Cybersecurity News
Feds Told to Better Manage Facial Recognition, Amid Privacy Concerns
A GAO report finds government agencies are using the technology regularly in criminal investigations and to identify travelers, but need stricter management to protect people’s privacy and avoid inaccurate identification
Common Facebook scams and how to avoid them
Are you on Facebook? So are scammers. Here are some of the most common con jobs on Facebook you should watch out for and how you can tell if you’re being scammed.
The post Common Facebook scams and how to avoid them appeared first on WeLiveSecurity
Google Updates Vulnerability Data Format to Support Automation
The Open Source Vulnerability schema supports automated vulnerability handling in Go, Rust, Python, and Distributed Weakness Filing system, and it could be the favored format for future exporting of data.Ransomware Losses Drive Up Cyber-Insurance Costs
Premiums have gone up by 7% on average for small firms and between 10% and 40% for medium and large businesses.Users Clueless About Cybersecurity Risks: Study
The return to offices, coupled with uninformed users (including IT pros) has teed up an unprecedented risk of enterprise attack.
CISA Publishes Catalog of Poor Security Practices
Organizations often focus on promoting best practices, CISA says, but stopping poor security practices is equally important.Survey Data Reveals Gap in Americans' Security Awareness
Survey data reveals many people have never heard of major cyberattacks, including the attack targeting Colonial Pipeline.Technology's Complexity and Opacity Threaten Critical Infrastructure Security
Addressing the complexity of modern distributed software development is one of the most important things we can do to decrease supply chain risk.Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks
The bug in Edge's auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.
Data for 700 million LinkedIn users up for grabs on hacker forum
Information scraped from LinkedIn user profiles includes full names, gender, email addresses and phone numbers
The post Data for 700 million LinkedIn users up for grabs on hacker forum appeared first on WeLiveSecurity
For UK foreign secretary, simply having a mobile represents a security risk – analysis
Analysis: UK prides itself on GCHQ’s cyber capability – so availability of Raab’s number will have been embarrassing for him
Finding Dominic Raab’s mobile phone online is more than just embarrassing for the foreign secretary: it also represents a security risk, just as when it emerged Boris Johnson’s number could be easily found online in April.
Sophisticated spyware technology – of the type available to a rapidly growing number of governments outside the west – can, in some circumstances, be secretly inserted into a person’s phone without any interaction from the target.
Related: Dominic Raab’s mobile number freely available online for last decade
Related: Dominic Raab bodyguard suspended after gun reportedly left on plane
Continue reading...Dominic Raab’s mobile number freely available online for last decade
Exclusive: Finding raises questions for security services weeks after similar revelations about PM’s number
The private mobile number of Dominic Raab, the UK foreign secretary, has been online for at least 11 years, raising questions for the security services weeks after the prime minister’s number was also revealed to be accessible to anyone.
Raab’s number was discovered by a Guardian reader using a Google search. It appears to have been online since before he became an MP in 2010, and remained after he became foreign secretary and first secretary of state – de facto deputy prime minister – in 2019.
Related: For UK foreign secretary, simply having a mobile represents a security risk
Continue reading...3 Ways Cybercriminals Are Undermining MFA
Using multifactor authentication is an excellent security step, but like everything else, it is not foolproof and will never be 100% effective.IBM Kestrel threat hunting language granted to Open Cybersecurity Alliance
The contribution is aimed at giving cybersecurity experts more time to conduct forensic activities.Details of RCE Bug in Adobe Experience Manager Revealed
Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayStation – were released.
New ransomware highlights widespread adoption of Golang language by cyberattackers
The latest version of Go is being used to prevent reverse-engineering attempts.Cobalt Strike Usage Explodes Among Cybercrooks
The legit security tool has shown up 161 percent more, year-over-year, in cyberattacks, having “gone fully mainstream in the crimeware world.”
Data for 700M LinkedIn Users Posted for Sale in Cyber-Underground
After 500 million LinkedIn enthusiasts were affected in a data-scraping incident in April, it's happened again - with big security ramifications.
Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit
Rogue driver was distributed within gaming community in China, company says.5G Security Vulnerabilities Fluster Mobile Operators
A survey from GSMA and Trend Micro shows a concerning lack of security capabilities for private 5G networks (think factories, smart cities, industrial IoT, utilities and more).