Cybersecurity News
Being prepared for adversarial attacks
There is no question that the level of threats facing today’s businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, Fortinet’s […]
Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.
Talking to children about the internet: A kid’s perspective
A 14-year-old shares his thoughts about technology and the potential privacy and security implications of the internet
The post Talking to children about the internet: A kid’s perspective appeared first on WeLiveSecurity
Costa Rica May Be Pawn in Conti Ransomware Group’s Bid to Rebrand, Evade Sanctions
Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive. The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti. Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia.EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.
ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.
Zero-Day ‘Follina’ Bug Lays Older Microsoft Office Versions Open to Attack
Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.
Keeping it real: Don’t fall for lies about the war
Falsehoods about the war in Ukraine come in all shapes and sizes – here are a few examples of what’s in the fake news
The post Keeping it real: Don’t fall for lies about the war appeared first on WeLiveSecurity
Scams targeting NFT investors – Week in security with Tony Anscombe
As with everything digital, there's someone, somewhere devising a method to steal the assets away from their rightful owners
The post Scams targeting NFT investors – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Critical Flaws in Popular ICS Platform Can Trigger RCE
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.
Cybersecurity: A global problem that requires a global answer
New and exacerbated cyber-risks following Russia’s invasion of Ukraine are fueling a new urgency towards enhancing resilience
The post Cybersecurity: A global problem that requires a global answer appeared first on WeLiveSecurity
Some QCT servers vulnerable to 'Pantsdown' flaw say security researchers
The vulnerability, now patched, was issued a critical severity score of 9.8.ESET Research Podcast: UEFI in crosshairs of ESPecter bootkit
Listen to Aryeh Goretsky, Martin Smolár, and Jean-Ian Boutin discuss what UEFI threats are capable of and what the ESPecter bootkit tells us about their evolution
The post ESET Research Podcast: UEFI in crosshairs of ESPecter bootkit appeared first on WeLiveSecurity
Cybergang Claims REvil is Back, Executes DDoS Attacks
Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.
PCI DSS v4.0: A Regional Perspective from Brazil
After nearly six years with the PCI Security Standards Council (PCI SSC), Carlos Caetano, Associate Director for the LA Region of Brazil, has decided to take on a new challenge with another company. The Council would like to take this opportunity to thank Carlos for his outstanding service to our organization. Under his leadership, PCI SSC held successful Latin American Forums, created the Brazil Regional Engagement Board, and established relationships with new Participating Organizations in Brazil. Carlos has served as Chair of the PCI SSC Translations Committee and has been a terrific spokesperson for the Council. PCI SSC wishes him all the very best in his future endeavors.
Link Found Connecting Chaos, Onyx and Yashma Ransomware
A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.
Zoom Patches ‘Zero-Click’ RCE Bug
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
Verizon Report: Ransomware, Human Error Among Top Security Risks
2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.
5 reasons why GDPR was a milestone for data protection
The landmark regulation changed everyone’s mindset on how companies worldwide collect and use the personal data of EU citizens
The post 5 reasons why GDPR was a milestone for data protection appeared first on WeLiveSecurity
Fronton IOT Botnet Packs Disinformation Punch
Fronton botnet has far more ability than launching DDOS attack, can track social media trends and launch suitable propaganda.