Cybersecurity News


Is your Lenovo laptop vulnerable to cyberattack?

Here’s what to know about vulnerabilities in more than 100 Lenovo consumer laptop models and what you can do right away to stay safe – all in under three minutes

The post Is your Lenovo laptop vulnerable to cyberattack? appeared first on WeLiveSecurity

20 April 2022

How can we support young people in harnessing technology for progress?

Young people are not passive victims of technology or helpless addicts. They are technology creators and agents with diverse backgrounds and interests.

The post How can we support young people in harnessing technology for progress? appeared first on WeLiveSecurity

20 April 2022

Google: 2021 was a Banner Year for Exploited 0-Day Bugs

Google: 2021 was a Banner Year for Exploited 0-Day Bugs Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes.
20 April 2022

Rethinking Cyber-Defense Strategies in the Public-Cloud Age

Rethinking Cyber-Defense Strategies in the Public-Cloud Age Exploring what's next for public-cloud security, including top risks and how to implement better risk management.
19 April 2022

Paving the Way: Inspiring Women in Payments - A Q&A featuring Rema N. Deo

 

After a highly respected and widely loved company director passed away, Rema Deo was promoted into his position. Stepping into his shoes as head of a regional technology area was a challenge, made even more difficult when her peers kept comparing her with the prior chief and expected her to fail. In this edition of our blog, Rema describes how she blazed her own trail, gained respect from her peers in her own right, and would go on to become an owner of her company.

19 April 2022

‘CatalanGate’ Spyware Infections Tied to NSO Group

‘CatalanGate’ Spyware Infections Tied to NSO Group Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia.
19 April 2022

Protect Your Executives’ Cybersecurity Amidst Global Cyberwar

Protect Your Executives’ Cybersecurity Amidst Global Cyberwar In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the company’s risk of direct or collateral damage.
19 April 2022

Lenovo patches UEFI firmware vulnerabilities impacting millions of users

Three vulnerabilities could be exploited to deploy flash implants and circumvent secure boot.
19 April 2022

When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops

ESET researchers discover multiple vulnerabilities in various Lenovo laptop models that allow an attacker with admin privileges to expose the user to firmware-level malware

The post When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops appeared first on WeLiveSecurity

19 April 2022

Conti’s Ransomware Toll on the Healthcare Industry

Conti -- one of the most ruthless and successful Russian ransomware groups -- publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers. But new information confirms this pledge was always a lie, and that Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under the name "Ryuk."
18 April 2022

Cyberattackers Put the Pedal to the Medal: Podcast

Cyberattackers Put the Pedal to the Medal: Podcast Fortinet's Derek Manky discusses the exponential increase in the speed that attackers weaponize fresh vulnerabilities, where botnets and offensive automation fit in, and the ramifications for security teams.
18 April 2022

Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web

Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web Connections that show the cybercriminal teams are working together signal shifts in their respective tactics and an expansion of opportunities to target victims.
15 April 2022

The Threat of Ransomware Attacks

 

Ransomware attacks continue to present a serious threat to businesses. On the blog, we cover basic questions with Christopher D. Roberti, Senior Vice President for Cyber, Intelligence, and Supply Chain Security Policy at the U.S. Chamber of Commerce and PCI SSC Executive Director Lance Johnson about this threat to businesses across the U.S. and around the world and how to better guard against this attack.

14 April 2022

Feds: APTs Have Tools That Can Take Over Critical Infrastructure

Feds: APTs Have Tools That Can Take Over Critical Infrastructure Threat actors have developed custom modules to compromise various ICS devices as well as Windows workstations that pose an imminent threat, particularly to energy providers.
14 April 2022

Week in security with Tony Anscombe

Ukrainian energy provider targeted by Industroyer2 – ESET helps disrupt Zloader botnets – Where do new ideas come from and how are they spread?

The post Week in security with Tony Anscombe appeared first on WeLiveSecurity

14 April 2022

Meet ZingoStealer: the Haskers Gang's new, free malware

ZingoStealer is able to spread cryptocurrency mining malware.
14 April 2022

US federal alert warns of the discovery of malicious cyber tools

US federal alert warns of the discovery of malicious cyber tools

Cybersecurity officials said the evidence suggests Russia is behind the tools – configured to target North American energy concerns

Multiple US government agencies issued a joint alert Wednesday warning of the discovery of malicious cyber tools created by unnamed advanced threat actors that they said were capable of gaining “full system access” to multiple industrial control systems.

The public alert from the Energy and Homeland Security departments, the FBI and National Security Agency did not name the actors or offer details on the find. But their private sector cybersecurity partners said the evidence suggests Russia is behind the tools – and that they were configured to initially target North American energy concerns.

Continue reading...
13 April 2022

At a Glance: PCI DSS v4.0

 

PCI Data Security Standard (PCI DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect account data. The next evolution of the standard- PCI DSS v4.0- is now available.

13 April 2022

Home Office’s visa service apologises for email address data breach

Home Office’s visa service apologises for email address data breach

Private contractor running service sent email to applicants containing more than 170 email addresses

The Home Office’s visa service has apologised for a data breach in which the email addresses of more than 170 people were mistakenly copied into an email circulated last week.

More than 170 email addresses were accidentally copied into a message on 7 April 2022 about the change of location for a visa appointment with the UK Visa and Citizenship Application Service. The UKVCAS is run on behalf of the Home Office by the private contractor Sopra Steria. Some of the email addresses appeared to be private Gmail accounts, while others belonged to lawyers from a variety of firms.

Continue reading...
13 April 2022

ESET takes part in global operation to disrupt Zloader botnets

ESET researchers provided technical analysis, statistical information, and known command and control server domain names and IP addresses

The post ESET takes part in global operation to disrupt Zloader botnets appeared first on WeLiveSecurity

13 April 2022