Cybersecurity News
Redefining What CISO Success Looks Like
Key to this new definition is the principle that security programs are designed to minimize business risk, not to achieve 100% no-risk.28 August 2020
Sendgrid Under Siege from Hacked Accounts
Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and abused for sending phishing and email malware attacks. Sendgrid's parent company Twilio says it is working on a plan to require multi-factor authentication for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime.28 August 2020
DoJ Aims to Seize 280 Cryptocurrency Accounts Used by Hackers
Complaint details collaboration with China to funnel $250m in stolen funds as part of state-sponsored attacks.
28 August 2020
Former engineer pleads guilty to Cisco network damage, causing Webex Teams account chaos
The engineer was responsible for damage that cost Cisco $2.4 million to rectify.28 August 2020
Academics bypass PINs for Visa contactless payments
Researchers: "In other words, the PIN is useless in Visa contactless transactions."27 August 2020
Elon Musk confirms Russian hacking plot targeted Tesla factory
A Russian hacker tried to recruit a Tesla employee working for the company's factory in Sparks, Nevada.27 August 2020
Is China the World's Greatest Cyber Power?
While the US, Russia, Israel, and several European nations all have sophisticated cyber capabilities, one threat intelligence firm argues that China's aggressive approach to cyber operations has made it "perhaps the world's greatest cyber power."27 August 2020
DDoS Attacks Halt NZ Exchange Trading for Third Day
New Zealand Exchange officials say the motive for the attacks is unclear.27 August 2020
Vulnerability Volume Poised to Overwhelm Infosec Teams
The collision of Microsoft and Oracle patches on the same day has contributed to risk and stress for organizations.27 August 2020
Ex-Cisco Employee Pleads Guilty to Deleting 16K Webex Teams Accounts
Former Cisco employee Sudhish Kasaba Ramesh admitted to accessing Cisco’s cloud infrastructure and deleting 16,000 Webex Teams employee accounts.
27 August 2020
US sues to recover cryptocurrency funds stolen by North Korean hackers
US officials are going after 280 BTC and ETH accounts storing funds North Korean hackers stole from two cryptocurrency exchanges.27 August 2020
Old Malware Tool Acquires New Tricks
Latest version of Qbot has acquired a new feature for collecting email threads from Outlook clients.27 August 2020
Fastly to Acquire Signal Sciences for $775M
Signal Sciences' technology will be used to build a new web application and API security tool called Secure@Edge.27 August 2020
Facebook sues maker of advertising SDK for refusing to participate in audit
Facebook also sued the operator of a website selling Instagram followers, likes, and comments.27 August 2020
The Inside Threat from Psychological Manipulators
How internal manipulators can actually degrade your organization's cyber defense, and how to defend against them.27 August 2020
Iranian hackers impersonate journalists to set up WhatsApp calls and gain victims' trust
Iranian hackers impersonated journalists from German TV Deutsche Welle and Israeli magazine Jewish Journal, and the Wall Street Journal in earlier attacks this year.27 August 2020
Confessions of an ID Theft Kingpin, Part II
Yesterday's piece told the tale of Hieu Minh Ngo, a hacker the U.S. Secret Service described as someone who caused more material financial harm to more Americans than any other convicted cybercriminal. Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good. Here's a look at what happened after he got busted.27 August 2020
Facebook Hits Back At Apple’s iOS 14 Privacy Update
While privacy experts praised Apple’s upcoming iOS 14 updates, Facebook said the new features could cut its advertising business in half.
27 August 2020
DDoS extortion campaign targets financial firms, retailers
The extortionists attempt to scare the targets into paying by claiming to represent some of the world’s most notorious APT groups
The post DDoS extortion campaign targets financial firms, retailers appeared first on WeLiveSecurity
27 August 2020
Magecart’s Success Paves Way For Cybercriminal Credit Card ‘Sniffer’ Market
Magecart's successes have led to threat actors actively advertising 'sniffers' that can be injected into e-commerce websites in order to exfiltrate payment cards.
27 August 2020
