Cybersecurity News


When Your Smart ID Card Reader Comes With Malware

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder's appropriate security level. But many government employees aren't issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here's one example.
17 May 2022

Sysrv-K Botnet Targets Windows, Linux

Sysrv-K Botnet Targets Windows, Linux Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.
17 May 2022

iPhones Vulnerable to Attack Even When Turned Off

iPhones Vulnerable to Attack Even When Turned Off Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.
17 May 2022

Paving the Way: Inspiring Women in Payments - A Q&A featuring Jennifer Boyd

 

When Jennifer Boyd started her career in Information Technology many years ago, she was one of only a few women in her department. At that time, like in many other professions, technology was perceived as more of a gender-specific role. In this edition of our blog, Jennifer explains how she pursued the career she loved despite the challenges, and why she believes more women will be encouraged to join the industry as they see other women simply leading by example.

16 May 2022

Are period tracking apps safe?

Opinion: The convenience isn't worth the risk.
16 May 2022

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors

Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors Microsoft's May Patch Tuesday update is triggering authentication errors.
16 May 2022

Researchers warn of APTs, data leaks as serious threats against UK financial sector

Researchers say geopolitical threats are far from the only concern.
16 May 2022

The downside of ‘debugging’ ransomware

The decision to release a ransomware decryptor involves a delicate balancing act between helping victims recover their data and alerting criminals to errors in their code

The post The downside of ‘debugging’ ransomware appeared first on WeLiveSecurity

16 May 2022

How to spot and avoid a phishing attack – Week in security with Tony Anscombe

Can you spot the tell-tale signs of a phishing attempt and check if an email that has landed in your inbox is legit?

The post How to spot and avoid a phishing attack – Week in security with Tony Anscombe appeared first on WeLiveSecurity

13 May 2022

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.
13 May 2022

Malware Builder Leverages Discord Webhooks

Malware Builder Leverages Discord Webhooks Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.
12 May 2022

You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius

You Can’t Eliminate Cyberattacks, So Focus on Reducing the Blast Radius Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.
12 May 2022

DEA Investigating Breach of Law Enforcement Data Portal

The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.
12 May 2022

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.
12 May 2022

10 reasons why we fall for scams

The ‘it won’t happen to me’ mindset leaves you unprepared – here are some common factors that put any of us at risk of online fraud

The post 10 reasons why we fall for scams appeared first on WeLiveSecurity

12 May 2022

Perspectives from India: FinTechs

 

The Fintech market in India is rapidly growing and changing the entire ecosystem of the Indian banking system and the economy. On this blog we talk about payment security from the perspective of India with two leading Indian FinTech service providers – CRED and In Solution Global Pvt Ltd. Here we talk with Nitin Bhatnagar, Associate Director, India, PCI SSC, Himanshu Kumar Das, Head of Security, Risk & Compliance, CRED, and Adelia Castelino Co-founder Managing Director, In Solution Global Pvt Ltd. about FinTech market trends in India, the cyber threat landscape and industry involvement opportunities for the region.

11 May 2022

How to delete yourself from internet search results and hide your identity online

Here is a step-by-step guide to reducing your digital footprint online, whether you want to lock down data or vanish entirely.
11 May 2022

Intel Memory Bug Poses Risk for Hundreds of Products

Intel Memory Bug Poses Risk for Hundreds of Products Dell and HP were among the first to release patches and fixes for the bug.
11 May 2022

Novel Phishing Trick Uses Weird Links to Bypass Spam Filters

Novel Phishing Trick Uses Weird Links to Bypass Spam Filters A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.
11 May 2022

Actively Exploited Zero-Day Bug Patched by Microsoft

Actively Exploited Zero-Day Bug Patched by Microsoft Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.
11 May 2022