Cybersecurity News
Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims
The infamous ransomware group hit two big-name companies within hours of each other.
Tulsa Officials Warn Ransomware Attackers Leaked City Files
The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.Preinstalled Firmware Updater Puts 128 Dell Models at Risk
A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.Request for Comments: PTS HSM Modular Security Requirements
From 24 June to 26 July 2021, PCI SSC stakeholders are invited to review and provide feedback on the draft PCI PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Security Requirements during a 30 day request for comments (RFC) period.
The RFC will be available to primary contacts through the PCI SSC portal, including instructions on how to access the document and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.
Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.
Boardroom Perspectives on Cybersecurity: What It Means for You
Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.Gaming industry under siege from cyberattacks during pandemic
Cyberattacks targeting the gaming industry skyrocket, with web attacks more than tripling year-on-year in 2020
The post Gaming industry under siege from cyberattacks during pandemic appeared first on WeLiveSecurity
Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising
Beware: The swindle uses legitimately purchased YouTube ads, real liquidity, legitimate DEX Uniswap, and the real wallet extension MetaMask to create an entirely convincing fake coin gambit.
Critical VMware Carbon Black Bug Allows Authentication Bypass
The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.
Storms & Silver Linings: Avoiding the Dangers of Cloud Migration
We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?John McAfee, Creator of McAfee Antivirus Software, Dead at 75
McAfee, who was being held in a Spanish jail on US tax-evasion charges, had learned on Monday he would be extradited to the US.Tulsa’s Police-Citation Data Leaked by Conti Gang
A May 6 ransomware attack caused disruption across several of the municipality’s online services and websites.
rMTD: A Deception Method That Throws Attackers Off Their Game
Through a variety of techniques, rotational Moving Target Defense makes existing OS and app vulnerabilities difficult to exploit. Here's how.
Cybersecurity firms battle DMCA rules over good-faith research
The argument is that current rules are hampering ethical and effective vulnerability reporting.BIOSConnect code execution bugs impact millions of Dell devices
A critical bug chain allows attackers to impersonate the vendor and impact code at the root level.Atlassian Bugs Could Have Led to 1-Click Takeover
A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.
30M Dell Devices at Risk for Remote BIOS Attacks, RCE
Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.