Cybersecurity News
A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity
ESET researchers reveal a detailed profile of TA410: we believe this cyberespionage umbrella group consists of three different teams using different toolsets, including a new version of the FlowCloud espionage backdoor discovered by ESET.
The post A lookback under the TA410 umbrella: Its cyberespionage TTPs and activity appeared first on WeLiveSecurity
Millions of Java Apps Remain Vulnerable to Log4Shell
Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.
Bronze President spies on Russian targets as Ukraine invasion continues
It's not necessarily because Russia is considered hostile, however.PCI DSS v4.0 is Now Available: Resources and Engagement Events
Welcome to our podcast series, Coffee with The Council. I'm Alicia Malone, senior manager of public relations for the PCI Security Standards Council. Today we'll be talking about resources and upcoming engagement events pertaining to the recent release of version four of the PCI Data Security Standard, or PCI DSS. My guests for this episode are Elizabeth Terry, senior manager of community engagement at PCI SSC and Lindsay Goodspeed, senior manager of corporate communications at PCI SSC. Welcome to both of you!
Firms Push for CVE-Like Cloud Bug System
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.
Nation-state Hackers Target Journalists with Goldbackdoor Malware
A campaign by APT37 used a sophisticated malware to steal information about sources , which appears to be a successor to Bluelight.
The trouble with BEC: How to stop the costliest internet scam
BEC fraud generated more losses for victims than any other type of cybercrime in 2021. It’s long past time that organizations got a handle on these scams.
The post The trouble with BEC: How to stop the costliest internet scam appeared first on WeLiveSecurity
No government and customer data was accessed.
Webcam hacking: How to know if someone may be spying on you through your webcam
Camfecting doesn’t ‘just’ invade your privacy – it could seriously impact your mental health and wellbeing. Here’s how to keep an eye on your laptop camera.
The post Webcam hacking: How to know if someone may be spying on you through your webcam appeared first on WeLiveSecurity
Cybersecurity threats to critical infrastructure – Week in security with Tony Anscombe
As the Five Eyes nations warn of attacks against critical infrastructure, we look at the potentially cascading effects of such attacks and how essential systems and services can ramp up their defense
The post Cybersecurity threats to critical infrastructure – Week in security with Tony Anscombe appeared first on WeLiveSecurity
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the world’s largest tech companies ultimately led to the group’s undoing.Zero-Trust For All: A Practical Guide
How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures.
Skeletons in the Closet: Security 101 Takes a Backseat to 0-days
Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents most breaches.
LemonDuck botnet plunders Docker cloud instances in cryptocurrency crime wave
For as long as crypto is lucrative, cyberattackers will try to cash in.Beanstalk DeFi project robbed of $182 million in flash loan attack
Reserves were drained after the attacker awarded themselves voting rights.Hive hackers are exploiting Microsoft Exchange Servers in ransomware spree
In one case, it took them less than 72 hours to infiltrate and hold a company to ransom.Warrior Trading forced to pay $3 million for 'misleading' day trading scheme
The FTC says the firm's owner made "bogus money-making claims."Critical infrastructure: Under cyberattack for longer than you might think
Lessons from history and recent attacks on critical infrastructure throw into sharp relief the need to better safeguard our essential systems and services
The post Critical infrastructure: Under cyberattack for longer than you might think appeared first on WeLiveSecurity
Most Email Security Approaches Fail to Block Common Threats
A full 89 percent of organizations experienced one or more successful email breaches during the previous 12 months, translating into big-time costs.
Is your Lenovo laptop vulnerable to cyberattack?
Here’s what to know about vulnerabilities in more than 100 Lenovo consumer laptop models and what you can do right away to stay safe – all in under three minutes
The post Is your Lenovo laptop vulnerable to cyberattack? appeared first on WeLiveSecurity
