Cybersecurity News


6 Signs Your Supply Chain Risk Just Shot Up

6 Signs Your Supply Chain Risk Just Shot Up Risk levels are not steady states. Here are six indications that the danger posed by your supply chain is headed in the wrong direction.
26 August 2020

Confessions of an ID Theft Kingpin, Part I

At the height of his cybercriminal career, the hacker known as "Hieupc" was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the world's top data brokers. That is, until his greed and ambition played straight into an elaborate snare set by the U.S. Secret Service. Now, after more than seven years in prison Hieupc is back in his home country and hoping to convince other would-be cybercrooks to use their computer skills for good.
26 August 2020

A quarter of the Alexa Top 10K websites are using browser fingerprinting scripts

Academics also discover many new previously unreported JavaScript APIs that are currently being used to fingerprint users.
26 August 2020

The 'Shared Responsibility' Misnomer: Why the Cloud Continues to Confound

Under the "shared responsibility model," the security management of cloud offerings is split equally between the vendor and the customer. Easy enough, right?
26 August 2020

Russian National Arrested for Conspiracy to Hack Nevada Company

The defendant allegedly planned to pay an employee $1 million to infect the company network with malware.
26 August 2020

Hackers Exploit Autodesk Flaw in Recent Cyberespionage Attack

Hackers Exploit Autodesk Flaw in Recent Cyberespionage Attack The popular Autodesk software was exploited in a recent cyberespionage campaign against an international architectural company.
26 August 2020

New Chrome, Firefox versions fix security bugs, bring productivity features

Chrome gets a new way of managing tabs while Firefox now features a new add-ons blocklist

The post New Chrome, Firefox versions fix security bugs, bring productivity features appeared first on WeLiveSecurity

26 August 2020

Two members of movie piracy group 'Sparks' arrested in Cyprus and the US

Investigators said the group posed as real-world DVD/Blu-Ray retailers to obtain and leak unreleased movies and TV shows.
26 August 2020

Disinformation Spurs a Thriving Industry as U.S. Election Looms

Disinformation Spurs a Thriving Industry as U.S. Election Looms Threat actors are becoming increasingly sophisticated in launching disinformation campaigns - and staying under the radar to avoid detection from Facebook, Twitter and other platforms.
26 August 2020

With More Use of Cloud, Passwords Become Even Weaker Link

Slow patching provides vulnerabilities to exploit. A lack of network segmentation allows unrestricted lateral movement. Yet a report surveying a year of penetration tests finds that passwords still top the list of what attackers use to compromise systems.
26 August 2020

PCI DSS in Practice Case Study: Cielo

 

In this PCI DSS in Practice Case Study, Brazil Regional Engagement Board Member Cielo shares the challenge of dealing with legacy systems that did not have adequate controls to meet PCI DSS. The company recognized that training employees on security awareness and the support of senior management were essential to address these challenges.

26 August 2020

Deep Fake: Setting the Stage for Next-Gen Social Engineering

Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
26 August 2020

Medical Data Leaked on GitHub Due to Developer Errors

Medical Data Leaked on GitHub Due to Developer Errors Up to 200,000 patient records from Office 365 and Google G Suite exposed by hardcoded credentials and other improper access controls.
26 August 2020

How to Write a Cybersecurity Playbook During a Pandemic

How to Write a Cybersecurity Playbook During a Pandemic IT teams have had to learn to be dynamic as workforces continue to shift strategies while COVID-19 drags on.
26 August 2020

Mercenary hacker group targets companies with 3Ds Max malware

Hacker-for-hire group uses a malicious 3Ds Max plugin to infect companies with malware and steal proprietary information.
26 August 2020

Russian arrested for trying to recruit an insider and hack a Nevada company

A Russian national traveled to the US to recruit and convince an employee of a Nevada company to install malware on the company's network.
25 August 2020

Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform

Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform Researchers have unearthed more vulnerabilities in Microsoft’s IoT security solution.
25 August 2020

FBI informant provides a glimpse into the inner workings of tech support scams

Court documents expose how tech support scammers operate.
25 August 2020

Election Security's Sticky Problem: Attackers Who Don't Attack Votes

Election Security's Sticky Problem: Attackers Who Don't Attack Votes If election defenders are protecting votes, and adversaries are attacking something else entirely, both sides might claim success, "Operation BlackOut" simulation shows.
25 August 2020

Phishing Attack Used Box to Land in Victim Inboxes

A phishing attack targeting government and security organizations used a legitimate Box page with Microsoft 365 branding to trick victims.
25 August 2020