putting sensitive data at risk

The post Cybersecurity awareness training: What is it and what works best? appeared first on WeLiveSecurity

07 June 2022

IBM acquires Randori to streamline threat detection, bolster XDR offerings

The tech giant's latest purchase builds on the acquisition of ReaQta.
06 June 2022

Ransomware attacks have dropped. And gangs are attacking each other's victims

Research indicates victim numbers are dropping but the finance sector is experiencing more than its fair share of attacks.
06 June 2022

Sheryl Sandberg’s influence reaches all of us. But it’s a troubling legacy | Stephanie Hare

Sheryl Sandberg’s influence reaches all of us. But it’s a troubling legacy | Stephanie Hare From epic data mining to shocking failures of content moderation, Meta’s COO passes on a vast clean-up job

If you are reading this, odds are that you are one of the 2.87 billion daily users of the products offered by Meta, the parent company of Facebook, Instagram, Facebook Messenger and WhatsApp. If you are not using any of these products, you are connected to people who do use them. And this connects you to Sheryl Sandberg, who resigned last week from her role as Meta’s chief operating officer.

Even if you have never met her, interacted directly with her or read her books on corporate feminism or bereavement, Sandberg has had an impact on your life. She’s not the only reason that our data is tracked online, whether we use Meta’s products or not. Many others have helped to create and exploit an entire industry that profits from our data. What’s more, lawmakers and regulators worldwide have done little to stop this, in no small part because companies like the ones Sandberg helped run spend millions of dollars every year lobbying to prevent or water down any attempts at regulation.

Continue reading...
05 June 2022

What Counts as “Good Faith Security Research?”

The U.S. Department of Justice (DOJ) recently revised its policy on charging violations of the Computer Fraud and Abuse Act (CFAA), a 1986 law that remains the primary statute by which federal prosecutors pursue cybercrime cases. The new guidelines state that prosecutors should avoid charging security researchers who operate in “good faith” when finding and reporting vulnerabilities. But legal experts continue to advise researchers to proceed with caution, noting the new guidelines can’t be used as a defense in court, nor are they any kind of shield against civil prosecution.
03 June 2022

Key insights from ESET’s latest Threat Report – Week in security with Tony Anscombe

A review of the key trends that defined the threatscape in the first four months of 2022 and what these developments mean for your cyber-defenses

The post Key insights from ESET’s latest Threat Report – Week in security with Tony Anscombe appeared first on WeLiveSecurity

03 June 2022

100 days of war in Ukraine: How the conflict is playing out in cyberspace

It’s been 100 days since Russia invaded Ukraine, and we look back at various cyberattacks connected to the conflict

The post 100 days of war in Ukraine: How the conflict is playing out in cyberspace appeared first on WeLiveSecurity

03 June 2022

Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again

Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.'
03 June 2022

Evil Corp Pivots LockBit to Dodge U.S. Sanctions

Evil Corp Pivots LockBit to Dodge U.S. Sanctions The cybercriminal group is distancing itself from its previous branding by shifting tactics and tools once again in an aim to continue to profit from its nefarious activity.
03 June 2022

Cybersecurity in the future: Security 'by PlayStation' and IoT asbestos

WithSecure's Mikko Hyppönen shares his predictions for cybersecurity, cybercrime, and how our devices will be protected.
02 June 2022

Cybercriminals Expand Attack Radius and Ransomware Pain Points

Cybercriminals Expand Attack Radius and Ransomware Pain Points Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of "triple extortion" ransomware attacks.
02 June 2022

ESET Threat Report T 1 2022

A view of the T 1 2022 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

The post ESET Threat Report T 1 2022 appeared first on WeLiveSecurity

02 June 2022

Scammers Target NFT Discord Channel

Scammers Target NFT Discord Channel Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.
02 June 2022

International Authorities Take Down Flubot Malware Network

International Authorities Take Down Flubot Malware Network The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.
02 June 2022