Cybersecurity News
Zyxel urges customers to patch critical firewall bypass vulnerability
The vendor has issued a severity score of 9.8.The spectre of Stuxnet: CISA issues alert on Rockwell Automation ICS vulnerabilities
The flaws can be exploited to execute code on vulnerable controllers and workstations.Cybersecurity survival tips for small businesses: 2022 edition
How can businesses that lack the resources and technological expertise of large organizations hold the line against cybercriminals?
The post Cybersecurity survival tips for small businesses: 2022 edition appeared first on WeLiveSecurity
Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill
On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate's most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.Belarusian ‘Ghostwriter’ Actor Picks Up BitB for Ukraine-Related Attacks
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.
Meet BlackGuard: a new infostealer peddled on Russian hacker forums
Sophisticated, but potentially cheap.Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges.
PCI DSS v4.0 Resource Hub
PCI Data Security Standard (PCI DSS) is a global standard that provides a baseline of technical and operational requirements designed to protect account data. The next evolution of the standard- PCI DSS v4.0- is now available.
This PCI DSS Resource Hub provides links to both standard documents and educational resources to help organizations become familiar with PCI DSS v4.0. Make sure to subscribe to the PCI Perspectives Blog to stay up to date on all news from PCI SSC.
PCI DSS v4.0: A Conversation with the Council
The PCI Security Standards Council has published the PCI Data Security Standard v4.0. The standard was developed with feedback from the global payments industry and provides a baseline of technical and operational requirements designed to protect account data. The standard was developed with the following priorities in mind:
QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.
A Blockchain Primer and a Bored Ape Headscratcher – Podcast
Mystified? Now’s the time to learn about cryptocurrency-associated risks: Listen to KnowBe4’s Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.
Cybersecurity managers with a direct line to executive boards set the tone for investment: study
Moody's examines how incident response and defense have implications for the market.Globant admits to data breach after Lapsus$ releases source code
The hacking group criticized Globant's "poor security practices."Critical RCE Bug in Spring Could Be the Next Log4Shell, Researchers Warn
The so-called 'Spring4Shell' bug has cropped up, so to speak, and could be lurking in literally millions of Java applications.
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.
Lapsus$ ‘Back from Vacation’
Lapsus$ added IT giant Globant plus 70GB of leaked data – including admin credentials for scads of customers' DevOps platforms – to its hit list.
Google Chrome Bug Actively Exploited as Zero-Day
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
MSHTML Flaw Exploited to Attack Russian Dissidents
A Ukrainian-based threat actor is spearphishing Russians who are using services that have been banned by the Kremlin.