Cybersecurity News
The dirty dozen of Latin America: From Amavaldo to Zumanek
The grand finale of our series dedicated to demystifying Latin American banking trojans
The post The dirty dozen of Latin America: From Amavaldo to Zumanek appeared first on WeLiveSecurity
In 2022, Expect More Supply Chain Pain and Changing Security Roles
If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was felt in two significant ways: through the supply chain disruptions caused by COVID-19, and through the many security breaches that we saw in our key […]
Apple iOS Update Fixes Cringey iPhone 13 Jailbreak Exploit
It took just 15 seconds to hack the latest, greatest, shiniest iPhone 13 Pro on stage at the Tianfu Cup in October, using a now-fixed iOS kernel bug.
Microsoft Patch Tuesday, December 2021 Edition
Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month's Patch Tuesday is being overshadowed by the "Log4Shell" 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw.Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
December's Patch Tuesday updates address six publicly known bugs and seven critical security vulnerabilities.
400 Banks’ Customers Targeted with Anubis Trojan
The new campaign masqueraded as an Orange Telecom account management app to deliver the latest iteration of Anubis banking malware.
Paving the way: Inspiring Women in Payments - featuring Amanda Andrews
As a young attorney just starting out, Amanda Andrews’ career path would lead her in a direction she never imagined. In this month’s blog series, Andrews’ describes how her experience with Visa Inc. led her into a cybersecurity career with The Walt Disney Company and why you should never take “no” for an answer.
What the Log4Shell Bug Means for SMBs: Experts Weigh In
An exclusive roundtable of security researchers discuss the specific implications of CVE-2021-44228 for smaller businesses, including what's vulnerable, what an attack looks like and to how to remediate.
How to Buy Precious Patching Time as Log4j Exploits Fly
Podcast: Cybereason shares details about its vaccine: a fast shot in the arm released within hours of the Apache Log4j zero-day horror show being disclosed.
‘Seedworm’ Attackers Target Telcos in Asia, Middle East
The focused attacks aimed at cyberespionage and lateral movement appear to hint at further ambitions by the group, including supply-chain threats.
5 warning signs your identity has been stolen
By spotting these early warning signs of identity theft, you can minimize the impact on you and your family
The post 5 warning signs your identity has been stolen appeared first on WeLiveSecurity
Inside Ireland’s Public Healthcare Ransomware Scare
The accounting firm PricewatersCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland's public health system. The unusually candid post-mortem found that nearly two months elapsed between the initial intrusion and the launching of the ransomware. It also found affected hospitals had tens of thousand of outdated Windows 7 systems, and that the health system's IT administrators failed to respond to multiple warning signs that a massive attack was imminent.Kronos Ransomware Outage Drives Widespread Payroll Chaos
Kronos, the workforce-management provider, said a weeks-long outage of its cloud services is in the offing, just in time to hamstring end-of-year HR activities like bonuses ands vacation tracking.
Log4Shell vulnerability: What we know so far
The critical flaw in the ubiquitous Log4j utility has sent shockwaves far beyond the security industry – here’s what we know so far
The post Log4Shell vulnerability: What we know so far appeared first on WeLiveSecurity
Q&A with Ralph Spencer Poore
After more than 10 years working at PCI Security Standards Council (PCI SSC), Ralph Poore, Director, Emerging Standards, retires at the end of the year. In this blog, we interview Ralph about his career in cryptography, security and the payments industry, the most rewarding aspects of his career, and how he plans to stay involved with the PCI SSC as well as his retirement plans.
Where the Latest Log4Shell Attacks Are Coming From
Analysts find at least 10 Linux botnets actively exploiting Log4Shell flaw.
Malicious PyPI Code Packages Rack Up Thousands of Downloads
The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.
Log4Shell Is Spawning Even Nastier Mutations
The cybersecurity Hiroshima of the year – the Apache Log4j logging library exploit – has spun off 60 bigger mutations in less than a day, researchers said.
The new PPI? Claims firms turn their fire on data breaches
People are being told they are entitled to compensation as more companies move into the industry
Claims companies and law firms looking for the next bonanza in payouts are targeting people who have been the victim of a data breach, with some telling those affected they could be entitled to thousands of pounds in compensation.
A Google search for the term “data breach claim” results in a long list of firms – the vast majority of them no-win, no-fee solicitors – and there are more moving into this space all the time. Meanwhile, adverts for firms are increasingly appearing in Instagram feeds.
Continue reading...Next-Gen Maldocs & How to Solve the Human Vulnerability
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back.