Cybersecurity News


Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims

Oh FCUK! Fashion Label, Medical Diagnostics Firm Latest REvil Victims The infamous ransomware group hit two big-name companies within hours of each other.  
24 June 2021

Tulsa Officials Warn Ransomware Attackers Leaked City Files

The group behind the May 2021 attack has shared more than 18,000 files via the Dark Web, mostly internal department files and police citations.
24 June 2021

Preinstalled Firmware Updater Puts 128 Dell Models at Risk

A feature of the computer maker's update utility does not correctly handle certificates, leaving systems open to firmware-level compromises.
24 June 2021

Request for Comments: PTS HSM Modular Security Requirements

 

From 24 June to 26 July 2021, PCI SSC stakeholders are invited to review and provide feedback on the draft PCI PIN Transaction Security (PTS) Hardware Security Module (HSM) Modular Security Requirements during a 30 day request for comments (RFC) period.

The RFC will be available to primary contacts through the PCI SSC portal, including instructions on how to access the document and submit feedback. Eligible stakeholders will also receive instructions via email. As a reminder, participants are required to accept a Non-Disclosure Agreement (NDA) to download the document. Please review the RFC Process Guide for more information.

Please note that PCI SSC can only accept comments that are submitted via the PCI SSC portal and received within the defined RFC period.

24 June 2021

Boardroom Perspectives on Cybersecurity: What It Means for You

Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data.
24 June 2021

Gaming industry under siege from cyberattacks during pandemic

Cyberattacks targeting the gaming industry skyrocket, with web attacks more than tripling year-on-year in 2020

The post Gaming industry under siege from cyberattacks during pandemic appeared first on WeLiveSecurity

24 June 2021

Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising

Musk-Themed ‘$SpaceX’ Cryptoscam Invades YouTube Advertising Beware: The swindle uses legitimately purchased YouTube ads, real liquidity, legitimate DEX Uniswap, and the real wallet extension MetaMask to create an entirely convincing fake coin gambit.
24 June 2021

Critical VMware Carbon Black Bug Allows Authentication Bypass

Critical VMware Carbon Black Bug Allows Authentication Bypass The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.
24 June 2021

Storms & Silver Linings: Avoiding the Dangers of Cloud Migration

We hear a lot about the sunlit uplands of cloud-powered business, but what about the risks of making information available across the organization?
24 June 2021

John McAfee, Creator of McAfee Antivirus Software, Dead at 75

McAfee, who was being held in a Spanish jail on US tax-evasion charges, had learned on Monday he would be extradited to the US.
24 June 2021

Tulsa’s Police-Citation Data Leaked by Conti Gang

Tulsa’s Police-Citation Data Leaked by Conti Gang A May 6 ransomware attack caused disruption across several of the municipality’s online services and websites.
24 June 2021

rMTD: A Deception Method That Throws Attackers Off Their Game

rMTD: A Deception Method That Throws Attackers Off Their Game Through a variety of techniques, rotational Moving Target Defense makes existing OS and app vulnerabilities difficult to exploit. Here's how.
24 June 2021

Cybersecurity firms battle DMCA rules over good-faith research

The argument is that current rules are hampering ethical and effective vulnerability reporting.
24 June 2021

BIOSConnect code execution bugs impact millions of Dell devices

A critical bug chain allows attackers to impersonate the vendor and impact code at the root level.
24 June 2021

Atlassian Bugs Could Have Led to 1-Click Takeover

Atlassian Bugs Could Have Led to 1-Click Takeover A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.
24 June 2021

30M Dell Devices at Risk for Remote BIOS Attacks, RCE

30M Dell Devices at Risk for Remote BIOS Attacks, RCE Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.
24 June 2021

One-click account takeover vulnerabilities in Atlassian domains patched

Research was conducted in light of the increasing threat of supply-chain attacks.
24 June 2021

79% of Third-Party Libraries in Apps Are Never Updated

A lack of contextual information and concerns over application disruption among contributing factors.
23 June 2021

VMs Help Ransomware Attackers Evade Detection, But It's Uncommon

Some ransomware attackers use virtual machines to bypass security detection, but adoption is slow for the complicated technique.
23 June 2021

Microsoft Tracks New BazaCall Malware Campaign

Attackers use emails to prompt victims to call a fraudulent call center, where attackers instruct them to download a malicious file.
23 June 2021