Cybersecurity News
Joomla team discloses data breach
Joomla says a team member left an unencrypted backup of the JRD portal on a private AWS S3 bucket.31 May 2020
Hacker leaks database of dark web hosting provider
Leaked data contains email addresses, site admin passwords, and .onion domain private keys.31 May 2020
Career Choice Tip: Cybercrime is Mostly Boring
When law enforcement agencies tout their latest cybercriminal arrest, the defendant is often cast as a bravado outlaw engaged in sophisticated, lucrative, even exciting activity. But new research suggests that as cybercrime has become dominated by pay-for-service offerings, the vast majority of day-to-day activity needed to support these enterprises is in fact mind-numbingly boring and tedious, and that highlighting this reality may be a far more effective way combat cybercrime and steer offenders toward a better path.29 May 2020
Bank of America Security Incident Affects PPP Applicants
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.29 May 2020
Steganography Anchors Pinpoint Attacks on Industrial Targets
Ongoing spear-phishing attacks aim at stolen Windows credentials for ICS suppliers worldwide.
29 May 2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Mobile providers don't often update users when applications are not supported by developers, security firm says.29 May 2020
Cisco Announces Patches to SaltStack
The patches came after Cisco was notified by the Salt Open Core team that the vulnerabilities and updates were available.29 May 2020
NTT Communications Data Breach Affects Customers, Threatens Supply Chain
Attackers managed to compromise NTT Communication’s Active Directory server and a construction information management server.
29 May 2020
NSA Warns of Sandworm Backdoor Attacks on Mail Servers
The Russian spy group, a.k.a. BlackEnergy, is actively compromising Exim mail servers via a critical security vulnerability.
29 May 2020
Week in security with Tony Anscombe
New ESET research into Turla's malicious toolkit – GDPR turns two – Critical flaw in Android devices
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
29 May 2020
PCI DSS v4.0: Anticipated Timelines and Latest Updates
Industry feedback, together with the changes in payments, technology, and security, is driving our approach to PCI DSS v4.0. In discussions with industry stakeholders, we have received a number of questions about PCI DSS v4.0. Below we interview Lauren Holloway, Director, Data Security Standards, who answers some key questions about what is happening with PCI DSS v4.0.
29 May 2020
Digital Distancing with Microsegmentation
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.29 May 2020
Request for Comments: PIN v3.1 Standard Draft
From 29 May 2020 to 30 June 2020, PCI SSC stakeholders can participate in a Request for Comments (RFC) on PIN v3.1 Standard draft.
29 May 2020
‘Hack-For-Hire’ Firms Spoof WHO To Target Google Credentials
Google TAG report reveals that "hack for hire" firms are tapping into the coronavirus pandemic via WHO phishing lures.
29 May 2020
ACLU Sues Clearview AI Over Faceprint Collection, Sale
Watchdog group said company has violated the Illinois BIPA and ‘will end privacy as we know it’ without intervention.
29 May 2020
NCA launches UK ad campaign to divert kids searching for cybercrime tools
DDoS-for-hire and Trojan-related searches are on the agency’s radar.29 May 2020
Judge demands Capital One release Mandiant cyberforensic report on data breach
Attorneys suing the company will now have access to the report in preparation for a potential trial.29 May 2020
GitHub warns Java developers of new malware poisoning NetBeans projects
The malware's end goal was to install a remote access trojan and grant hackers access to highly sensitive workstations were sensitive projects were being developed.29 May 2020