Cybersecurity News
Bug in ‘Sign in with Apple’ could have allowed account hijacking
The tech giant rewards the bug bounty hunter who found the severe flaw in its login mechanism with US$100,000
The post Bug in ‘Sign in with Apple’ could have allowed account hijacking appeared first on WeLiveSecurity
Hosting Provider’s Database of Crooked Customers Leaked
Database of sensitive info, including emails and passwords, from owners of Daniel’s Hosting portals could be incriminating.
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Without the right tools and with not enough cybersecurity pros to fill the void, the talent gap will continue to widen.Researcher lands $100,000 reward for ‘Sign in with Apple’ authentication bypass bug
User accounts could be hijacked through missing validation processes on Apple servers.3 things to discuss with your kids before they join social media
What are some of the key things your children should know about before they make their first foray into social media?
The post 3 things to discuss with your kids before they join social media appeared first on WeLiveSecurity
Joomla team discloses data breach
Joomla says a team member left an unencrypted backup of the JRD portal on a private AWS S3 bucket.Hacker leaks database of dark web hosting provider
Leaked data contains email addresses, site admin passwords, and .onion domain private keys.Career Choice Tip: Cybercrime is Mostly Boring
When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offenders toward a better path.Bank of America Security Incident Affects PPP Applicants
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.Steganography Anchors Pinpoint Attacks on Industrial Targets
Ongoing spear-phishing attacks aim at stolen Windows credentials for ICS suppliers worldwide.
Abandoned Apps May Pose Security Risk to Mobile Devices
Mobile providers don't often update users when applications are not supported by developers, security firm says.Cisco Announces Patches to SaltStack
The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available.NTT Communications Data Breach Affects Customers, Threatens Supply Chain
Attackers managed to compromise NTT Communication’s Active Directory server and a construction information management server.
NSA Warns of Sandworm Backdoor Attacks on Mail Servers
The Russian spy group, a.k.a. BlackEnergy, is actively compromising Exim mail servers via a critical security vulnerability.
Week in security with Tony Anscombe
New ESET research into Turla's malicious toolkit – GDPR turns two – Critical flaw in Android devices
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
PCI DSS v4.0: Anticipated Timelines and Latest Updates
Industry feedback, together with the changes in payments, technology, and security, is driving our approach to PCI DSS v4.0. In discussions with industry stakeholders, we have received a number of questions about PCI DSS v4.0. Below we interview Lauren Holloway, Director, Data Security Standards, who answers some key questions about what is happening with PCI DSS v4.0.
Digital Distancing with Microsegmentation
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.Request for Comments: PIN v3.1 Standard Draft
From 29 May 2020 to 30 June 2020, PCI SSC stakeholders can participate in a Request for Comments (RFC) on PIN v3.1 Standard draft.
‘Hack-For-Hire’ Firms Spoof WHO To Target Google Credentials
Google TAG report reveals that "hack for hire" firms are tapping into the coronavirus pandemic via WHO phishing lures.