Cybersecurity News


New Ransom Payment Schemes Target Executives, Telemedicine

Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the "patient." The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.
08 December 2022

Apple announces new security and privacy measures amid spike in cyber attacks

Apple announces new security and privacy measures amid spike in cyber attacks

Encryption of iCloud storage means the information will be safeguarded from hackers as well as government agencies

Apple announced a suite of security and privacy improvements on Wednesday that the company is pitching as a way to help people protect their data from hackers, including one that civil liberty and privacy advocates have long pushed for.

The tech giant will soon allow users to choose to secure more of the data backed up to their iCloud using end-to-end encryption, which means no one but the user will be able to access that information.

Continue reading...
07 December 2022

New Web Software Module Introduced in PCI Secure Software Standard Version 1.2

 

Today, the PCI Security Standards Council (PCI SSC) published version 1.2 of the PCI Secure Software Standard and its supporting program documentation. The PCI Secure Software Standard is one of two standards that are part of the PCI Software Security Framework (SSF). The PCI Secure Software Standard and its security requirements help provide assurance that payment software is designed, developed, and maintained in a manner that protects payment transactions and data, minimizes vulnerabilities, and defends against attacks. 

07 December 2022

Fantasy – a new Agrius wiper deployed through a supply‑chain attack

ESET researchers analyzed a supply-chain attack abusing an Israeli software developer to deploy Fantasy, Agrius’s new wiper, with victims including the diamond industry

The post Fantasy – a new Agrius wiper deployed through a supply‑chain attack appeared first on WeLiveSecurity

07 December 2022

Changes to PCI DSS v4.0 Reporting: In Place with Remediation

 

When PCI DSS v4.0 was released in March 2022, a new reporting option was included to document requirements that were “In Place with Remediation.” The goal of this option was to promote security as a continuous process, by providing a means for organizations to identify areas needing improvement year over year. While stakeholders agreed that this was a valuable tool for improving security, recent feedback indicates that there may be a better way to achieve this goal.

05 December 2022

Judge Orders U.S. Lawyer in Russian Botnet Case to Pay Google

In December 2021, Google filed a civil lawsuit against two Russian men thought to be responsible for operating Glupteba, one of the Internet's largest and oldest botnets. The defendants, who initially pursued a strategy of counter suing Google for tortious interference in their sprawling cybercrime business, later brazenly offered to dismantle the botnet in exchange for payment from Google. The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S. attorney to pay Google's legal fees.
05 December 2022

Tractors vs. threat actors: How to hack a farm

Forget pests for a minute. Modern farms also face another – and more insidious – breed of threat.

The post Tractors vs. threat actors: How to hack a farm appeared first on WeLiveSecurity

05 December 2022

Could we have one app for everything? We ask an expert

Could we have one app for everything? We ask an expert

Super apps can revolutionise your life – but do you want to pay the price, wonders AI and innovation professor David Shrier

Across Asia, the trend for a single app that does everything – from deliveries to bookings to chatting – is spreading. Known as super apps, they are rumoured to be the inspiration for Elon Musk’s plan for Twitter. Could they take off here – and should they? I asked David Shrier, professor of practice, AI and innovation at Imperial College Business School in London.

Have you tried a super app?
Well, what do you mean by “super app”? I’d say Facebook is a super app – it certainly has super app-like functionalities.

Continue reading...
02 December 2022

ScarCruft updates its toolset – Week in security with Tony Anscombe

Deployed against carefully selected targets, the new backdoor combs through the drives of compromised systems for files of interest before exfiltrating them to Google Drive

The post ScarCruft updates its toolset – Week in security with Tony Anscombe appeared first on WeLiveSecurity

02 December 2022

I am a Medibank customer. Am I affected by the cyberattack? What can I do to protect myself?

I am a Medibank customer. Am I affected by the cyberattack? What can I do to protect myself?

Experts suggest using multifactor authentication and telling your bank to put extra security checks in place

Millions of Medibank’s current and former customers have had their personal information, including health claims, exposed in a hack of the company’s customer database.

Here’s what we know so far and what you can do.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

name

address

date of birth

gender

email

Medicare card number (in some cases)

health claims made with Medibank (in some cases)

Continue reading...
01 December 2022

ConnectWise Quietly Patches Flaw That Helps Phishers

ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just days after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.
01 December 2022

Top tips to save energy used by your electronic devices

With the rapidly rising energy prices putting a strain on many households, what are some quick wins to help reduce the power consumption of your gadgets?

The post Top tips to save energy used by your electronic devices appeared first on WeLiveSecurity

01 December 2022

Password app LastPass hit by cybersecurity breach but says data remains safe

Password app LastPass hit by cybersecurity breach but says data remains safe

Company says its security system prevented the hacker accessing customer data or encrypted passwords

Password manager LastPass has told customers that some of their information has been accessed in a cybersecurity breach, but says passwords remain safe.

LastPass is one of several password managers in the market that aims to reduce the reuse of passwords online, by storing themin a single app. It also makes it easier for users to generate strong passwords as required.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...
01 December 2022

Medibank hackers announce ‘case closed’ and dump huge data file on dark web

Medibank hackers announce ‘case closed’ and dump huge data file on dark web

The size of the data file suggests it may be the full trove of hundreds of thousands of customers’ private records that were stolen from the health insurer

The cybercriminals behind the Medibank cyber-attack have posted on the dark web what appears to be the remainder of what customer data they took from the health insurer, stating it is “case closed” for the hack.

On Thursday morning, the blog – which returned online after several days of being offline last week – posted “Happy Cyber Security Day!!! Added folder full. Case closed.” and included a file that has several compressed files amounting to over 5GB.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...
30 November 2022

Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin

ESET researchers uncover Dolphin, a sophisticated backdoor extending the arsenal of the ScarCruft APT group

The post Who’s swimming in South Korean waters? Meet ScarCruft’s Dolphin appeared first on WeLiveSecurity

30 November 2022

Is it worth taking out personal cyber insurance in case you are caught up in a data hack?

Is it worth taking out personal cyber insurance in case you are caught up in a data hack?

Experts say investing in identity theft protection may provide peace of mind, but won’t help recover lost information

The recent Optus and Medibank data breaches in which thousands of Australians had their personal information stolen have heightened public consciousness of the threat of identity fraud.

Information including names, dates of birth, addresses, phone numbers, passport and Medicare numbers, and even healthcare claims have been posted online in the past few months as a result of the high profile breaches.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...
28 November 2022

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh, which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan, malware designed to surreptitiously intercept and forward text messages from Android mobile devices.
28 November 2022

RansomBoggs: New ransomware targeting Ukraine

ESET researchers spot a new ransomware campaign that goes after Ukrainian organizations and has Sandworm's fingerprints all over it

The post RansomBoggs: New ransomware targeting Ukraine appeared first on WeLiveSecurity

28 November 2022

MEPs’ spyware inquiry targeted by disinformation campaign, say experts

MEPs’ spyware inquiry targeted by disinformation campaign, say experts

European parliament is investigating Pegasus, a powerful surveillance tool used by governments around the world

Victims of spyware and a group of security experts have privately warned that a European parliament investigatory committee risks being thrown off course by an alleged “disinformation campaign”.

The warning, contained in a letter to MEPs signed by the victims, academics and some of the world’s most renowned surveillance experts, followed news last week that two individuals accused of trying to discredit widely accepted evidence in spyware cases in Spain had been invited to appear before the committee investigating abuse of hacking software.

Continue reading...
28 November 2022

Spyware posing as VPN apps – Week in security with Tony Anscombe

The Bahamut APT group distributes at least eight malicious apps that pilfer victims' data and monitor their messages and conversations

The post Spyware posing as VPN apps – Week in security with Tony Anscombe appeared first on WeLiveSecurity

25 November 2022